Every once in a while, i would have problems connecting to my devices connected to my other ap (not an openwrt router).. unplugging and replugging the lan cable on my main router(openwrt) fixes the issue but it happens multiple times a day and its frustrating… but everytime that it happens ,the devices connected to the access point can still access my main router and internet. its just that when im connected on to my main router and i wanna access my devices on my ap it fails…
Given that your AP is not running OpenWrt, there may be practical limits to how we can assist here (this is the OpenWrt forum, after all).
However, in interest of basic troubleshooting, please describe how your AP is connected to your main OpenWrt router -- what physical ports on each device are being used? And what is the brand/model of your other AP? Is it running stock firmware or something else?
My guess is that your other AP is not currently running as a dumb AP. If you haven't already done so, you should probably apply the concepts in the linked article to your non-OpenWrt AP (namely: disable the DHCP server on the other AP, set it to an IP address that is on the same subnet as your main router but doesn't conflict with any other devices, and then connect LAN-LAN). The details of the first two will be dependent on your other AP's functionality and user interface.
1 Like
i connected it to lan 3, which if my vlan setup is correct should be connected to vlan99, which is where my main local network is…
also, my ap is set to ap mode…
Based on your screenshot, this looks fine... but there may be more to the story.
Does your overall network and firewall config on OpenWrt allow the access you desire? If you connect a wired system to lan 3 (instead of connecting the AP), does the problem manifest in that scenario, or does it only happen on with the AP?
What is your AP (brand/model, is it a mesh system or a single unit, etc.)?
i didn’t really set up any firewall that would block or cause problems with the ap, only firewall rule that i set was the one that i use for my pihole instance which should forward all dns request to it.
it doesn’t happen like on a certain time of the day, it happens randomly so i am not really sure
if ill be able to catch while it happens..
Blockquote
Tenda AC23, this is a single unit router, i’ve been using it for 5 months already as an ap (for its wide coverage) and the problem occurred for about a month already after i setup the vlans
let's review your config files. If they don't show any issues, then it may be the Tenda device itself that is the problem.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@OlympusWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd34:68ac:923e::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
option device 'br-lan.99'
list dns '192.168.2.9'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'GUEST'
option proto 'static'
option ipaddr '10.20.30.40'
option netmask '255.255.255.0'
option device 'br-lan.4'
list dns '8.8.8.8'
list dns '1.1.1.1'
config interface 'IOT'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.0.0.1'
option device 'br-lan.3'
config bridge-vlan
option device 'br-lan'
option vlan '4'
config bridge-vlan
option device 'br-lan'
option vlan '99'
list ports 'lan1:u*'
list ports 'lan2'
list ports 'lan3:u*'
config bridge-vlan
option device 'br-lan'
option vlan '3'
config device
option name 'br-lan.99'
option type '8021q'
option ifname 'br-lan'
option vid '99'
option acceptlocal '1'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option band '2g'
option channel '6'
option cell_density '0'
option noscan '1'
option htmode 'HT20'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'ligma'
option encryption 'psk2'
option key 'xxxxx'
option network 'IOT'
option disabled '1'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option htmode 'VHT80'
option channel '44'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'xxxxxx'
option encryption 'psk2'
option key 'xxxxxxxx'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid '6969'
option encryption 'psk2'
option key 'xxxxxx'
option network 'GUEST'
cat /etc/config/dhcp
root@OlympusWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dns '192.168.2.9'
list dhcp_option '6,192.168.2.9'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'GUEST'
option interface 'GUEST'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'IOT'
option interface 'IOT'
option start '100'
option limit '150'
option leasetime '12h'
config host
option name 'AC23'
option dns '1'
option mac 'cc:0F:F5:44:3A:90'
option ip '192.168.2.2'
config host
option name 'dd'
option dns '1'
option mac 'xx:cx:cx:24:B3:E3'
option ip '192.168.2.134'
config host
option name 'dd'
option dns '1'
option mac 'dd:dd:xx:A0:A8:DD'
option ip '192.168.2.135'
config host
option name 'dd'
option dns '1'
option mac 'cx:cx:cx:03:C9:BA'
option ip '172.18.18.150'
config domain
option name 'g'
option ip '192.168.2.21'
config domain
option name 'f'
option ip '192.168.2.136'
config domain
option name 'pnddrwx'
option ip '192.168.2.211'
config domain
option name 'SkyworthTV'
option ip '192.168.2.133'
config host
option name 'TCLtv'
option dns '1'
option mac 'xx:xx:AF:E1:27:D0'
option ip '192.168.2.197'
config domain
option ip '192.168.2.100'
option name 'Rolandos_C11'
firewall
root@OlympusWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'GuestZone'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'GUEST'
config zone
option name 'IOTZone'
option output 'ACCEPT'
option forward 'REJECT'
list network 'IOT'
option input 'REJECT'
config forwarding
option src 'GuestZone'
option dest 'wan'
config rule
option name 'Cam3 Dns'
option src 'lan'
option dest_port '53'
option target 'REJECT'
option family 'ipv4'
list src_mac '30:7B:C9:EC:41:DB'
list src_ip '192.168.2.136'
config rule
option name 'Guest DNS and DHCP'
option src 'GuestZone'
option target 'ACCEPT'
list proto 'udp'
option dest_port '53 67'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'lan'
option src_ip '!192.168.2.9'
option src_dport '53'
option dest_ip '192.168.2.9'
option dest_port '53'
config nat
list proto 'tcp'
list proto 'udp'
option src 'lan'
option dest_ip '192.168.2.9'
option dest_port '53'
option target 'MASQUERADE'
config forwarding
option src 'IOTZone'
option dest 'wan'
In my quick read of your config, I'm not seeing any issues that would cause the described behavior (unless I missed something).
I would check your AP.
If you have another AP, you could simply replace the one that is currently suspect and see if that resolves the issue.
Also, as a test: connect a wired computer (in theory, you could allocate another port on your main router to that VLAN, or you could presumably use the AP's built-in switch for this purpose -- the former being the more reliable indicator of what is happening) and then see if the wired computer becomes unreachable or if it is only the wireless devices on the AP.
oh,, i have a dvr connected(wired) to that ap, and it also gets inaccessible when im on my main router… so it could be really my ap causing that issue
Yes, that sounds likely. The way to truly rule in/out the AP would be to connect the DVR to the main router directly so that it doesn't need to go through the AP. If the problem persists, it is your main router. If it doesn't manifest with the DVR, then it is the AP.
1 Like
alrightttt. thanks man!
You're welcome.
Report back when you have some test results to share.
And when your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.