[SOLVED] Connect to WPA2-Enterprise

Did you assign the wwan in the WAN firewall zone?
Are all the other interfaces in LAN firewall zone?


this is what I have

Did you install wpad (full)?

Yes, I removed wpad-mini and installed wpad

It is not visible here. Better log in with SSH and run these commands in one line, then post the output here.
cat /etc/config/network; cat /etc/config/wireless; cat /etc/config/firewall; ip -4 addr; ip -4 ro; ip -4 ru;

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd2d:7139:9086::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option tone 'av'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '40:f2:01:3b:a2:f2'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0.2'
        option type 'bridge'

config device 'wan_dev'
        option name 'dsl0'
        option macaddr '40:f2:01:3b:a2:f3'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'
        option type 'bridge'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 6t'

config interface 'wwan'
        option proto 'dhcp'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
        option htmode 'VHT80'
        option disabled '0'
        option channel '100'
        option country 'GB'
        option legacy_rates '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:0e.0'
        option htmode 'HT20'
        option disabled '0'
        option channel '6'
        option country 'GB'
        option legacy_rates '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface
        option ssid 'ENTERPRISE-NETWORK'
        option device 'radio1'
        option mode 'sta'
        option bssid '3A:43:1D:39:7D:3E'
        option eap_type 'peap'
        option auth 'EAP-MSCHAPV2'
        option identity 'MYID'
        option password 'MYPASSWORD'
        option encryption 'wpa2'
        option network 'wwan wan wan6 lan'
root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan wwan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'
root@OpenWrt:~# ip -4 addr; ip -4 ro; ip -4 ru;
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
9: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet XX.XX.XX.XX/26 brd XX.XX.XX.XX scope global wlan1
       valid_lft forever preferred_lft forever
default via XX.XX.XX.XX dev wlan1  src XX.XX.XX.XX
XX.XX.XX.XX/26 dev wlan1 scope link  src XX.XX.XX.XX
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

WWAN must be in WAN zone, not LAN.

I don't understand why is the wifi attacheded to all those interfaces, it should be only to wwan.
Also unbridge the wan and wan6 interfaces.

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wwan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config forwarding
        option dest 'wan'
        option src 'lan'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
        option htmode 'VHT80'
        option disabled '0'
        option channel '100'
        option country 'GB'
        option legacy_rates '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:0e.0'
        option htmode 'HT20'
        option disabled '0'
        option channel '6'
        option country 'GB'
        option legacy_rates '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface
        option ssid 'ENTERPRISE-NETWORK'
        option device 'radio1'
        option mode 'sta'
        option bssid '3A:43:1D:39:7D:3E'
        option eap_type 'peap'
        option auth 'EAP-MSCHAPV2'
        option identity 'MYID'
        option password 'MYPASS'
        option encryption 'wpa2'
        option network 'wwan'

I fixed that but now is no longer connecting.
" Wireless is not associated"

Since HH5 have 2,4ghz and 5ghz I think it should be simple to connect with one of them to Enterprise and share this connection to the other one. But I don't know how to do it :grin:

You have posted twice the wireless config, once with your user-pass. Fix that and add the new network config. We'll see what can still be wrong.

Thank you

here is new network config:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd2d:7139:9086::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option tone 'av'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '40:f2:01:3b:a2:f2'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0.2'
        option type 'bridge'

config device 'wan_dev'
        option name 'dsl0'
        option macaddr '40:f2:01:3b:a2:f3'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'
        option type 'bridge'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 6t'

config interface 'wwan'
        option proto 'dhcp'
        option ifname 'eth0.2'
        option type 'bridge'

Why is eth0.2 bridged with radio1 in wwan interface?

I removed eth0.2 an now is only radio1.network2 which is Wireless Network: Client "ENTERPRISE_NETWORK"
But still same prob. When I go to Wireless I get SSID: ENTERPRISE-NETWORK | Mode: Client
Wireless is not associated

cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd2d:7139:9086::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option tone 'av'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '40:f2:01:3b:a2:f2'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0.2'
        option type 'bridge'

config device 'wan_dev'
        option name 'dsl0'
        option macaddr '40:f2:01:3b:a2:f3'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'
        option type 'bridge'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 6t'

config interface 'wwan'
        option proto 'dhcp'
        option type 'bridge'

I need to open a small parenthesis here. Yesterday in your post the wwan was different:

config interface 'wwan'
        option proto 'dhcp'

and since no one else advised you here to change that it should be the same.
Which brings us to the conclusion that you are experimenting yourself with the settings. And I am totally fine with that, as long as you let us know what you have done, or at least revert the changes since they didn't work.
I don't dare to think what else have you changed there while we are trying to find the mistake in different configuration files.
Therefore if you want us to continue helping you, you need to apply the changes suggested and only these. Is that fine with you?

I am sorry and to be honest I have no idea how I modified that option. I really appreciate your help, and if will be more easier I can reset entire router and start from scratch, or I will be more than happy to apply only your suggested settings.

Alright, the safest way is to start from scratch then. Factory default, install the wpad full, add the new WWAN client interface to the WAN firewall zone, verify everything works as expected and we'll see what else can be done to add the access point for your LAN.
By the end post these to be on the same page:
cat /etc/config/network; cat /etc/config/wireless; cat /etc/config/firewall; ip -4 addr; ip -4 ro; ip -4 ru;

First I updated to |Firmware Version|OpenWrt 18.06.2 r7676-cddd7b4c77 / LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d)|
|Kernel Version|4.9.152| and then I restored to factory default.

I went to Network>WAN>General Setup and I changed protocol from PPPOE to DHCP
On Network>WAN>Physical Settings> Interface I changed from dsl0 to eth0.2 so now I can connect to RED WAN port on HH5 a cable from a LAN port from my main router to have internet.

On System>Software I updated lists and installed wpad version 2018-05-21-62566bc2-5
On Network>Wireless>radio1 hit SCAN choose the Enterprise network Assign to firewall zone wan wan6 (these was selected as default) 2
and continued to setup the newly client connection with my username and password.
Save&Apply and now is connected to Enterprise network using WiFi.
I disconnected the lan cable from my router to HH5.

root@OpenWrt:~# cat /etc/config/network; cat /etc/config/wireless; cat /etc/conf
ig/firewall; ip -4 addr; ip -4 ro; ip -4 ru;

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd22:8263:4b9e::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option tone 'av'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '40:f2:01:3b:a2:f2'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0.2'

config device 'wan_dev'
        option name 'dsl0'
        option macaddr '40:f2:01:3b:a2:f3'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 6t'

config interface 'wwan'
        option proto 'dhcp'


config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
        option htmode 'VHT80'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:0e.0'
        option htmode 'HT20'
        option disabled '0'
        option channel '6'
        option country 'GB'
        option legacy_rates '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface
        option network 'wwan'
        option ssid 'ENTERPRISENETWORK'
        option device 'radio1'
        option mode 'sta'
        option bssid '3A:43:1D:39:7D:3E'
        option encryption 'wpa2'
        option eap_type 'peap'
        option auth 'EAP-MSCHAPV2'
        option identity 'xxx'
        option password 'xxx'


config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qle                                                                                        n 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state U                                                                                        P qlen 1000
    inet 192.168.0.129/24 brd 192.168.0.255 scope global eth0.2
       valid_lft forever preferred_lft forever
8: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen                                                                                         1000
    inet xx.xx.xx.xx/26 brd xx.xx.xx.xx scope global wlan1
       valid_lft forever preferred_lft forever
default via xx.xx.xx.xx dev wlan1  src xx.xx.xx.xx
xx.xx.xx.xx/26 dev wlan1 scope link  src xx.xx.xx.xx
192.168.0.0/24 dev eth0.2 scope link  src 192.168.0.129
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

This can be done in one step, by upgrading the image and unticking the "keep settings" option. Just for future reference.

Can you explain your setup here? I was under the impression that HH5 is the only router in your house and that it runs on Openwrt. What is the other router and what OS is it running?
All these configurations are from which router?

First router in my house is from my internet provider Virgin Media
The HH5 is a second router which I want to configure to use it in another location. I connected the HH5 to the Virgin Media router via a UTP cable to be able to give it the Internet so I can install wpad full in first instance.

But to my astonishment, it now works the way I want it. I can connect to the Enterprise network and the internet works on all devices connected to HH5, using just the settings explained above.

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik