I have a WRT32X router running OpenWRT 21.02.3. The router is serving mainly as a WiFi AP, with a single hard-wire running to my PC in the other room.
Unfortunately the WiFi reception in that other room and its area isn't great, so I want to pass the hard-wire through a simple network switch that will also serve as a secondary WiFi AP for that part of the apartment.
My planned setup looks like the image at the bottom of this post.
Unfortunately, I can't seem to be able to get the router and switch configured correctly to get this to work. The switch is a COMFAST CF-E538ACV2; it's not OpenWRT, but it does run a custom version (LEDE Reboot 17.01-SNAPSHOT r429), and I have full SSH access.
Any guidance on how I should configure the devices to get this setup to work?
A switch is just that: a switch. Depending on how many ports it has and the performance of it's backplane, it does not care about how many devices are connected.
Seeing the information you gave I would have to conclude the 'switch' in this case is not a switch but another AP... as a pure SWITCH will never provide a WiFi signal...
In any normal situation what you want is the switch in place of the existing AP if you look at that picture you created. The PC will then be connected to LAN4 on the AP. The secondary AP (in bridge mode) can then be connected to the switch and it will work just fine.
This assumes that 'Internet' is provided by an ISP Router, which is also distributing LAN IP addresses by DHCP.
In your image, the 'switch' has a WAN gate, is that correct? Because that tells me that this is not a simple switch, but instead is working as a Wireless Router instead. Chaining routers like you described in your image will result in a Double NAT configuration.
I would follow @xNUTx 's advice and restructure your intended network layout.
You could always flash openwrt onto this COMFAST device and turn it into a dumb-ap, but is listed as unsupported due to it's RAM and FLASH limitations...
The switch labels the port on the back as "WAN" and on the front as "LAN", but it's actually configurable and depends on the mode of operation. (See image from the manual below.) I have it running in the "AP" mode, where both ports are LAN ports. This is what it looks like in /etc/config/network:
The router's subnet is actually 192.168.1.0/24. I've tried configuring the switch's static IP to be within this subnet, but couldn't find any combination of router+switch configurations that resulted in anything but the switch becoming inaccessible.
I've also tried setting the proto option for the lan interface in /etc/config/network to "dhcp", but got the same result and did not see any DHCP lease for it in LUCI.
All right, first things first. Let's discuss terminology. The COMFAST device is working as an AP, not a switch, so let's call it an AP.
This subnet is what links your WRT32X Router and COMFAST AP through LAN4, correct?
Now, does the AP provide a wireless network that can access the internet?
Does the front LAN port on the AP provide internet, or at least a IP address from the router's LAN subnet?
Right now I can't get the AP to have any internet access at all, neither from its wireless network nor the LAN port. In fact I'm pretty sure I was unable to even ping the router's IP from the AP's SSH terminal. (Although right now it's inaccessible after another attempt to configure it, so I can't double-check that.)
Also, why is the subnet of the LAN address 192.168.10.0/24? This makes it impossible for a dumb-AP to communicate with your router (which is in 192.168.1.0/24).
I assume you want this AP to distribute DHCP addresses from the router itself.
What I would expect from a setup like you want is:
Router hosting a DHCP server giving away addresses in subnet 192.168.1.0/24
AP LAN interface is a DHCP client
AP wireless networks atached to LAN interface. Wireless clients recieve IP adresses from Router's DHCP server
AP's front RJ45 port also atached to LAN interface, same behavior as wireless clients.
The "Dumb Access Point" article sounds like what I'm trying to achieve. Unfortunately I can't seem to figure out the correct configuration for my AP to get this to work. Editing the LAN bridge protocol in etc/config/network to "dhcp" doesn't result in a DHCP lease on the router, and the AP becomes inaccessible.
Can anyone help me with the correct configuration for this? This is what the "default" /etc/config/network (before my edits) file looks like:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option name 'Allow-RADIUS-COA-Proto'
option src 'wan'
option proto 'udp'
option dest_port '3799'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-WTP-Proto'
option src 'wan'
option proto 'udp'
option dest_port '7773'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-WTP-TCP-Proto'
option src 'wan'
option proto 'tcp'
option dest_port '58080'
option target 'ACCEPT'
option family 'ipv4'
config rule 'wan_ssh_allow'
option name 'Allow-WAN-SSH-Proto'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'ACCEPT'
option family 'ipv4'
config rule 'lan_ssh_allow'
option name 'Allow-LAN-SSH-Proto'
option src 'lan'
option proto 'tcp'
option dest_port '22'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
(I've posted the full /etc/config/network in another comment.)
The LAN address is the default 192.168.10.1 just because I haven't been able to make it part of the router's subnet. Of course that's part of what I want to achieve, it's just that so far I everything I've tried to do that has resulted in nothing but the AP becoming inaccessible.
I am not familiar with LEDE, and so my help is limited, but I can try to help.
Can you order a ping from the router? if so, lets start by trying to establish a connection between the router and the ap.
Edit your network config, modify the fields I listed:
config interface 'lan'
option macaddr 'e0:e1:a9:6c:c3:19'
option type 'bridge'
option force_link '1'
option proto 'dhcp'
option mtu '1500'
option ip6assign '60'
option ifname 'eth1.2 eth1.1'
config interface 'wan'
option macaddr 'e0:e1:a9:6c:c3:1a'
option proto 'dhcp'
option type 'bridge'
option mtu '1500'
option disabled '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 4 5t'
Apply unchecked. Now, the AP should get a DHCP address from the router. Keep in mind, you will not be able to ssh into the ap using your previous IP. How have you been verifying if the AP recieved an address?
AFAIK the LEDE Project is based on OpenWRT. I realize this isn't a vanilla OpenWRT build and it might have issues that the real thing doesn't, but I thought the people here would still have the best relevant expertise to help with this.
Actually this might be my fault! It looks like the network socket that was supposed to have been fixed might not have been quite fixed after all. So it looks like your solution was working just fine, the port was just actually not connected to the router!
(Although, oddly enough, I still don't see a DHCP lease for the AP in the router, even though it's passing traffic from the front to the back port just fine!)
Anyway, thanks so much, and sorry for the confusion!
Great! Honestly I was struggling to comprehend why it wasn't working, glat it worked out!
As for the DHCP lease not showing up in router, you can try binding an ip address to the AP's MAC address in the router's DHCP server configs, and see if it solves the problem.
Also, does the AP fullfill your other requirements? i.e.
Does your pc retrieve a DHCP address from the router when connected via the AP's front rj45 port?
Does the AP's wireless network also provide DHCP addresses from the router?
