Add wifi to existing VLAN - no dhcp

Hi,
i hope you can help.
I have an existing VLAN (id 99) with only wired connections. which is working as expected.
Now i want to extend this VLAN via wifi, i created a new ssid and assigned to the VLAN.99 - but when i connect to the wifi there is no ip address assigned while the wired connections still working.
Any ideas what is wrong?
i searched solutions but i can't find one.

when i connect to the wifi i found the following message in syslog:

daemon.warn dnsmasq-dhcp[1]: DHCP packet received on phy0-ap0 which has no address

thanks in advance

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdca:edd8:8214:abcd::/64'

config device
	option name 'br-lan'
	option type 'bridge'
	option igmp_snooping '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.74.33'
	option ip6assign '62'

config device
	option name 'wan'
	option macaddr '************'

config interface 'wan'
	option device 'wan'
	option proto 'static'
	option ipaddr '192.168.111.223'
	option netmask '255.255.255.0'
	option gateway '192.168.111.222'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option ip6assign '64'
	option reqprefix '60'

config interface 'homeoffice'
	option proto 'static'
	option netmask '255.255.255.0'
	list dns '8.8.8.8'
	list dns '1.1.1.1'
	option device 'br-lan.5'
	option ipaddr '192.168.5.1'
	option delegate '0'

config interface 'vpn'
	option proto 'wireguard'
	option private_key 'xxxx'
	option listen_port '51820'
	list addresses '192.168.3.1/24'
	list addresses 'fdca:edd8:4ab:3::1/64'
	option delegate '0'

config wireguard_vpn
	option description 'yyyy'
	list allowed_ips '192.168.3.6/32'
	option public_key 'xxxxx'

config wireguard_vpn
	option description 'yyyyy'
	option public_key 'xxxx'
	list allowed_ips '192.168.3.4/32'

config interface 'iot'
	option device 'lan.6'
	option proto 'static'
	option ipaddr '192.168.66.1'
	option netmask '255.255.255.0'
	option delegate '0'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '6'
	option name 'lan.6'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '5'
	option name 'br-lan.5'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '7'
	option name 'br-lan.7'

config interface 'test'
	option proto 'static'
	option netmask '255.255.255.0'
	option device 'br-lan.99'
	option ipaddr '192.168.99.1'
	option delegate '0'
	option ip6assign '62'

config interface 'win'
	option proto 'static'
	option device 'br-lan.7'
	option ipaddr '192.168.7.1'
	option netmask '255.255.255.0'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '11'
	option name 'br-lan.11'

config interface 'iso'
	option device 'br-lan.11'
	option proto 'static'
	option ipaddr '192.168.11.1'
	option netmask '255.255.255.0'
	option delegate '0'

config route
	option interface 'wan'
	option target '192.168.1.0/24'
	option gateway '192.168.111.200'
	option disabled '1'

config route
	option interface 'wan'
	option target '192.168.30.0/24'
	option gateway '192.168.111.224'
	option disabled '1'

config interface 'wartung'
	option proto 'static'
	option device 'br-lan.3'
	option netmask '255.255.255.0'
	option ipaddr '192.168.30.1'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '3'
	option name 'br-lan.3'

config device
	option type '8021q'
	option ifname 'br-lan'
	option vid '99'
	option name 'br-lan.99'


config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option country 'DE'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'wer-das-liest-ist-doof'
	option macaddr '************'
	option encryption 'psk2'
	option key '************'
	option ieee80211r '1'
	option mobility_domain '4f57'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'lan'
	option disabled '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option disabled '1'
	option country 'FR'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
	option macaddr '************'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'ausgesperrt'
	option encryption 'psk2'
	option key '************'
	option network 'test'


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '0'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option cachesize '1000'
	option port '54'
	list server '192.168.74.33'

config dhcp 'lan'
	option interface 'lan'
	option leasetime '1h'
	option dhcpv4 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option start '230'
	option limit '10'
	option ra 'hybrid'
	option dhcpv6 'hybrid'
	list dhcp_option '6,192.168.74.33'
	list dhcp_option '3,192.168.74.33'
	list dns 'fdca:edd8:8214:abcd::1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option start '210'
	option limit '20'
	option leasetime '12h'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'


config dhcp 'homeoffice'
	option interface 'homeoffice'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list dhcp_option '6,192.168.5.1'
	list dhcp_option '3,192.168.5.1'

config dhcp 'iot'
	option interface 'iot'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list dhcp_option '6,192.168.74.33'
	list dhcp_option '3,192.168.74.33'

config dhcp 'test'
	option interface 'test'
	option start '100'
	option limit '150'
	option leasetime '12h'

config dhcp 'win'
	option interface 'win'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list dhcp_option '6,192.168.7.1'
	list dhcp_option '3,192.168.7.1'

config dhcp 'iso'
	option interface 'iso'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'

config dhcp 'wartung'
	option interface 'wartung'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone 'lan'
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'vpn'

config zone 'wan'
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'syslog_n510'
	option src 'wan'
	list src_mac '************'
	option src_ip '192.168.111.20'
	option src_port '514'
	option src_dport '514'
	option dest_ip '192.168.74.75'
	option dest_port '514'
	option enabled '0'

config zone
	option name 'homeoffice'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'homeoffice'

config forwarding
	option src 'homeoffice'
	option dest 'wan'

config rule 'wg'
	option name 'Allow-WireGuard'
	option src 'wan'
	option dest_port '51820'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'iot'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'iot'

config zone
	option name 'win'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'win'

config forwarding
	option src 'iot'
	option dest 'wan'

config forwarding
	option src 'win'
	option dest 'wan'

config zone
	option name 'test'
	option input 'ACCEPT'
	option output 'ACCEPT'
	list network 'test'
	option forward 'ACCEPT'

config rule
	option name 'allow print windows'
	option src 'win'
	option dest 'lan'
	list dest_ip '192.168.74.76'
	option target 'ACCEPT'

config rule
	option name 'allow windows NAS'
	option src 'win'
	option dest 'lan'
	option target 'ACCEPT'
	list dest_ip '192.168.74.74'
	list dest_ip 'fdca:edd8:8214:10::4a'
	option dest_port '137 138 139 445 6690'

config zone
	option name 'iso'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'iso'

config forwarding
	option src 'iso'
	option dest 'wan'

config forwarding
	option dest 'test'

config forwarding
	option src 'lan'

config forwarding
	option dest 'test'

config forwarding
	option src 'lan'

config rule
	option name 'windows Minecraft'
	option src 'win'
	option dest 'lan'
	list dest_ip '192.168.74.75'
	list dest_ip 'fdca:edd8:8214:abcd::4b'
	option dest_port '25565'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name '1und1 asterisk'
	list proto 'udp'
	option src 'wan'
	option src_dport '3437'
	option dest_ip '192.168.74.83'
	option src_ip '192.168.111.222'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name '1und1 n510'
	option src 'wan'
	option src_dport '3438'
	option dest_ip '192.168.74.20'
	option dest_port '3438'
	option src_ip '192.168.111.222'

config forwarding
	option src 'test'
	option dest 'wan'

config zone
	option name 'wartung'
	option input 'ACCEPT'
	option output 'ACCEPT'
	list network 'wartung'
	option forward 'ACCEPT'

config forwarding
	option src 'wartung'
	option dest 'wan'

config forwarding
	option src 'lan'
	option dest 'wartung'

config forwarding
	option src 'wartung'
	option dest 'lan'

config rule
	option name 'allow ssh into win'
	option src 'lan'
	list src_ip '192.168.74.44'
	option dest 'win'
	option dest_port '22'
	option target 'ACCEPT'

config rule
	option name 'ping win2lan'
	list proto 'icmp'
	option src 'win'
	option dest 'lan'
	option target 'ACCEPT'



root@openwrt:~# ubus call system board
{
	"kernel": "5.15.150",
	"hostname": "openwrt",
	"system": "ARMv7 Processor rev 1 (v7l)",
	"model": "Linksys WRT1200AC",
	"board_name": "linksys,wrt1200ac",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.3",
		"revision": "r23809-234f1a2efa",
		"target": "mvebu/cortexa9",
		"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
	}
}

Use option network 'test' in the AP definition in /etc/config/wireless and it will be attached to the associated bridge-vlan. Do not refer to any wireless device names in /etc/config/network.

Would you mind posting the config text rather than the UCI listings?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

OK, changed in the post above

Could you post the complete files, please? Not just the edits.

OK, added it in the post, and a message i found in syslog

The problem in your config is that you need to use bridge VLANs to make this work. I can help you restructure your config so that this works as expected, but I need to know your desired port-vlan membership/config.

For each port, please describe what vlan(s) should be present. If you want to have any VLANs untagged on a trunk, please indicate that, too.

Hi, thanks for the right key word: bridge VLAN - with this i found a good howto for setting up a bridged VLAN.
This works fine.
My setup, what i intend : I have three Unifi AP running and want to get rid of the unifi controller. My router already runs openWrt. So i flashed the first AP with openwrt and tried to setup my wifi: one private and one for homeoffice. The homeoffice is on VLAN.5, also the wired one. So the homeoffice wifi should connect to the existing homeoffice interface. But it did't - so posted the question in a common manner.
So here is my config from the unifi ap, the client-interface get their IP from the router, both private wifi and homeoffice.

{
	"kernel": "5.15.134",
	"hostname": "unifi-ap-three",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "Ubiquiti UniFi AC Lite",
	"board_name": "ubnt,unifiac-lite",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "ath79/generic",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd19:3fa4:9ad6::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'dhcp'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth0:u*'

config interface 'officeAP'
	option proto 'dhcp'
	option device 'br-lan.5'


config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option country 'DE'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option disabled '1'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'blackhole'
	option encryption 'psk2'
	option key 'allesnurgeklaut'
	option network 'lan'

config wifi-iface 'wifinet1'
	option device 'radio0'
	option mode 'ap'
	option ssid 'officeAC'
	option encryption 'psk2'
	option key 'allesnurgeklaut'
	option network 'officeAP'


config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'hybrid'
	option ra 'hybrid'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'


config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'office'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config forwarding
	option src 'office'
	option dest 'wan'

Great!

In this case, you don't actually need to use bridge vlans... this particular device can use standard dotted notation (i.e. eth0.5), but either way is fine.

If the management is handled by VLAN 1, you can make the officeAP interface unmanaged (option proto 'none'). Or vice versa.

This is not needed and can be removed:

Is everything working fully as you expect now?

i've tested the config VLAN on eth0.5 - this will not work, no ip from dhcp, both interface as static with dhcp an as dhcp client.
But this doesn't matter - with bridged VLAN it works as expected:

• 2 interfaces getting their (fixed) ip from the main router
• 2 wifi on the unifi AP and the clients getting their ip from the main router.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.