Clients can see the dumbAP and authenticate, but don't receive IP

unannunciated · October 1, 2022, 3:21pm

My setup :

1 router in production (RB760iGS) and 1 dumbAP (cap ac).
Both running OpenWRT 22.03
There are intermediairy PoE switches.
My current wifi setup (multiple AP and 3 ssid) uses capsman but I want to move off of ROS. I know for a fact my intermediary switches have correct tagging as everything works using capsman.

My problem:
The dumbAP running 22.03 does broadcast my ssid's and wifi clients can authenticate, but they don't receive IP's.

thanks for any advice

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd6f:8b48:d81d::/48'
option packet_steering '1'

config device
option name 'eth0.1'
option macaddr '08:99:cc:ff:ee:ac'

config device
option name 'eth0.2'
option macaddr '08:99:cc:ff:ee:ab'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '4 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'

config device
option type 'bridge'
option name 'br_ap'
option ipv6 '0'
list ports 'eth0.1'
list ports 'eth0.2'

config bridge-vlan
option device 'br_ap'
option vlan '5'
list ports 'eth0.2:t*'

config interface 'ap_lan'
option device 'br_ap.5'
option proto 'static'
option ipaddr '192.168.123.8'
option netmask '255.255.255.0'
option gateway '192.168.123.1'
list dns '192.168.99.14'
option force_link '0'

config bridge-vlan
option device 'br_ap'
option vlan '15'
list ports 'eth0.2:t'

config bridge-vlan
option device 'br_ap'
option vlan '20'
list ports 'eth0.2:t'

config bridge-vlan
option device 'br_ap'
option vlan '25'
list ports 'eth0.2:t'

config interface 'Wifi_abc'
option device 'br_ap.15'
option proto 'none'

config interface 'Wifi_xyz'
option device 'br_ap.20'
option proto 'dhcp'

fodiator · October 1, 2022, 7:55pm

where's br_ap.5 ?

Also, output of brctl show would be useful...

unannunciated · October 1, 2022, 8:45pm

root@OpenWrt:~# brctl show
bridge name bridge id STP enabled interfaces
br_ap 7fff.0855318dfbab no eth0.2
wlan1
eth0.1

As to your question all of my switches have PVID 5.
So br_ap.5 is basically my native lan, the only vlan on the dumb AP with an ip address.
A cap ac has 2 ethernet ports, its wan port "eth0.1" being the only way to power it.

thx

mk24 · October 1, 2022, 9:11pm

This is swconfig, so you need to make a switch_vlan for VLAN 5 then bridge the AP to eth0.5.

The function of the two ethernet ports is determined in the switch. eth0.1 and eth0.2 only exist now because they are switch_vlans tagged to the CPU port. You can reconfigure the switch so that VLAN 1 passes through by hardware for example depending on what you need the rest of the network to do.

Bridge-vlans should not be used here, that is for DSA. Make a separate bridge for each network.

unannunciated · October 2, 2022, 9:51am

Thank you both, I'll give that a try.