AR300M dumb AP issue

I've got a network I connect to with an ethernet cord. I'm not sure what all is on the network although I do have an IP range that I know is free for me to use. I typically plug a dumb AP into the network to allow me wireless access to the wired network. I just bought an AR300M and cannot get it to work with the network.

I've followed the "dumb AP" guide, the "bridged AP" guide, and some random youtube videos and every configuration behaves the same way - As soon as I plug the ethernet cable into the AR300M I lose all connectivity to the AR300M and cannot see any devices on the wired network.

I spent several hours playing with settings yesterday to no avail. I tried setting LAN IP to both the same and different subnet and both methods behaved the same.

It's strange because sometimes I can ping a device on the network and get a reply in 50ms, 2400ms, timeout, timeout.

I literally have all day to play with this if anyone has any ideas I can try.

Turn off the DHCP server, including IPV6, which is on a separate tab on the network interface page.

A true dumb AP has only one network, lan, and it is a bridge with all your wired and wifi interfaces included in it. There is no need for any firewall settings. All the routing decisions are made by the existing router at the end of the network you are part of.

If you don't need to interact with anything on the main network, only using it for Internet access, you should consider a routed AP instead. That gives you security from others on the network.

1 Like

OK so I did a hard reset. Connect to wireless. Open a browser and pull up 192.168.8.1. Set password. Log into advanced settings.

Click on Network -> Interfaces. Delete WAN and WAN6. Select LAN -> edit. Select General Setup -> "Ignore Interface" to disable DHCP. Select IPV6 settings -> DHCPv6-Service -> Disabled. Leave "Router Advertisement Service" as the default "Server Mode". Hit Save & Apply.

LAN physical settings has "Bridge Interface" checked. The interfaces selected below are "Ethernet Adapter: "eth1" (lan)" and "Wireless Network: Master "GL-AR300M-495" (lan)"

Under Interfaces -> LAN Firewall Settings I select "Unspecified" which I believe removes LAN from the firewall. Save & Apply.

Under Wireless Interface Configuration I am leaving Mode set to the default "Access Point (WDS)" and under "Network" selecting "lan" to attach "lan" to wireless. Save & Apply.

I cycle power, plug ethernet cord into LAN port and connect to the wifi.

What am I missing? Still not working.

Turn off "router advertisement" as well. Your box is not a router.

It could be that the other network is refusing to serve you.

And that will put your interfaces under default policy, which is filter/FORWARD:DROP.

OK I disabled router advertisement. Still not working.

Does the LAN IP need to be within the subnet I'm trying to communicate with? I've tried it both ways and it doesn't work either way.

Subnet I'm trying to connect to is 192.168.123.xxx. I set LAN IP to 192.168.123.250. Wireless card set to 192.168.123.251. The moment I plug ethernet cord into LAN I lose connection to the router. Not sure why since both 250 and 251 are free IPs on the network.

What is the correct way to disable the firewall?

Either assign all interfaces to zone LAN, or set default filter/FORWARD policy to ACCEPT.

So I went to Create/Assign Firewall-Zone and selected the only green item, "lan". Now two symbols show up, a cord with a port, and a wireless symbol.

This seems like it enables the firewall. I need it disabled I believe since there is no internet access on this network, it is just a bunch of industrial machinery on ethernet.

Zone LAN is actually transparent including LAN-LAN forwarding.


You can disable and stop firewall service if you want, but I'm not sure if this option could survive update/reflash, so better do not rely on it too much.

I'm still in the same boat as before. Here are some symptoms -
LAN IP is set to 192.168.8.1. Wifi IP is set to 192.168.8.10. I can see the router fine and can ping it without issue. I plug the ethernet cable into the LAN port and attempt to ping 192.168.8.1.

Request Timed Out
Reply from 192.168.8.10: Destination Host Unreachable
Repy from 192.168.8.1: Bytes=32 time=2185ms TTL= 64
Repy from 192.168.8.1: Bytes=32 time=10ms TTL= 64

Sorry, I can only post one image. Here is my config -

config

I'm quite lost. So, I'll try to start from scratch:

  • Reset device to factory defaults
  • Disable DHCP
  • Setup WiFi SSID
  • Login to device and change LAN IP to 192.168.123.250 (You will have to hit "Apply unchecked" to proceed past the rollback warning)
  • Plug upstream router into a LAN port
  • Reset WiFi or Ethernet connection on client to get new IP from upstream router
  • Done!

I don't think there is an upstream router. Just a bunch of switches.

If that's the case, it completely explains why you loose connectivity when you plug in.

I don't see what having an upstream router has to do with anything if I'm setting static IPs.

Only interface br-lan (LAN-network) should have an IP-address.
eth* and wlan* interfaces should become bridge-members and have only MAC-addresses.

I suggest to ssh to the router and configure it through the uci.
And make sure the changes applied correctly:

ip a; ip r; iptables-save
uci show network
uci show firewall
1 Like

This isn't making much sense.

It helps to have some idea what is on the other end of a cable before plugging it in to your stuff. If there is no router there, does it go to the Internet at all? Is your objective only to use the Internet, or do you want to / have to interact with devices in the LAN?

I would suggest putting both Ethernet ports on the AR-300 in the same bridge. Put the former WAN's port (either eth1 or eth0.2 depending on the hardware involved) into the lan along with eth0 or eth0.1. (You may also be able to do logically the same thing by reconfiguring the switch, but then you're using hardware switching and you don't know if the CPU is actually seeing the packets. In other words software bridge for troubleshooting, hardware switch for performance.)

Then you can remove the wifi as a variable. Leave one of the Ethernet ports connected to your PC and the other one to the network. Once wired is working, you should be able to switch on wifi and have it "just work".

The device's LAN IP address is used only to log into the OS and administer it. It also would like to have a proper gateway so it can set the internal clock (which is only software, there is no real-time keeping hardware) via NTP at boot-up.

Some people intentionally set a dumb AP's LAN IP outside the range normally used by the network in order to avoid conflicts and increase (perceived) security.

I like to DHCP everything it turns out to be considerably simpler-- as long as you can trust there will be a working DHCP and DNS server involved.

Looking into SSH now. When I said that Wifi IP was set to 192.168.8.10 I meant my wireless adapter on my PC.

This is an industrial network for automation equipment. There are HMIs, PLCs, Drives, Servos, etc that I know are on the network. I need to connect to those devices. There is no internet access. But I can't say for certain that someone on the other side of the facility has not plugged a device into the network that has DHCP enabled.

I plug an ethernet cable into the programming port and I can access all of my equipment. My dumb AP (purchased as a standalone AP) works fine and gives me wireless access. I can't get the AR300M to do this.

Reset the AR300M to factory defaults. Do not adjust the firewall.

Pick one of the following two diagrams, and configure your equipment to suit. My own LAN is configured per the second diagram: I have OpenWRT 18.06.1 connected with a single cable into the LAN interface, and the device acts as a WAP for my LAN. IP addressing is handled elsewhere.

One diagram puts the industrial network into the AR300M's WAN port. You may need to configure a static IP address on the WAN port, if the industrial network does not have a known, reliable DHCP server. If you need to permit unsolicited connections from the industrial network to your laptop, you may choose to open/forward ports on the AR300M.

The other diagram puts the industrial network into the AR300M's LAN port. Disable the AR300M's IPv4 DHCP server on the LAN interface. Disable all IPv6 features. Configure the AR300M's LAN interface with a static address in 192.168.123.0/24. Configure your laptop with a static address in 192.168.123.0/24, if the industrial network does not have a known, reliable DHCP server.

Whatever address scheme you end up using, make sure you do not conflict with any existing addresses. You will have problems connecting to equipment if you've duplicated any addresses.

image