Accessing the web interface of a Dumb AP

tectonic · September 3, 2022, 8:54pm

Hello,

I have an APU4 board running OpenWRT 21.02.3. I have two VLANs (3 and 99), and a trunk port out to a Wireless AP which broadcasts two SSIDs; one VLAN assigned to each SSID.

I have internet access through both of these. However, I can no longer access the web interface of the Dumb AP (a TP-Link WA1201 running TP-Link's stock firmware) when connected via WiFi.

How might I diagnose, and subsequently resolve, the problem so that I can configure the AP, updated firmware etc?

Here's the config for the router:

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd0b:f043:06d3::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'
	option bridge_empty '1'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option device 'br-lan.99'
	option ipaddr '10.0.99.1'
	option ip6assign '64'
	option ip6hint 'AA'
	list ip6class 'local'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth0'
	option peerdns '0'
	option dns '76.76.2.2'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	option dns '2606:1a40::2'

config bridge-vlan
	option device 'br-lan'
	option vlan '99'
	list ports 'eth1:t'
	list ports 'eth2:u*'
	list ports 'eth3:u*'

config bridge-vlan
	option device 'br-lan'
	list ports 'eth1:t'
	option vlan '3'

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '64'
	option ip6hint 'BB'
	option device 'br-lan.3'
	option ipaddr '10.0.3.1'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '0'
	option dnsseccheckunsigned '0'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	list server '/use-application-dns.net/'
	list server '127.0.0.1#5054'
	option noresolv '1'
	option doh_backup_noresolv '-1'
	list doh_backup_server '/use-application-dns.net/'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option leasetime '168h'
	option ra_management '1'
	option force '1'
	option ra_default '1'
	list ip6class 'local'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '24h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option force '1'
	list ra_flags 'none'

Many thanks.

psherman · September 3, 2022, 9:05pm

Is the AP running OpenWrt, too?

Did you provide the configuration for the APU4 board or the AP?

tectonic · September 3, 2022, 9:07pm

Ah, sorry - should have specified that:

The AP is running TP-Link's stock firmware.
The config I provided is for the APU4 board.

Thanks.

psherman · September 3, 2022, 9:09pm

So I don't know the specifics of the TP-Link firmware, but in theory it should be configured to have an address on your trusted/management network, and usually no address (just simply bridged) for the other network.

Can you reach the AP when you are connected to the wired network?

tectonic · September 3, 2022, 9:24pm

No, I can't reach the AP when connected to the wired network.

But (when I had access to the AP), there was an option to set a static address. So maybe I try:

IP: 10.0.99.254 (i.e. outside DHCP range)
router: 10.0.99.1
subnet mask: 255.255.255.0

psherman · September 3, 2022, 9:25pm

Do both SSIDs work as expected (i.e. network connectivity)? Or is one working but the other one not?

tectonic · September 3, 2022, 9:28pm

10.0.99.1/24 (VLAN 99) works wired and wireless
10.0.3.1/24 (VLAN 3; the guest network) works wired but not wireless.

psherman · September 3, 2022, 9:31pm

When did you last have access? What did you change that stopped access?

Did you set this address on the AP? What was the actual address you used previously to access the AP?

My guess is that you did not tell the AP that the management network should be tagged... so it's probably looking for an untagged network. This would potentially explain why the guest network isn't working, too... it may be expecting an untagged network there.

tectonic · September 3, 2022, 9:48pm

I had access right up until the point that I set the VLAN IDs on the AP. I created one SSID and set VLAN ID 99; and another SSID with VLAN ID 3. At that point, I had wireless internet access from 10.0.99.1/24 but NOT the guest network

Yes, I set that as (failed) experiment. Originally, the AP was available at 192.168.0.254

This is as sophisticated as the VLAN setup gets on the AP:

psherman · September 3, 2022, 9:57pm

There are usually 2 places where VLANs are set:

Per SSID, there is typically a VLAN setting
For the management network interface, there is another option to use a VLAN ID (or not).

My guess is that you did not correctly set the guest SSID VLAN ID (which would explain why the guest VLAN isn't working), but that you also didn't set the management interface's VLAN... or if you did, you didn't simultaneously change the IP address to either DHCP or one in your .99 network.

The last time you accessed the AP, was it set to a static IP of 192.168.0.254, or was it set to another static IP or DHCP? And did you set the VLAN ID for the management network?

tectonic · September 3, 2022, 10:04pm

I've gone back a couple of steps. The AP has been factory reset and is accessible from 192.168.0.254.

I have wired and wireless access from the guest VLAN (VLAN ID 3).

I have wired access from the management VLAN (VLAN ID 99).

As soon as I set the VLAN ID in the screenshot below, I'll have wired and wireless access from the management VLAN, but only wired access from the guest VLAN.

If I've understood you correctly, you're suggesting I try:

Setting a static IP on the AP to one in my .99 network
Setting the management interface's VLAN ID to 99.

tectonic · September 3, 2022, 10:14pm

I'm increasingly of the opinion that TP Link's implementation is broken and I should send it back...

... and then possibly pick up a BT Homehub, flash OpenWRT and configure that as a Dumb AP.

psherman · September 3, 2022, 10:33pm

I highly doubt that it is broken... I think that you're just having some trouble finding the correct settings.

The screengrab you have there is from the wifi settings. You should start by finding the network configuration page. Please get a screenshot of that.

tectonic · September 4, 2022, 6:07am

You're right - definitely some frustration on my part. Thanks for your help.

Here is the default network configuration on the AP. My inclination is to change this to set the IP address to 10.0.99.2 and the gateway to 10.0.99.1, and disabling the DHCP server; then trying to access the AP at 10.0.99.2 from a wired connection...

psherman · September 4, 2022, 6:17am

Yes, your inclination is correct. Go ahead and do that.

Ok. Good so far.
Now, is there a place to specify the management vlan?

tectonic · September 4, 2022, 6:37am

There was nowhere to specify the management VLAN on the AP, so I set the Primary VLAN ID on the trunk port from OpenWRT instead:

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd0b:f043:06d3::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'
	option bridge_empty '1'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option device 'br-lan.99'
	option ipaddr '10.0.99.1'
	option ip6assign '64'
	option ip6hint 'AA'
	list ip6class 'local'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth0'
	option peerdns '0'
	option dns '76.76.2.2'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	option dns '2606:1a40::2'

config bridge-vlan
	option device 'br-lan'
	option vlan '99'
	list ports 'eth1:t*'
	list ports 'eth2:u*'
	list ports 'eth3:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'eth1:t'

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '64'
	option ip6hint 'BB'
	option device 'br-lan.3'
	option ipaddr '10.0.3.1'

Then I set the VLAN IDs on the Wireless Settings on the AP...

...and all working!

I now have:

Internet access from both the management and guest wireless connections
Access to the AP at 10.0.9.2 from both wired and wireless connections

Thanks so much for your patience and help: I was at the point of giving up.

psherman · September 4, 2022, 6:39am

Glad it is now working!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

system · September 14, 2022, 6:39am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.