Hi all,
I'd appreciate some assistance with this.
I have the following network setup:
One GL.iNet GL-MT6000 as the main router and a Linksys E8450 as a dump AP.
I have 3 networks, each has its own separate WiFi SSID.
Both devices are running 24.10.1 and are connected over ethernet with traffic in tagged VLANs.
The networks are configured on both devices, while DHCP/DNS/firewall is only on the main router.
dnsmasq runs on the AP but is configured to ignore the bridges.
The problem is, I connected a new device via ethernet to the dumb AP and configured it to be part of the 'lan' network.
This new device is reachable from everywhere with the exception of devices connected the main router via wifi/. (Devices with ethernet connection to the main router and both wifi/wired devices on the dumb AP can connect to the new device without any issues.)
Based on what I can see in tcpdump, the ARP requests reach the device, it sends back a response but that never arrives back to the main router.
Is there an option or gotcha that I missed?
Let’s review the configuration of both devices.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Hi,
Config from the main router:
# ubus call system board
{
"kernel": "6.6.86",
"hostname": "router",
"system": "ARMv8 Processor rev 4",
"model": "GL.iNet GL-MT6000",
"board_name": "glinet,gl-mt6000",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.1",
"revision": "r28597-0425664679",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.1 r28597-0425664679",
"builddate": "1744562312"
}
}
# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '<omit>'
option packet_steering '1'
config device
option name 'lan1'
option macaddr '<lan_mac>'
config device
option name 'lan2'
option macaddr '<lan_mac>'
config device
option name 'lan3'
option macaddr '<lan_mac>'
config device
option name 'lan4'
option macaddr '<lan_mac>'
config device
option name 'lan5'
option macaddr '<lan_mac>'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
option delegate '0'
option device 'br-downlink.99'
config device
option name 'eth1'
option macaddr '<wan_mac>'
config interface 'wan'
option device 'br-wan.10'
option proto 'pppoe'
option username '<omit>'
option password '<omit>'
option ipv6 'auto'
option peerdns '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config interface 'iot'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option delegate '0'
option device 'br-downlink.2'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
list dns '1.1.1.1'
list dns '8.8.8.8'
option delegate '0'
option device 'br-downlink.30'
config device
option type 'bridge'
option name 'br-wan'
list ports 'eth1'
option ipv6 '0'
config bridge-vlan
option device 'br-wan'
option vlan '10'
list ports 'eth1:t'
config device
option type 'bridge'
option name 'br-downlink'
option ipv6 '0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config bridge-vlan
option device 'br-downlink'
option vlan '2'
list ports 'lan1:t'
config bridge-vlan
option device 'br-downlink'
option vlan '30'
list ports 'lan1:t'
config bridge-vlan
option device 'br-downlink'
option vlan '99'
list ports 'lan1:t'
list ports 'lan2'
list ports 'lan3'
# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel 'auto'
option band '2g'
option htmode 'HE40'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel 'auto'
option band '5g'
option htmode 'HE160'
option cell_density '0'
option he_su_beamformee '1'
option he_bss_color '60'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid '<lan_ssid>'
option encryption 'psk2'
option key '<lan_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ifname 'wlan-lan'
option network 'lan'
config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid '<guest_ssid>'
option encryption 'psk2'
option isolate '1'
option ifname 'wlan-guest'
option key '<guest_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211w '1'
option network 'guest'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid '<iot_ssid>'
option encryption 'psk2'
option isolate '1'
option ifname 'wlan-iot'
option key '<iot_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'iot'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid '<lan_ssid>'
option encryption 'psk2'
option key '<lan_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ifname 'wlan-lan-5g'
option network 'lan'
option ieee80211w '1'
option ocv '0'
config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid '<guest_ssid>'
option encryption 'psk2'
option ifname 'wlan-guest-5g'
option key '<guest_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211w '1'
option network 'guest'
# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
list server '/use-application-dns.net/'
list server '127.0.0.1#5053'
list server '127.0.0.1#5054'
option doh_backup_noresolv '-1'
option noresolv '1'
list doh_backup_server '/mask.icloud.com/'
list doh_backup_server '/mask-h2.icloud.com/'
list doh_backup_server '/use-application-dns.net/'
list doh_backup_server '127.0.0.1#5053'
list doh_backup_server '127.0.0.1#5054'
list doh_server '127.0.0.1#5053'
list doh_server '127.0.0.1#5054'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,1.1.1.1,8.8.8.8'
config dhcp 'iot'
option interface 'iot'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '42,192.168.30.1'
# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option drop_invalid '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'IoT access to NTP'
list proto 'udp'
option src 'iot'
option dest_port '123'
option target 'ACCEPT'
config rule
option name 'DHCP for Guest'
list proto 'udp'
option src 'guest'
option src_port '68'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'DHCP for IoT'
list proto 'udp'
option src 'iot'
option src_port '68'
option dest_port '67'
option target 'ACCEPT'
config zone
option name 'iot'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'iot'
config forwarding
option src 'lan'
option dest 'iot'
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding
option src 'guest'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'guest'
Config from the AP:
# ubus call system board
{
"kernel": "6.6.86",
"hostname": "ap",
"system": "ARMv8 Processor rev 4",
"model": "Linksys E8450 (UBI)",
"board_name": "linksys,e8450-ubi",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.1",
"revision": "r28597-0425664679",
"target": "mediatek/mt7622",
"description": "OpenWrt 24.10.1 r28597-0425664679",
"builddate": "1744562312"
}
}
# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '<omit>'
option packet_steering '1'
config device
option type 'bridge'
option name 'br-uplink'
option ipv6 '0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'wan'
config bridge-vlan
option device 'br-uplink'
option vlan '99'
list ports 'lan1:t'
list ports 'lan2'
list ports 'lan3'
list ports 'wan:t'
config bridge-vlan
option device 'br-uplink'
option vlan '30'
list ports 'lan1:t'
list ports 'wan:t'
config interface 'guest'
option proto 'none'
option device 'br-uplink.30'
config bridge-vlan
option device 'br-uplink'
option vlan '2'
list ports 'lan1:t'
list ports 'lan4'
list ports 'wan:t'
config interface 'iot'
option proto 'none'
option device 'br-uplink.2'
config interface 'lan'
option proto 'dhcp'
option device 'br-uplink.99'
option delegate '0'
# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/18000000.wmac'
option channel 'auto'
option band '2g'
option htmode 'HT40'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'HE160'
option cell_density '0'
option he_su_beamformee '1'
option he_bss_color '56'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid '<lan_ssid>'
option encryption 'psk2'
option key '<lan_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ifname 'wlan-lan'
option network 'lan'
option wmm '0'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid '<lan_ssid>'
option encryption 'psk2'
option key '<lan_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211w '1'
option ifname 'wlan-lan-5g'
option network 'lan'
option ocv '0'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid '<guest_ssid>'
option encryption 'psk2'
option isolate '1'
option ifname 'wlan-guest'
option key '<guest_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211w '1'
option network 'guest'
config wifi-iface 'wifinet8'
option device 'radio1'
option mode 'ap'
option ssid '<guest_ssid>'
option encryption 'psk2'
option isolate '1'
option key '<guest_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211w '1'
option network 'guest'
option ifname 'wlan-guest-5g'
config wifi-iface 'wifinet9'
option device 'radio0'
option mode 'ap'
option ssid '<iot_ssid>'
option encryption 'psk2'
option isolate '1'
option ifname 'wlan-iot'
option key '<iot_pw>'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'iot'
# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
config dhcp 'iot'
option interface 'iot'
option ignore '1'
config dhcp 'guest'
option interface 'guest'
option ignore '1'
# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'iot'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'iot'
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
Let me know if you need any other config/output.
