I have a Guest Wi-Fi network in the 5GHz radius and another in the 2.4GHz radius and I want to link them on the same network interface. I bridged these two and it doesn't give clients IPs or use the network with static IPs. What am I doing wrong?
root@Archer_C60:~# cat /etc/config/wireless
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'Invitados'
option encryption 'psk2+ccmp'
option ifname '5G_ap_guest'
option key 'REDparaINVITADOS'
option network 'guest'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'Invitados'
option encryption 'psk2+ccmp'
option ifname '2G_ap_guest'
option key 'REDparaINVITADOS'
option network 'guest'
root@Archer_C60:~# cat /etc/config/network
config interface 'guest'
option proto 'static'
option delegate '0'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option type 'bridge'
root@Archer_C60:~# cat /etc/config/firewall
config rule
option dest_port '53'
option src 'guest'
option name 'DNS de Invitados'
option family 'ipv4'
option target 'ACCEPT'
config rule
option dest_port '67-68'
option src 'guest'
option name 'DHCP de Invitados'
option family 'ipv4'
option target 'ACCEPT'
list proto 'udp'
root@Archer_C60:~# cat /etc/config/dhcp
config dhcp 'guest'
option interface 'guest'
option start '10'
option leasetime '24h'
option limit '50'
list dhcp_option '6,1.1.1.1,1.0.0.1'
mike
April 1, 2020, 1:36am
2
I don't think you need the bridge option, meaning if you use the 2.4ghz band to create a guest network and make an interface for it called 'Guest', then when creating a guest network on 5ghz you'll just attach it to the same 'Guest' interface 2.4ghz is on, and that should be all you need I think.
It forces me to create a bridge since I select two Wi-Fi networks on the same interface.
mike
April 1, 2020, 2:27am
4
Do you mean the bridge option was generated when making the interface? I just tried making a Guest network on both bands and no bridge option was created and it works ok -
config interface 'Guest'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
I already removed the Check and it still doesn't work.5G_ap_guest which is the name I gave to the 5GHz guest network.
mike
April 1, 2020, 2:54am
6
Hmm, here are my configs that I know work if you want to check them against yours, you might also try a reboot if you haven't already -
edit - I just remembered that i tried creating guest networks on both bands on my old device, a linksys ea3500, and it wasn't possible, it would work fine creating on one band or the other, but not both at once, I'm not sure if it was a memory issue (ea3500 has 64mb) or something else, but it may just not be possible to have guest networks on both bands with your device.
Wireless -
config wifi-iface 'wifinet3'
option network 'Guest'
option wpa_disable_eapol_key_retries '1'
option ssid ’xxxxxx’
option encryption 'psk2+ccmp'
option device 'radio0'
option mode 'ap'
option isolate '1'
option key ‘xxxxxxxx’
config wifi-iface 'wifinet2'
option network 'Guest'
option wpa_disable_eapol_key_retries '1'
option ssid ‘xxxxxx’
option encryption 'psk2+ccmp'
option device 'radio1'
option mode 'ap'
option isolate '1'
option key ‘xxxxxxx’
option disabled '1'
Firewall -
config zone
option network 'Guest'
option forward 'REJECT'
option name 'Guest'
option output 'ACCEPT'
option input 'REJECT'
config forwarding
option dest 'wan'
option src 'Guest'
config rule
option dest_port '53'
option src 'Guest'
option name 'Guest DNS'
option target 'ACCEPT'
config rule
option dest_port '67-68'
option src 'Guest'
option name 'Guest DHCP'
option target 'ACCEPT'
list proto 'udp'
Dnsmasq -
config dhcp 'Guest'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'Guest'
In my main comment are my configuration files (which are similar to yours).
mike
April 1, 2020, 4:11am
8
Do you have this section in /etc/config/firewall? If you do then I'm out of ideas unfortunately -
config zone
option network 'Guest'
option forward 'REJECT'
option name 'Guest'
option output 'ACCEPT'
option input 'REJECT'
1 Like
Yes I have that in my firewall. I'm going to try removing ifname from Wi-Fi interfaces.
Your network and wireless configuration look fine to me. If you are unsure, use "ifconfig" and "brctl" to check that everything is ads expected.
The firewall part is what strikes me as questionable. Start with a more permissive configuration, and see if that fixes the issue.
wlan0-1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: xxxx::xxxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1232 (1.2 KiB)
wlan1-1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet6 addr: xxxx::xxxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:960 (960.0 B)
Is it "wrong" to create a bridge between two Wi-Fi interfaces?
slh
April 1, 2020, 7:33pm
13
You can't bridge wireless interfaces (without 4addr), the standard doesn't allow it.
Notice that OP is bridging two wireless interfaces, in AP mode, inside the same router; just as anybody with a dual band router.
That. I do not understand how it works in lan and not for guests.
Is your LAN network configured to REJECT all on INPUT?
Yes. I show my updated settings again:
Wireless:
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'Invitados'
option encryption 'psk2+ccmp'
option ifname '5G_ap_guest'
option key 'REDparaINVITADOS'
option network 'guest'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'Invitados'
option encryption 'psk2+ccmp'
option ifname '2G_ap_guest'
option key 'REDparaINVITADOS'
option network 'guest'
Network:
config interface 'guest'
option proto 'static'
option delegate '0'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
Firewall:
config zone
option name 'guest'
option network 'guest'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option family 'ipv4'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option name 'DNS de Invitados'
option family 'ipv4'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'DHCP de Invitados'
option family 'ipv4'
list proto 'udp'
option src 'guest'
option dest_port '67-68'
option target 'ACCEPT'
Dnsmasq:
config dhcp 'guest'
option interface 'guest'
option start '10'
option leasetime '24h'
option limit '50'
list dhcp_option '6,1.1.1.1,1.0.0.1'
I can only connect to the 5GHz network and the internet. In the 2.4GHz I can't even receive IP.
Everything looks right, please execute "ifconfig"and "brctl show", the post the full output here.
root@Archer_C60:~# ifconfig
2G_ap Link encap:Ethernet HWaddr MAC-ADDRESS
inet6 addr: IP-V6 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7051 errors:0 dropped:0 overruns:0 frame:0
TX packets:12165 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1398605 (1.3 MiB) TX bytes:8577329 (8.1 MiB)
2G_ap_guest Link encap:Ethernet HWaddr MAC-ADDRESS
inet6 addr: IP-V6 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:330 errors:0 dropped:0 overruns:0 frame:0
TX packets:338 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36068 (35.2 KiB) TX bytes:43272 (42.2 KiB)
5G_ap Link encap:Ethernet HWaddr MAC-ADDRESS
inet6 addr: IP-V6 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:89496 errors:0 dropped:0 overruns:0 frame:0
TX packets:197902 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10783817 (10.2 MiB) TX bytes:257978619 (246.0 MiB)
5G_ap_guest Link encap:Ethernet HWaddr MAC-ADDRESS
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: IP-V6 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13331 errors:0 dropped:0 overruns:0 frame:0
TX packets:24506 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1067441 (1.0 MiB) TX bytes:33173241 (31.6 MiB)
br-lan Link encap:Ethernet HWaddr MAC-ADDRESS
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: IP-V6 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:462216 errors:0 dropped:0 overruns:0 frame:0
TX packets:1757354 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:49179772 (46.9 MiB) TX bytes:2361849458 (2.1 GiB)
eth0 Link encap:Ethernet HWaddr MAC-ADDRESS
inet6 addr: IP-V6 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:12172 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1393656 (1.3 MiB)
Interrupt:5
eth0.1 Link encap:Ethernet HWaddr MAC-ADDRESS
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:12151 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1342033 (1.2 MiB)
eth1 Link encap:Ethernet HWaddr MAC-ADDRESS
inet addr:IP-PUBLIC Bcast:190.xxx.xxx.xxx Mask:255.255.255.0
inet6 addr: IP-V6 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1765591 errors:0 dropped:0 overruns:0 frame:0
TX packets:454044 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2381221567 (2.2 GiB) TX bytes:53742604 (51.2 MiB)
Interrupt:4
ifb4eth1 Link encap:Ethernet HWaddr MAC-ADDRESS
inet6 addr: IP-V6 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:1763041 errors:0 dropped:0 overruns:0 frame:0
TX packets:1763041 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:2377706991 (2.2 GiB) TX bytes:2377706991 (2.2 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:6891 errors:0 dropped:0 overruns:0 frame:0
TX packets:6891 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:649709 (634.4 KiB) TX bytes:649709 (634.4 KiB)
root@Archer_C60:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.50c7xxxxxxxx no 5G_ap
2G_ap
eth0.1
I do not understand what is going on... There is no bridge from the guest network, one of the wireless interfaces has an IP address, and the other one is dangling...
Are there any errors on the logs?