Versions Compared

Old Version 2

changes.mady.by.user Unknown User (sigfried)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (sigfried)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before starting out on the ISW's network it might be a good idea to check how to actually set up a small 1x WAN, 1x LAN network. This guide will assume that you have basic knowledge of internet routing and switching (netmask, IP addresses, ...).

For the configuration and interfaces I will use the following:

  • WAN with IP 10.0.0.240/24 on interface eth0
  • LAN with IP 172.16.10.1/24 on interface eth1


Table of Contents

Configuring the WAN side

First of all start by logging in to your machine and entering privileged mode.

Our first step is to identify which interface will be used for the WAN side. You can view all interfaces by typing "ip link show". In my case it is "eth0".
Next up you will need to set the WAN IP address, you can do this via DHCP or statically.

Note that you will need to provide the CIDR mask  (/24, /16, /XX) too!

Code Block
set interfaces ethernet eth0 address '10.0.0.240/24'
set interfaces ethernet eth0 description 'WAN'
# Or via DHCP
set interfaces ethernet eth0 address dhcp

What we have done here is very simple. We have set the Ethernet Interface "eth0" to have an address of "10.0.0.240/24" and has a description of "WAN". An important note is that your interface can have multiple address so if you have a typo of which the syntax is correct and afterwards change it, you will still have both of them installed. See the foot notes below.

For people who did not use DHCP, you will also need to set a default route.

Code Block
set protocols static route 0.0.0.0/0 next-hop 10.0.0.254

That's done! To check if everything is working you can try and ping a server like 1.1.1.1. You should get a reply back.

Configuring the LAN-side

This is almost identical to the static WAN setup. Identify your interface, and set the IP address (in my case eth1 and 172.16.10.1/24).

Code Block
set interfaces ethernet eth1 address '10.16.10.1/24'
set interfaces ethernet eth1 description 'LAN'

You can try assigning a device in the LAN network an IP address if the same subnet and try pinging it.

Configuring DHCP

Obviously for a simple LAN network it isn't very hand that you have manually set IP addresses, that's where we will use DHCP (Dynamic Host Configuration Protocol). This will automatically configure the client's configuration correctly.

The following list of commands will do:

  1. Advertise 10.16.10.1 as the router
  2. Advertise 1.1.1.1 as the DNS server
  3. Set the DHCP-lease time to 86400 seconds
  4. Set the start range to .10
  5. Set the end range to .200


Code Block
vyos@vyosa# set service dhcp-server shared-network-name LAN subnet 10.16.10.0/24 default-router 10.16.10.1
[edit]
vyos@vyosa# set service dhcp-server shared-network-name LAN subnet 10.16.10.0/24 dns-server 1.1.1.1
[edit]
vyos@vyosa# set service dhcp-server shared-network-name LAN subnet 10.16.10.0/24 lease 86400
[edit]
vyos@vyosa# set service dhcp-server shared-network-name LAN subnet 10.16.10.0/24 range 0 start 10.16.10.10
[edit]
vyos@vyosa# set service dhcp-server shared-network-name LAN subnet 10.16.10.0/24 range 0 stop 10.16.10.200

Typing "show service dhcp-server" should show something like this:

Code Block
vyos@vyosa# show service dhcp-server 
+shared-network-name LAN {
+    subnet 10.16.10.0/24 {
+        default-router 10.16.10.1
+        dns-server 1.1.1.1
+        lease 86400
+        range 0 {
+            start 10.16.10.10
+            stop 10.16.10.200
+        }
+    }
+}
[edit]
vyos@vyosa#

Getting internet access

At this point we have configured the WAN & LAN side. However you might note that even though you get an IP address, you cannot access the internet. This is because NAT is not enabled.
To enable it simply enter the following

Code Block
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '10.16.10.0/24'
set nat source rule 10 translation address masquerade

Commit the changes and try it out!

Footnotes

Typo's

It can happen that sometimes you add something but it was wrong. For example with an IP address on an interface. Let's look at an example.
You can see I wrote "10.16.10.2/24" instead of "10.16.10.1/24". However I have corrected this issue, I've overwritten .2 with .1, right? Wrong, you have now added both IP addresses to the interface.

Code Block
vyos@vyos# set interfaces ethernet eth1 address '10.16.10.2/24'
[edit]
vyos@vyos# set interfaces ethernet eth1 address '10.16.10.1/24'
[edit]
vyos@vyos#

You can see this by typing "show interfaces ethernet". This will show you all the interfaces and the added changes. You see it has added both IP addressed.

Code Block
vyos@vyos# show interfaces ether
 ethernet eth1 {
+    address 10.16.10.2/24
+    address 10.16.10.1/24
     description LAN
 }
[edit]
vyos@vyos#

To fix this simply edit the wrong command by replace "set" with "delete".

Code Block
vyos@vyos# delete interfaces ethernet eth1 address '10.16.10.2/24'
[edit]
vyos@vyos# show interfaces ether
 ethernet eth1 {
+    address 10.16.10.1/24
     description LAN
 }
[edit]
vyos@vyos#

Your problem is now solved!