Frame Tagging

[Simon Hobson]

"George Sexton" wrote:
>I've done networking for a long time, and never tried to use VLANs before. I
>bought some wireless access points that had it, along with the ability to do
>multiple SSIDs and I thought it would be a neat way to segment my wifi
>network.
>
>It would be really nice if dhcpd were doing the right thing here...

I think the problem is the way dhcpd directely accesses the raw packets rather than using the OS IP stack. It does this due to the need to handle packets without an IP address to talk to clients that haven't yet configured their stack.

So, DHCP sees the raw packets on the interface, and without thinking too much about the detail, I'd guess that it's at a level where they have been de-tagged but not yet marshalled into the correct stream. I've seen the same thing just this week while debugging a routing issue (silly brain fade mistake on my part) on a link involving tagged and untagged packets - wireshark was seeing packets for both the tagged and untagged interfaces when sniffing the raw device.

I can't think of any answer other than what's already been suggested. I suspect arranging your network to not use DHCP on the untagged interface and tell dhcpd to only listen on the tagged interfaces might work. I know I've (some time ago) done DHCP (with the ISC server) on a box with multiple VLANs, but as the untagged VLAN1 was only used for management, I wouldn't have had DHCP running on it.

As to switches, even fairly low level switches can handle VLANs these days - the keyword to look for is 802.11q in the specs. Often the budget end are "lightly managed" (ie they have some managed features, but nothing like what you get on high end stuff) and often come with names like "Smart" or "Intelligent" to differentiate them from the really based unmanaged switches.