Hi,
I'd like to find a good configuration of OpenWRT to allow me to use a Cisco Aironet 1815w linked by ethernet to my router. I need this access point (AP), lent by my company, to be operational behind my modem/router to allow me working from home one day per week. Unfortunately, I was (lately) informed that it is "not compatible with the hardware" given by my ISP (and I'm reluctant to change my ISP right now for this sole reason).
Indeed the Cisco AP can't manage to sync with my company's server when plugged to my ISP modem/router. So I bought a Netgear R7800 modem, installed OpenWRT on it, and used it to replace the ISP router: thanks to the fact that OpenWRT gives access to the DHCP option 60 (not the case of the official Netgear firmware afaik), it was surprisingly easy to connect to the internet via the R7800 instead of my ISP router (just put a ISP specific id in this option, I not even needed to fill a login/password). But the Cisco still doesn't manage to connect to my company server (LED cycling red/yellow/green forever after the initial boot phase of the Cisco AP).
Some technical notes :
- the R7800 is connected via the ONT of my ISP since I'm using FTTH
- this AP syncs correctly when tested by a friend who uses a different ISP.
- I have no access to the admin part of the AP (I can reach the admin interface via HTTP but I don't have the login/password), so I uses a computer of my personal network as a surrogate when I test if the ports are open or not.
Normal it didn't work, I thought, since 2 UDP ports (5246-5247, the CAPWAN ports) need to be open according to my company (and confirmed reading the Cisco documentation). By the way, it seems it is the problem with my ISP router; even when put on the DMZ, the UDP ports remained closed, contrary to TCP ports (buggy firmware according to some forum).
So I tried to 'dive' into LuCI settings to open these ports; first individually (no success, the Cisco didn't sync) then by putting temporarily the Cisco stuff on a "DMZ" by applying the technique described here. It didn't work either.
Using a computer of my network, plus another one connected to internet via my mobile phone (ie with a different IP), I was able to test that UDP ports were open this time (using the "nc -uvz" technique described here).
Getting back to the Cisco documentation, I found that it may be more complex than I thought. Here the interesting part of the doc:
Note: When you are installing a Layer 3 access point on a different subnet than the Cisco wireless LAN controller, be sure that
- a DHCP server is reachable from the subnet on which you will be installing the access point,
- and that the subnet has a route back to the Cisco wireless LAN controller.
- Also be sure that the route back to the Cisco wireless LAN controller has destination UDP ports 5246 and 5247 open for CAPWAP communications.
- Ensure that the route back to the primary, secondary, and tertiary wireless LAN controller allows IP packet fragments.
- Finally, be sure that if address translation is used, that the access point and the Cisco wireless LAN controller have a static 1-to-1 NAT to an outside address. (Port Address Translation is not supported.
So as far as I understand, it is not just a 'ports opening/forwarding' issue. The last bullet point is particularly obscure for the newbie I am concerning networks.
So the question (sorry for the long introduction):
Could someone here help to decipher these doc requirements and to determine if there is a chance that the combination R7800+OpenWRT could solve my problem (ie allow the Cisco AP to sync)? If yes, what are the good OpenWRT settings to put in LuCI? or via the console if not possible via LuCI (I am not a Linux expert but I am able to connect via SSH to the R7800 and edit some config files if needed)?
Thanks in advance for your help,