Hi forum!
I am struggling with creating a VLAN aware access point. I noticed my main floor computer is not able to connect on the 5G bands and only uses the 2.4G band. So I am trying to add a VLAN aware access point to my main floor to broadcast the 5G bands closer to the main floor computer.
My main router is a Linksys EA8300, which I believe uses the new DSA config because all of the VLAN config has to be done in the br-lan device in LUCI. (br-lan.vlanid).
My ap router is an Archer C7 v5 which I believe still uses the swconfig because all of the VLAN config is in the Network > Switch menu in LUCI. (eth0.vlanid)
Both have OpenWRT 23.
I have a management control plane VLAN (MGMT 10), a home devices VLAN which the primary wifi networks are broadcast from (HOME 20), a guest wifi network VLAN (GUEST 30). The main router is 10.0.10.1, and the AP is at 10.0.10.6. The 3rd octet of any IP address is the VLAN subnet it belongs to.
I have found most of the guides on the OpenWRT user guide to be insufficient because they are either outdated, dont use vlan's for segregation, or assume that all your router/ap's are the same model. I want the AP to not handle any routing/traffic/dhcp/dns. It should just be able to broadcast wifi SSIDs on the HOME vlan and GUEST vlan.
I got the new AP to be vlan aware and created symmetric interfaces (HOME, GUEST, MGMT) on both devices. The symptom that is happening at this stage is when I create the wifi network and attach it to the HOME interface, my devices that connect to that network are not getting assigned IP addresses. So my guess is that the new AP is not doing a DHCP hand off correctly. But I do not know what to change to get that working. The SSID of the office AP is unique so I know it is not clashing with any other SSID in range.
AP CONFIG:
root@Office-AP:~# ubus call system board
{
"kernel": "5.15.167",
"hostname": "Office-AP",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link Archer C7 v5",
"board_name": "tplink,archer-c7-v5",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fcd00",
"target": "ath79/generic",
"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
}
}
root@Office-AP:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0a:0d8c:5901::/48'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 5t'
option vid '10'
option description 'mgmt vlan'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 3 4 5t'
option vid '20'
option description 'home vlan'
config device
option type 'bridge'
option name 'MGMT'
list ports 'eth0.10'
option bridge_empty '1'
option ipv6 '0'
config interface 'MGMT'
option proto 'static'
option device 'MGMT'
option ipaddr '10.0.10.6'
option netmask '255.255.255.0'
option gateway '10.0.10.1'
config device
option type 'bridge'
option name 'HOME'
list ports 'eth0.20'
option bridge_empty '1'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 5t'
option vid '30'
option description 'guest vlan'
config device
option type 'bridge'
option name 'GUEST'
list ports 'eth0.30'
option ipv6 '0'
option bridge_empty '1'
config interface 'HOME'
option proto 'static'
option device 'HOME'
option type 'bridge'
option ipaddr '10.0.20.6'
option netmask '255.255.255.0'
option gateway '10.0.20.1'
config interface 'GUEST'
option proto 'static'
option device 'GUEST'
option ipaddr '10.0.30.1'
option netmask '255.255.255.0'
option gateway '10.0.30.1'
root@Office-AP:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'Office_Test'
option encryption 'psk2'
option key '***************'
option network 'HOME'
root@Office-AP:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'GUEST'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GUEST'
config zone
option name 'HOME'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'HOME'
config zone
option name 'MGMT'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'MGMT'
config forwarding
option src 'MGMT'
option dest 'GUEST'
config forwarding
option src 'MGMT'
option dest 'HOME'
And the switch config on the AP:
Port 1 is to my main PC so I can manage the control plane from the office. Port 2 is to a dumb switch which is for other wired devices in the office. Port 3 is unused but is configured the same as Port 2. Port 4 is the trunk to the main router.
I copied just the elements of zone forwarding from the main router, just to ensure the segregation of zones is respected. I also tried disabling the firewall entirely. It does not solve my problem.
Any help would be appreciated!