Configure private wifi

I'm having issues finding documentation, which I believe exists..
I would like to configure via luci, creating a private wifi network

$ cat /etc/config/network
config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option ula_prefix 'fd95:27c5:3e18::/48'
        option packet_steering '1'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.4.2'
        option netmask '255.255.255.0'
        option device 'br-lan'
        list dns '8.8.8.8'
        list dns '8.8.4.4'
        list dns_search 'lan'
        option delegate '0'
        option ipv6 'off'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth1'
        option type 'bridge'
        option ipv6 'off'

config interface 'vpn0'
        option proto 'none'
        option device 'tun0'
        option type 'bridge'
        option delegate '0'

config interface 'docker'
        option device 'docker0'
        option proto 'none'
        option auto '0'

config device
        option type 'bridge'
        option name 'docker0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config device
        option name 'eth0'
        option ipv6 '0'
        option multicast '0'

config device
        option name 'eth1'
        option ipv6 '0'
        option multicast '0'

$ cat /etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option country 'US'
        option cell_density '0'
        option htmode 'VHT20'
        option hwmode '11a'
        option channel '34'
        option txpower '20'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'wan'
        option ssid 'r2d2'
        option encryption 'psk2'
        option mode 'ap'
        option wmm '0'
  1. Add new interface, similar to lan one, in /etc/config/network, with IP like 192.168.2.1
config wifi-iface 'default_radio0'
       option device 'radio0'
       option network 'wan'

It is nonsense, network should be from item 1.
3. Add similar section in /etc/config/dhcp
4. Add forwarding rule in /etc/config/firewall

I think you want a guest network. Search for that term.

option type bridge inside a config interface block is deprecated. Define bridges separately with a config device then attach the bridge to an interface. See the default lan network for an example.

Generally you can't bridge into wan because you only get one IP from the ISP modem. Guest networks are a separate IP range that is then routed into wan, not bridged.

psk2 encryption on an AP requires an option key to set the password.

1 Like

thank you. I purposely deleted the password line.

I was hoping and thought OpenWRT would allow me, with your assistance, to create a wifi-only DMZ, using one router.

OK, you should also add device with type 'bridge', see 'lan' example, but you should ignore 'hardware' device like ethX.