AP-Only Mode with no interface IP?

When you have a management VLAN that you are using for administration is it still required for the AP to have an IP address assigned on the VLAN interface that it is bridging to the wireless network(s)? Commercial access points I've come across in the past seem to operate this way, unless the other IPs are just hidden for simplicity?

So it would look like:

And if so, is it as simple as setting 'Unmanaged' on the LAN bridge on the AP?

You can operate a bridged AP without an IP address yes and have a separate management IP. (or just a serial console for that matter =P)

The way I run my AP's is there isn't a DSA switch and it's just an ethernet device.

So eth.<managamentvlan> is a standard device.

Then I create a bridge without an ip address on another ethernet vlan device.

1 Like

I pulled an AP105 out of a drawer to get you a worked example.

Thanks!

Would you mind pasting an example config just for clarity? I'm wondering do you need to declare eth0.10 (in my example) as an interface at all, or do you just make it a bridge member?

/etc/config/network

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.10'

/etc/config/wireless

config wifi-iface
	option device		'wlan0'
	option network	'br-lan'
	option mode		'ap'
	option ssid		'MyWifiAP'
1 Like

Oh thank you :slight_smile:

1 Like

Working on it. I need a clean device.

As an aside, I usually I use the firmware selector and/or the image builder to set config files and my uci-default scripts so they are all preprovisioned to be an AP.

1 Like

Disabling dnsmasq being a dhcp server and setting your eth0 device to dhcp and stuff for example. (Not everything, I usually want to change dns config, hostname, move web interface, firewall the ipv6 link local addresses, set passwords, ssh keys etc)

uci set dhcp.lan.ignore='1'
uci commit
/etc/init.d/dnsmasq restart

uci set network.lan.proto='dhcp'
uci delete network.lan.ipaddr
uci delete network.lan.netmask
uci delete network.lan.ip6assign
uci commit
/etc/init.d/network restart

Ok so to keep it short, the main bits: create a bridge under devices.
/etc/config/network extract

config device
        option type 'bridge'
        option name 'br-ap'
        list ports 'eth0.10'
        option bridge_empty '1'

Bridge name can be arbitrary even if you want to do fancy stuff with wpa_psk_file or radius based setups etc.

https://openwrt.org/docs/guide-user/network/wifi/basic#wpa_psk_file

Then as discussed you want to create an "interface" that is unmanaged.
/etc/config/network extract

config interface 'ap'
        option proto 'none'
        option device 'br-ap'

Now on your wireless you want to set your SSID's to be hooked up to your "ap" "interface". This is called which 'network' you want the wireless iface to be connected to however.
/etc/config/wireless extract

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'ap'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'ap'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

Got it thanks! The piece about the unmanaged 'ap' interface was the bit that was confusing me, but I figured it was probably needed as you can't (in any examples I've seen at least) attach a wifi-iface to a bridge device directly. Though one wonders why? Physical interfaces can be listed as bridge members without an interface definition but wifi interfaces cannot? Question for another post perhaps.

Thanks again!

Pretty sure it's just the glue logic / code. That's what hostapd is doing under the hood?

With the wpa_psk_file you're configuring the ap when it gets a vlan id to then connect to an arbitrary bridge. The above example is the dumb one ssid per vlan example.

Under the hood that's exactly what's happening. for example:

root@OpenWrt:/etc/config# brctl show
bridge name     bridge id               STP enabled     interfaces
br-ap           7fff.d8c7c8cec705       no              eth0.10
                                                        phy0-ap0
                                                        phy1-ap0
br-lan          7fff.d8c7c8cec705       no              eth0

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.