Can't get OpenWrt 19 working as Access Point

Hello, this is my first post in this forum, so hello from Germany.

For the first part I'll talk about my network and my intentions for the Easybox which I can't setup.
I've been using the TL-WA850RE v1 with OpenWRT Chaos Calmer for years now, configuration was easy, it has one LAN Port and just b/g/n Wifi, nothing special.
The br-lan interface bridges the LAN Port with the Wireless Access Point. It is working as a Lan to Wlan "converter".
The Fritzbox DSL Router uses 192.168.1.1 and the OpenWRT has it's DHCP server turned off.
As I said, easy setup, no intentions for updating it because it's running fine.

Now I found my "old" Easybox 904xDSL
which has 4 LAN Ports, 1 WAN Port and b/g/n/a Wifi. (I don't need the WAN port and the modem)
I have to admit it looks very great on the display.


Getting OpenWRT to work on it was quite easy, but I don't know how to configure it. I tried setting it up like the TP Link above, but it isn't working.
My plan was to configure like this: in LAN port 1, there is a ethernet cable going in which brings internet access. The LAN ports 2-3 should be LAN "outputs" and for Wifi the same.
Maybe this is easier to understand: LAN1 -> LAN2 & 3 & 4 & Wifi
LAN1 should be configured as a DHCP client, it just needs to get an ip and internet access.
The Outputs (LAN 2 3 4 & Wifi) should be all in a subnet, for example 192.168.100.x with the Easybox as gateway at 192.168.100.1. I've been trying for 2 days, but I can't get it to work like I want.
Maybe you can help me

I only can upload, so here are another 3 of the factory configuration.
https://postimg.cc/gallery/3e14shvqi/

Do you want to use LAN1 as WAN port?

I don't know whether this is meant. Lan1 should be a DHCP Client which obtains an IP adress and routes the internet traffic into a subnet which contains Lan2,3,4 and Wifi.

Go to http://192.168.100.1/cgi-bin/luci/admin/network/switch (or whatever the Ip address of your device is), create a VLAN, and assign one of the LAN ports to it (you will need to first turn that port off in the first VLAN).

Then you go to interfaces and create a WAN interface, set it to DHCP client or static.

For the new Created WAN interface, what should be selected in 'Bridge'?

You don't bridge anything for the WAN. You choose the VLAN you just created.

So for the switch, you should have something like this (expect you will have one less port because my device has 5 ports).

And then for the WAN interface you will need to choose the interface that reads something like Switch VLAN eth0.2.

Third step would be creating a WAN firewall zone and assign it to the WAN interface.

I created VLAN 7 like in the following pictures, I don't know why there are 2 switches:

And put it in Firewall „lan“. Now its yellow but still Not able to ping 1.1.1.1

The Fritzbox is also Not able to recognize the easybox as a client and assigning an ip to it.

I don't know either. I am not familiar with your device. How many physical ports are actually there? Is there a dedicated WAN port?

Not that the text label on the casing don't always match the software port numbers. I see in your screenshot that the cable is plugged in a different port than the one you assigned as WAN.

The numbers are matching, i think switch1 is Right for me, Switch0 detects the lan cable plugged in into DSL as full duplex so this should be the modem which I don’t need.


The black lan cable comes from the Fritzbox and the grey one goes to my PC.

LAN1 is untagged and Matches the ports on the easybox.
Why does the easybox does not obtain an IP address?

I think it could be easier to see the whole picture if you send the output of the following commands? Please use Pre-Formatted text tool </> to include the code, and remember to redact your MAC addresses and any passwords.

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Yes I'll send the output from the commands.

But I tried to set up eth0.55 (DSL/WAN Port) as dhcp client and with the black LAN cable coming from the Fritzbox plugged in into DSL it's getting an ip adress. The OpenWRT can even ping 1.1.1.1, but no dns and the computer also has no internet access.

Ah but I see, the DSL Port seems to only be 100mbit/s. Not optimal but would work.

cat network 

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd37:c4f2:e947::/48'

config atm-bridge 'atm'
	option vpi '1'
	option vci '32'
	option encaps 'llc'
	option payload 'bridged'
	option nameprefix 'dsl'

config dsl 'dsl'
	option annex 'a'
	option tone 'av'
	option ds_snr_offset '0'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list ifname 'eth0.1'
	list ifname 'eth0.66'

config device 'lan_dev'
	option name 'eth0.1'
	option macaddr '18:83:bf:c4:56:ca'

config interface 'wan'
	option ifname 'dsl0'
	option proto 'pppoe'
	option username 'username'
	option password 'password'
	option ipv6 '1'

config device 'wan_dev'
	option name 'dsl0'
	option macaddr '18:83:bf:c4:56:cb'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 6t'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'
	option vid '55'

config switch
	option name 'switch1'
	option reset '1'
	option enable_vlan '1'
	option enable_vlan4k '1'

config switch_vlan
	option device 'switch1'
	option vlan '1'
	option ports '1 2 3 6t'

config device 'inic_dev'
	option name 'eth0.3'

config interface 'inic'
	option proto 'none'
	option ifname 'eth0.3'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option fid '3'
	option ports '6t'

config device 'wlan_dev'
	option name 'eth0.66'

config device 'guest_wlan_dev'
	option name 'eth0.71'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '66'
	option fid '4'
	option ports '6t'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '71'
	option fid '5'
	option ports '6t'

config switch_vlan
	option device 'switch1'
	option ports '0 6t'
	option vlan '7'

config interface 'LAN1'
	option ifname 'eth0.7'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'
	option gateway '192.168.10.1'
	option broadcast '192.168.1.255'
	option dns '1.1.1.1'

config interface 'DSLWAN'
	option proto 'dhcp'
	option ifname 'eth0.55'
cat wireless 

config wifi-device 'wl000'
	option type 'ralink'
	option channel '11'
	option disabled '1'

config wifi-iface 'default_wl000'
	option device 'wl000'
	option mode 'ap'
	option ssid 'Lede'
	option encryption 'psk2+aes'
	option key 'WiFipassword'

config wifi-device 'wl010'
	option type 'ralink'
	option channel '11'
	option disabled '1'

config wifi-iface 'default_wl010'
	option device 'wl010'
	option mode 'ap'
	option ssid 'Lede1'
	option encryption 'psk2+aes'
	option key 'WiFipassword'
cat dhcp 

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'LAN1'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'LAN1'
cat firewall 

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan LAN1 DSLWAN'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

I set the config for the DSL 100mbit Port to static and put in dns servers, now openwrt can resolve URL’s and opkg can update. But still no internet for the clients.

If I were you and I don't need too many LAN ports, I'd aim at ignoring the XRX200 Switch altogether and just doing with the other switch like what you were trying to do in the beginning (well, unless the two switch work on different CPU cores).

Now you have to decide if you want that router to have it's own subnet (in which case the VLAN scenario is the way to go), or if you wnat it just to function as an access point within the main subnet, in which case you could just start from the default 1-VLAN configuration and connect the upstream cable to a port in the RTL switch.

Yes it would be fine with 1 LAN as input and 3 LAN Ports as gigabit outputs.
The problem is now: the dsl port gets an ip assigned without problems, but this is not working with a lan port. The lan port just doesn’t get an ip assigned , i don’t know why.

And the second is, the client has no internet access.

And yes i definitely want the subnet.

Because I'm a new user, I can't make a new answer for 22 hours from now....
But when the Lan cable coming from the Fritzbox is plugged in into DSLWAN it obtains an ip, but when plugged in into LAN1 I can't obtain an ip.

Here is why, I think. The gateway should be the IP of the upstream router.

Edit: or you could just make that interface as DHCP client. If you insist on having an IP of your choice, you can set it as static lease on the upstream router.

While the Easybox 904 xDSL is quite amazing hardware, it's also very, very special and not quite beginner friendly (at all). Especially the switch/ VLAN setup is very special, as your device has two internal switches, with the wireless cards (which are a nightmare of their own) internally bridged via a special VLAN tag.

For the details you'll have to read the long archived thread imported from the old forum, but this device is very different from just about anything else running OpenWrt. If you're looking for a painless device, there'd be much, much easier (and more reliable) alternatives.

1 Like