Eric12
October 3, 2022, 2:26am
1
Hello,
I'm attempting to set up a Dumb AP but unfortunately my main router doesn't have the ethernet ports available to wire it directly, and I'm reluctant to buy new hardware like a switch unless I need to.
What I have now is a main router linked to a TP-Link Archer C7 v5, which is acting as a dumb AP. It is configured and working well.
What I wish to have is a TP-Link Archer A7, connected to the Archer C7 currently in place through wired ethernet, with both AP devices receiving an IP from the main router, and part of the same subnet.
I hoped it would be as simple as creating a bridging interface on the C7, connecting the A7 to a bridged, untagged port after giving it an IP in the range and disabling DHCP, but I can see it's not being assigned an IP on my main router's status pages.
Would anyone have any insight into the issue? Or am I attempting something that won't work the way I described?
Is your c7 setup correctly as a dumb ap? Are you connecting the main router to wan or lan port of the c7? What about the c7 to a7?
Post the configuration files -make it clear which is which.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Eric12
October 3, 2022, 2:41am
3
The C7 is set up correctly as a dumb AP.
I'll fetch the config files asap.
Eric12
October 4, 2022, 4:40am
4
For the Futro S920 (Main Router)
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '[CENSORED]'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan.3'
option ipaddr '192.168.2.1'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'UntrustedLAN'
option proto 'static'
option ipaddr '10.1.1.1'
option netmask '255.255.255.0'
option device 'br-lan.9'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'SecureIOT'
option proto 'static'
option ipaddr '192.168.99.1'
option netmask '255.255.255.0'
option device 'br-lan.33'
config interface 'PublicIOT'
option proto 'static'
option ipaddr '10.99.99.1'
option netmask '255.255.255.0'
option device 'br-lan.99'
config device
option type 'bridge'
option name 'br-lan'
list ports 'eth0'
list ports 'eth1'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'eth0:u*'
list ports 'eth1:t'
config bridge-vlan
option device 'br-lan'
option vlan '33'
list ports 'eth1:t'
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'eth1:t'
config bridge-vlan
option device 'br-lan'
option vlan '99'
list ports 'eth1:t'
config interface 'WAN'
option proto 'dhcp'
option device 'br-wan.10'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config device
option type 'bridge'
option name 'br-wan'
list ports 'eth2'
option mtu '1500'
config bridge-vlan
option device 'br-wan'
option vlan '10'
list ports 'eth2:t*'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type '[CENSORED]'
option path '[CENSORED]'
option band '2g'
option cell_density '0'
option channel '1'
option country 'IE'
option htmode 'HT40'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option localuse '1'
option cachesize '1000'
option rebind_protection '0'
list server '192.168.2.1'
option port '57'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,192.168.2.1'
list dhcp_option '3,192.168.2.1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'UntrustedLAN'
option interface 'UntrustedLAN'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4'
config dhcp 'SecureIOT'
option interface 'SecureIOT'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'PublicIOT'
option interface 'PublicIOT'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'WAN'
option interface 'WAN'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option drop_invalid '1'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
option name 'TrustedLAN'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
list network 'WAN'
option input 'DROP'
option forward 'DROP'
config forwarding
option dest 'wan'
option src 'TrustedLAN'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option proto 'esp'
option target 'ACCEPT'
option dest 'TrustedLAN'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
option dest 'TrustedLAN'
config zone
option output 'ACCEPT'
option forward 'REJECT'
option name 'UntrustLAN'
option input 'REJECT'
list network 'UntrustedLAN'
config zone
option name 'SecureIOT'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'SecureIOT'
config zone
option name 'PublicIOT'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'PublicIOT'
config forwarding
option src 'TrustedLAN'
option dest 'PublicIOT'
config forwarding
option src 'TrustedLAN'
option dest 'SecureIOT'
config forwarding
option src 'UntrustLAN'
option dest 'wan'
config rule
option name 'Untrusted DHCP and DNS'
option src 'UntrustLAN'
option dest_port '53 67 68'
option target 'ACCEPT'
config forwarding
option src 'UntrustLAN'
option dest 'PublicIOT'
config redirect
option target 'DNAT'
option name 'Force DNS'
option src 'TrustedLAN'
option src_dport '53'
option enabled '0'
config redirect
option target 'DNAT'
option name 'Force DNS Guest'
option src 'UntrustLAN'
option src_dport '53'
option enabled '0'
config redirect 'adguardhome_dns_53'
option proto 'tcp udp'
option target 'DNAT'
option name 'Adguard Home'
option src 'TrustedLAN'
option src_dport '53'
option dest_port '53'
config redirect
option target 'DNAT'
option name 'Adguard Home Untrusted'
option src 'UntrustLAN'
option src_dport '53'
option dest_port '53'
config include 'nat6'
option path '/etc/firewall.nat6'
option reload '1'
root@OpenWrt:~#
For the Archer C7 (AP connected directly to main router)
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'CENSORED'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '3'
option description 'Trusted LAN (To Router)'
option ports '0t 2 1t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '33'
option ports '0t 1t'
option description 'Secure IOT'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '99'
option description 'Public IOT'
option ports '0t 1t'
config switch_vlan
option device 'switch0'
option vlan '5'
option vid '9'
option description 'Untrusted LAN'
option ports '0t 3 4 5 1t'
config interface 'LAN'
option proto 'dhcp'
option device 'br-lan'
config interface 'UNTRUSTEDLAN'
option proto 'none'
option type 'bridge'
option device 'br-untrustedlan'
config interface 'SecureIOT'
option device 'eth0.33'
option proto 'none'
config interface 'PUBLICIOT'
option device 'eth0.99'
option proto 'none'
config device
option type 'bridge'
option name 'br-untrustedlan'
list ports 'eth0.9'
config device
option type 'bridge'
option name 'br-lan'
list ports 'eth0.3'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'CENSORED'
option path 'CENSORED'
option band '5g'
option htmode 'VHT80'
option channel 'auto'
option cell_density '0'
config wifi-device 'radio1'
option type 'CENSORED'
option path 'CENSORED'
option band '2g'
option htmode 'HT40'
option channel 'auto'
option cell_density '0'
config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi'
option encryption 'psk2'
option dtim_period '3'
option key 'CENSORED'
option ieee80211r '1'
option mobility_domain 'CENSORED'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'UNTRUSTEDLAN'
option isolate '1'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi'
option encryption 'psk2'
option ieee80211r '1'
option mobility_domain 'CENSORED'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'UNTRUSTEDLAN'
option isolate '1'
option dtim_period '3'
option key 'CENSORED'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'LAN'
option interface 'LAN'
option ignore '1'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'CENSORED'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
root@OpenWrt:~#
I haven't included the second AP (The A7) because I suppose its configuration is up for debate. It's essentially default.
Apologies for the wait. If you see any glaring mistakes in my setup, or anything I've failed to redact properly, please let me know, on-topic or not.
Thanks for replying and thanks in advance for any help
So on the C7, it looks like you have a single trunk port (logical port 1). Then, VLAN 3 is available on logical port 2 (untagged), and VLAN 9 is present as untagged on logical ports 3, 4, and 5.
So... what port is the A7 connected to, and what VLAN(s) is it supposed to be using? It would seem that you would probably want another trunk port on one of the ports (2-5), unless you only plan to have the A7 use VLAN 3 or 9.
Eric12
October 4, 2022, 5:39am
6
The port I've currently attempted to connect it to has been logical port 2- which I've set to untagged. From what you're saying, the setup on logical port 2 should mirror that of logical port 1?
For the moment, though, with the A7 at default, I assumed the easiest way to get it assigned an IP and configurable on the network was to initially connect it to an untagged port on the main LAN. Although of course I may be wrong about this.
All I've really done on the A7 is disable the DHCP interface and set the LAN IP inside the range that I use.
So if you expect the A7 to get an address on VLAN 3, sure... that would work. Make sure that logical port 2 maps to the physical port that you are using for the connection.
From there, let's see the A7 config.
Eric12
October 4, 2022, 6:29am
8
Since I think I'd have to factory reset to get configs from the A7 (I applied unchecked the disabling of DHCP and the IP change, and it's not detected). So it's safe to assume if I do that they're OpenWRT defaults.
Unless I'm mistaken, of course
If it is a near-default config, that would suggest that it has a static ip of 192.168.1.1 on the lan.
Try connecting a computer directly to the a7 (and disconnect everything else). Set the computer to a static ip of 192.168.1.10 and see if you can ping the a7. If so, you should be able to connect via ssh or a browser.
Eric12
October 4, 2022, 6:51am
10
Since I couldn't remember the IP I'd assigned it and connecting it didn't show anything I could figure out in netstat, I went ahead and factory reset. There was nothing config-wise worth saving anyway.
So now that it is in the factory reset configuration, if you change the lan interface to obtain an address via DHCP (and be sure to turn off the DHCP server on the lan), it should just work. Or, set it to a static IP address in the appropriate VLAN (so if it is VLAN 3, that would be 192.168.2.0/24, avoiding any other static addresses that are in use and the DHCP server's pool).
Eric12
October 5, 2022, 2:01am
12
psherman:
e lan), it should just work. Or, set it to a static IP address in the appropriate VLAN (so if it is VLAN 3, that would be 192.168.2.0/24, avoiding any other static addresses that are in use and the DHCP server's pool).
Thank you. It's getting an address now. I'm not sure, but I think my problem was simply skipping the step for setting the interface to DHCP- I remember disabling interface, but not that.
system
October 15, 2022, 2:01am
13
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
