I run a WRT1900ACS setup with LAN on 10.10.1.0/24, Guest on 10.10.3.0/24, and IOT on 10.10.10.0/24.
I recently came into possession of a Unifi AC Lite AP, and figured I’d dump the Linksys radio0/radio1 and duplicate my current network using the AC Lite - it easily reaches the entire house (and a whole lot more responsive).
OOB, OpenWrt bridges the LAN network with the WLAN of the device and this seemed be the right track to take, but after reading the Routed AP wiki, I’m not so sure.
Is your new UAP-AC-LITE going to serve as an AP only or as a router? In other words, do you have a router (or modem+router combo) in your system that will stay in place, or will this serve as the main router for the network?
The intent is to use it strictly as an AP. Allow wireless clients to access the router/internet.
Currently the WRT router setup is pretty basic. 2.4/5 wifi is bridged to br-lan, wired to ISP modem. Wifi is a pita running OpenWrt so the intent is to turn of the Linksys wifi completely and use the AP in its place - same functionality, 3 subnets isolated.
Is this a modem or modem+router combo?
If modem only, what is serving as the router in your network?
Are you saying that you don't like dealing with wifi on OpenWrt or on the Linksys? Are you planning to use the AP-AC-LITE with the Unifi firmware or with OpenWrt?
Will the existing Linksys router be used as a wired router only? or will it be removed from the equation entirely?
There are different ways to do this, but considering the much better CPU in the WRT1900, I'd bridge. Keep the main router doing all the routing and set up three VLANs on the cable to the AP and bridge the respective wifi AP interfaces into the VLANs.
WiFi on this Linksys platform has always been sketchy under OpenWrt. I've always accepted that wifi works much better on stock, but stock isn't an option after OpenWrt.
I want to remove any Native wifi from the Linksys, making it a wired router only running OpenWrt Snapshot builds.
Maybe this might help explaining my current network setup - the goal being to keep same setup but disable Linksys Radios, and replace them with AC-Lite Radios - Possible?
package network
config globals 'globals'
option ula_prefix 'fd90:f196:0620::/48'
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.10.1.1'
option device 'br-lan'
config interface 'wan'
option peerdns '0'
option proto 'dhcp'
option device 'wan'
config device 'wan_wan_dev'
option name 'wan'
option macaddr '32:M A C:95'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'Guest'
option device 'wlan1-1'
option proto 'static'
option ipaddr '10.10.3.1'
option netmask '255.255.255.0'
option type 'bridge'
config interface 'IOT'
option proto 'static'
option ipaddr '10.10.10.1'
option netmask '255.255.255.0'
option device 'wlan1-2'
option type 'bridge'
config interface 'WGMon'
option proto 'wireguard'
option private_key 'gLLz - Private Key - Q4CVlc='
list addresses '10.14.0.2/8'
option mtu '1350'
option delegate '0'
config wireguard_WGMon
option description 'Peer 1'
option public_key 'o07k/2 - Public Key - /F/HBBcOGUkNQGo='
list allowed_ips '172.16.0.36/32'
option endpoint_host '- FQDN -'
option endpoint_port '51820'
option persistent_keepalive '25'
option route_allowed_ips '1'
config wireguard_WGMon
option public_key 'pB//7qgQ/ - Public Key - F2nXPGIEX8='
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host '- FQDN -'
option endpoint_port '51820'
option persistent_keepalive '25'
option description 'Peer 2'
Yes. Sorry if I wasn't following your intended topology, but I think I get it now.
So yes, this is absolutely possible. I would recommend running the UAP-AC-LITE purely as an AP, and doing all of the routing (and other things like VPN) on the Linksys.
Fundamentally, you'll setup one or more ethernet ports to operate as a trunk port (i.e. multiple networks on the port using VLANS). The AP, in turn, will be configured with the ethernet port such that it bridges the VLANs with the radios, not entirely unlike the way it is done in your Linksys. The AP only needs to be active on one network (i.e. your trusted LAN or a management network), the others will just pass through as "unmanaged" and associated with a bridge.
In short, your AP will be a dumb AP, but it will be handling multiple networks (no routing, though). FWIW, you can do this equally well with the standard Unifi firmware and environment as you can with OpenWrt on the AP. Either way, you can interface with your Linksys (operating as a router with VLANs). It just depends on which system you want to use.
Side note: since you'll be using VLANs, be aware that any switches you use between your router and your AP need to be smart/managed to ensure that they will properly handle VLANs. Some unmanaged switches may work just fine, but others can actually cause major issues. (this is not an issue for your PoE injector, but is relevant if you're using any type of switch -- PoE or not -- between your router and AP).