Converting a Wifi router to an access point/switch

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,
I setup a new openwrt x86 router and I have my older wifi router netgear r8000 connected to it providing wifi, but in a different subnet. I basically just plugged in the wifi router wan from being connected to the modem to being connected to the new x86 router.

I would like the wifi router to be like an wireless access point and a switch in its ethernet ports to the main router, so devices connected via ethernet or wifi to this router are all in the same subnet provided by the main router. The main router also provides internet to three computers through a physical switch I have in a den office.

The physical connection is basically:

internet <-> modem <-> main router
    main router <-> switch <-> computers
    main router <-> wifi router <-> computers, and smartphones.

I have read the OpenWRT documentation and I'm having a hard time finding out what exactly I need to do. Could you please help me with my configuration?

OpenWrt 22.03.5

# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fdc6:15c1:ebac::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option macaddr '78:D2:94:0E:04:C2'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

# cat /etc/config/wireless 

config wifi-device 'radio0'
	option type 'mac80211'
	option path '18000000.axi/bcma0:7/pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel '149'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'wifi-5g-1'
	option encryption 'psk2'
	option key 'REDACTED'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '18000000.axi/bcma0:8/pci0001:00/0001:00:00.0/0001:01:00.0/0001:02:01.0/0001:03:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'wifi-2g-1'
	option encryption 'psk2'
	option key 'REDACTED'

config wifi-device 'radio2'
	option type 'mac80211'
	option path '18000000.axi/bcma0:8/pci0001:00/0001:00:00.0/0001:01:00.0/0001:02:02.0/0001:04:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2'
	option key 'REDACTED'
	option ssid 'wifi-5g-2'

My guess is that I need to add the wan device to the lan interface and remove the wan and wan6 interfaces, and then disable the dhcp server, but not sure how the forwarding would happen. I think the wireless part doesn't need any change.

Thank you.

2

What you want is the dumb ap configuration.

If you want the wan port to be “just another port” you would do exactly what you mentioned about adding it to the lan bridge and removing the wan and wan6 interfaces.

The rest is all transparent. No forwarding or anything else is necessary.

3

Thank you @psherman,

So my new setting would look like this:


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fdc6:15c1:ebac::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.210.2'
        option netmask '255.255.255.0'

config device
        option name 'wan'
        option macaddr '78:D2:94:0E:04:C2'

And then I would disable firewall and dnsmasq (full).

How would ipv6 work in this setting? would it just work?

Also, I'm having a hard time understanding the relationship of eth0..2 to lan1-4, and wan.
It is like if everything goes over eth2, but eth0, and eth1 are down?

2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether ee:73:0b:45:41:95 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 12:01:d0:8c:c9:ce brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 78:d2:94:0e:04:c1 brd ff:ff:ff:ff:ff:ff
5: lan1@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether 78:d2:94:0e:04:c1 brd ff:ff:ff:ff:ff:ff
6: lan2@eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 78:d2:94:0e:04:c1 brd ff:ff:ff:ff:ff:ff
7: lan3@eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 78:d2:94:0e:04:c1 brd ff:ff:ff:ff:ff:ff
8: lan4@eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether 78:d2:94:0e:04:c1 brd ff:ff:ff:ff:ff:ff
9: wan@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 78:d2:94:0e:04:c2 brd ff:ff:ff:ff:ff:ff
4

Yes.

No, I would not recommend that. Simply set the DHCP server on the lan interface to ignore (this disables DHCP on the lan). This will persist across upgrades, whereas disabling dnsmasq will not and you may get a surprise when you eventually run an upgrade and it re-enables itself.

You do not need to disable the firewall -- it doesn't affect anything. I suggest leaving it as is.

Generally speaking, eth0.2 and similar are part of the old (swconfig) method of configuring internal switches. Now, the ports are called out by name (to match the port names printed on the case of the device). Your configuration assigns all 5 ports (lan1-4 + wan) to br-lan and it works as a basic 5-port switch (and it can be configured for VLANs if you want).

It will just work. The dumb AP is just a bridge... it's basically just a media converter (ethernet <-> wifi).

1 Like
5

Well, that worked :).

Thank you @psherman!

6

The wifi router lost network connectivity from within, because the setup is static. So I was unable to setup heartbeats or install packages. For the record, I did this to solve it:

Added the gateway manually in the /etc/config/network

config route 'default'                
        option interface 'lan'        
        option target '0.0.0.0/0'     
        option gateway '192.168.210.1'

... and restarted the /etc/init.d/network restart.

And added an entry in /etc/resolv.conf to setup the DNS to use from within the wifi router device itself.

nameserver 1.1.1.1
7

You do not need that route -- it can be deleted.

You need to add to the lan interface the gateway and the dns.

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.210.2'
        option netmask '255.255.255.0'
        option gateway '192.168.210.1'
        option dns '1.1.1.1'
1 Like
8

Thank you @psherman!
I searched and searched the docs for those option config items within the interface and I couldn’t find them. Appreciated!

EDIT: removed my gateway and dns changes and put those one in place and applied, ... working as expected.

9

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.