Configure R7800 router as dumb AP using Dynamic PSK/Password-based VLANs

Hello everyone,

I have a NEtgear R7800 router running OpenWRT v23.05.2. I am trying to configure it as a dumb AP but using the dynamic PSK/Password-based VLAN feature noted in this thread. I just recently configured a TP-Link EAP-615v1 AP using that feature and it's working great so far, although it did take some trial and error to get it done. However I can't the router configured as a dumb AP using that same feature.

Can anyone help out with that? Below is the output of the following:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.137",
        "hostname": "OpenWrt",
        "system": "ARMv7 Processor rev 0 (v7l)",
        "model": "Netgear Nighthawk X4S R7800",
        "board_name": "netgear,r7800",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "ipq806x/generic",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd54:fc05:9583::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.10.200'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.10.1'
        list dns '192.168.10.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0t'
root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

TIA :pray: :smile: :call_me_hand:

Hi,

This is the config you have on the "dumb AP" right ?
So one thing I noticed you are missing is to define the vlans and password in the wireless config, there might be more missing but this is first what I noticed.
an example from what I used:

config wifi-vlan
        option name 'vl10'
        option network 'vlan10'
        option vid '10'

config wifi-station
        option key 'Vlan10Pass'
        option vid '10'

config wifi-vlan
        option name 'vl20'
        option network 'vlan20'
        option vid '20'

config wifi-station
        option key 'Vlan20Pass'
        option vid '20'

Hi SkyCrw,

Thanks for the reply.

So the main issue I am having is that anytime I change anything in the network config, I lose access to the device.

As an example, the config below is from my TP-Link EAP-615v1 AP. I used it as a reference.

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd35:2a0b:ecf7::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	option vlan_filtering '1'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan0:u*'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan0:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '21'
        list ports 'lan0:t'


config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.10.201'
	option netmask '255.255.255.0'
	option gateway '192.168.10.1'
	list dns '192.168.10.1'

config interface 'vlan20'
        option device 'br-lan.20'
        option proto 'none'
	option type 'bridge'

config interface 'vlan21'
        option device 'br-lan.21'
        option proto 'none'
	option type 'bridge'

When I try to create the br-lan.1 bridge in my R7800, I lose access to it and have to reset it to default. So first, I need help configuring it so I can access it after I create the bridge.

Here's what I'm trying to accomplish: I want VLAN1 untag on LAN1, then VLANs 20 and 21 to be tagged on the same LAN1 port. I'm basically using VLAN as the management VLAN since it is a wired device and all my wired devices are on VLAN.

@SkyCrw just so you know, the /etc/config/network is the default config. I wanted to post it so anyone can see what it has by default.

I’ve been there :smile: I’ve had to reset and start over numerous times before I figured it out

Question, does your router support DSA ?

Not sure if it does. It has a section for a switch, so I assume it doesn't.

I think that's what's messing me up with the configuration.

The r7800 only switched from swconfig to DSA after 23.05.x, so if you'd like to have the same configuration semantics and syntax for all your devices, it might be best to upgrade the r7800 to a snapshot build.

So you're saying that any version of 23.05.x won't have DSA? If not that's ok. I wouldn't mind having it run with it current syntax, just having an issue getting it to work in the same fashion with it's current syntax.

23.05.x (any maintenance release to come) for ipq806x does (and will continue to) use swconfig.

Current main snapshots (and the upcoming 24.xy.0/ 25.xy.0) for ipq806x does (and will continue to) use DSA, just like many other contemporary targets have been doing for a bit longer already.

1 Like

Good to know, thanks for that.

I keep trying to get the configuration working with swconfig then. Going to be a lot of resets lol.

In a mixed environment of ipq806x and mt7621, such as yours, it may be helpful to standardize on DSA-only, but that would require updating the r7800 to main snapshots.

swconfig and DSA have different semantics, it's not that easy to wrap your head around both, rather than being able to use the same for both.

1 Like

hi
it is possible to do dpsk on swconfig, i am using it everyday
but, there is few gotcha
i am not sure from which version dpsk started to work, so i stick with 23.05
and ...
naming of br-vlan devices ...
later will post you a working swconfig with dpsk, but, please, upgrade to 23.05 if you could

1 Like

Hi @NPeca75, the R7800 is already running 23.05.2. If you can post a working config, that would be awesome!

hi @simon_lefisch

ok, on WIFI, vlan2 is "native", default
as you could see, in network, vlan255 is mgmn
whatever you do, please, stick with vlan names as in example, they need to match wifi section
no fantasy names as "kitchen" and "my_mom_tv" and similar

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 0 '

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 0t '

config switch_vlan
        option device 'switch0'
        option vlan '100'
        option ports '6t 0t 4'

config switch_vlan
        option device 'switch0'
        option vlan '200'
        option ports '6t 0t '

config switch_vlan
        option device 'switch0'
        option vlan '255'
        option ports '6t 0t '

config device
        option type 'bridge'
        option name 'br-vlan1'
        list ports 'eth0.1'

config device
        option type 'bridge'
        option name 'br-vlan2'
        list ports 'eth0.2'

config device
        option type 'bridge'
        option name 'br-vlan100'
        list ports 'eth0.100'

config device
        option type 'bridge'
        option name 'br-vlan200'
        list ports 'eth0.200'

config device
        option type 'bridge'
        option name 'br-vlan255'

config interface 'vlan1'
        option device 'br-vlan1'
        option proto 'none'

config interface 'vlan2'
        option proto 'none'
        option device 'br-vlan2'

config interface 'vlan100'
        option proto 'none'
        option device 'br-vlan100'

config interface 'vlan200'
        option proto 'none'
        option device 'br-vlan200'

config interface 'vlan255'
        option device 'br-vlan255'
        option proto 'static'
        option ipaddr '169.254.1.102/24'
        option ip6addr 'fd00:1:255::102/64'
        list dns 'fd00:1:255::1'
        list dns '169.254.1.1'
config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option phy 'phy0'
        option country 'HU'
        option legacy_rates '0'
        option noscan '1'
        option txpower '20'
        option htmode 'HT20'
        option disabled '0'
        option distance 'auto'
        option channel '5'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'test-AP'
        option encryption 'psk2'
        option network 'vlan2'
        option key 'vlan2pass'
        option wmm '1'
        option short_preamble '1'
        option disassoc_low_ack '0'
        option max_inactivity '120'
        option isolate '1'
        option disabled '0'
        option ifname 'wlan0'
        option multicast_to_unicast_all '1'
        option macaddr '0e:02:01:00:01:02'

config wifi-vlan
        option name 'vl100'
        option network 'vlan100'
        option vid '100'

config wifi-station
        option key 'vlan100pass'
        option vid '100'

config wifi-vlan
        option name 'vl200'
        option network 'vlan200'
        option vid '200'

config wifi-station
        option key 'vlan200pass'
        option vid '200'

config wifi-vlan
        option name 'vl255'
        option network 'vlan255'
        option vid '255'

config wifi-station
        option key 'vlan255pass'
        option vid '255'
1 Like

Hi @NPeca75, thanks for posting this.

I am trying to adapt this to my device, but I need a bit of explanation.

For my R7800, the ports assigned in the GUI are slightly different than in CLI. As an example:

CLI ports	     GUI ports
PORT0            CPU (eth0)
LAN1             LAN4		
LAN2             LAN3
LAN3             LAN2
LAN4             LAN1
PORT5            WAN
PORT6            CPU (eth1)

I would like to have everything go thru GUI port LAN1 (CLI port LAN4). However without knowing how the ports on your device are labeled, I cannot adapt it correctly. Can you post an output of your CLI ports and GUI ports assignment like I did so I can reference it and make changes accordingly?

ah, gui :smiley:
no, i am not using gui :slight_smile:

but
port0 - cpu1, it shoult be tagged in all cases, so 0t
port6 - cpu2, again, always tagged, so 6t
from your original config, looks like 1,2,3,4 are bound to 6, they are LAN ports
and 5 is bound to 0, so this is WAN port

hope is is clear now ?

edit:
hope you understand that config i send you is NOT from R7800, it is indeed a swconfig, but from 1port cpu device, and yours is 2ports cpu
it is only example how to name devices/interfaces and how they connect to wifi config

NPeca75

ah, gui :smiley:
no, i am not using gui :slight_smile:

I have been using CLI for configuring my devices as of late. However I only came across the port listing when comparing CLI to GUI. That's how I found out that when I would use LAN1 in CLI, it was actually LAN4 and causing issues.

port0 - cpu1, it shoult be tagged in all cases, so 0t
port6 - cpu2, again, always tagged, so 6t

Ok so these looks the same as mine.

from your original config, looks like 1,2,3,4 are bound to 6, they are LAN ports
and 5 is bound to 0, so this is WAN ports

hope is is clear now ?

Sounds pretty clear, so I will give it a shot and let you know.

ok, if you have trouble with connecting specific vlan to specific port, we will try to figure out something

1 Like


NPeca75

edit:
hope you understand that config i send you is NOT from R7800, it is indeed a swconfig, but from 1port cpu device, and yours is 2ports cpu
it is only example how to name devices/interfaces and how they connect to wifi config

I'm not too worried about the wifi config, as that will be easy to do. My concern is configuring /etc/config/network properly so I can access after implementation.