Configuring LEDE to disable NAT/DHCP/DNS on wifi device

I understand all the concepts in isolation but I'm having a bit of hard time putting them together to get what I want out of my network setup. I'm finding in the OpenWRT / LEDE docs all the relevant things but I think it's also possible I'm misunderstanding. What I'm trying to accomplish is the following:

  • EdgeRouter X handles DHCP/DNS and it's WAN goes to the Modem
    • Subnet is
  • Archer C7 v2 with LEDE is connected to one of the ports on EdgeRouter X and has IP
    • Subnet is
    • Wireless clients can communicate with all devices on EdgeRouter X

Mainly I'm just trying to avoid the double NAT situation and limit the redundancy of services operating on the network.

Any assistance or pointers in the right direction would be very helpful!

This can be fairly straight forward. I'm guessing the you want to use the C7 as a switch and AP, is that correct? Search for 'dumb ap' in the forums for more details, but here's the basics:

You'll probably want to set the LAN IP address in the same subnet range as your ER-X, any address will do as long as no other devices use it (so maybe ER-X @ and C7 @

Then, disable the DHCP server on the C7 by simply checking the box under Network > Interfaces > LAN > DHCP server (bottom of page) > 'ignore interface.'

From there, connect your ER-X to the LAN port of your C7 and you should be off and running.

There are other ways of achieving this, too, and it is possible to also configure the system to include the WAN port as a part of the normal switch, if you want (so you'd have 5 LAN ports + wifi).

You might read LEDE as an access point and switch

Dumb AP / Access Point Only OpenWrt / Lede
Configuration via Web Interface LUCI
Of course you can achieve this with using the web interface:
Once you have configured your wireless network with LUCI you can start configuring your dumb AP.
Go to Network → Interfaces and select the Lan interface.
Set an IP next to your main router on the field "IPv4 address". (If your main router has IP set
Then scroll down and select the checkbox "Ignore interface: Disable DHCP for this interface."
In the top menu go to System, then Startup, disable Firewall in the list of startup scripts.
Click the Save and Apply button. Hard-Restart your router if you're not able to connect anymore.
Now connect to the new IP you have just specified( and check if the settings for the Lan interface are the same you set before.
Now connect your main router to one of the switch ports of your "new" dumb AP and you are done.

This configuration will not allow your access point to update packages, ping from access point, etc. To enable your ap itself to have internet access also add your primary router's address as the ap's dns entry. Go to Network → Interfaces and select the Lan interface then edit "Use custom DNS servers" to e.g. ( your main router's ip )

Hey @mindwolf, thanks for your reply! (And everyone else's!)

After following your instructions, I can ping the router's new address at, however cannot access LuCI or SSH. Is there only option I have to edit the config via failsafe mode? I should note that I also moved the ethernet internet connection from the WAN port of the Archer C7 to one of the switch ports. Should I have left it connected via the WAN?



There is UCI.

See this section of the LEDE User Guide...

What IP did you give your C7? Did you change it from to something in the network? If you didn't change the IP, but you turned off the DHCP server, you can presumably just manually set the IP of your computer to something in the network space and then you should be able to connect to the C7 (but not to the internet). From there, you can change the LAN address, if desired, to the space instead.

Aside from that, if you are unable to access the device via web or ssh, you will probably have no other option than to use failsafe mode to change settings. While you're at it, you can grab the config files for /etc/config/network, /etc/config/dhcp, and /etc/config/wireless to post here for review.

Follow psherman's advice but make sure to physically isolate the ap from the main router and use an ethernet cable to plug into one of the lan ports. Otherwise, your current setup will always try to access the main router's network and timeout.