I have a TP Archer A7 which I have been using with OpenWrt for the last few months and I noticed that from time to time, my wireless clients would loose access to the internet. They could ping each other but nothing on the other side of the router. Curiously, my guest wireless network did not exhibit this behavior and would continuously work during these times.
I thought that I would update to a later image before I dug into the issue so that, if it was not a configuration issue, that it might have already been resolved. Unfortunately, I now have exacerbated the situation and can only access the internet via the guest network and not at all from the lan nor lan assigned wifi network.
I"m hoping this is a simple config error and someone can point out what might be the issue.
My system:
Hostname|OpenWrt|
Model TP-Link Archer A7 v5
Architecture Qualcomm Atheros QCA956X ver 1 rev 0
Firmware Version OpenWrt SNAPSHOT r10400-917eeaf26b / LuCI Master (f138fc93)
/etc/config/network:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxx:xxxx:xxxx::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option type 'bridge'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
option type 'bridge'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'guest'
option proto 'static'
option ifname 'br-wan6'
option ipaddr '10.0.10.1'
option netmask '255.255.255.0'
option type 'bridge'
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option network 'guest'
option input 'REJECT'
config forwarding
option dest 'wan'
option src 'guest'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option name 'guest DNS'
option src 'guest'
config rule
option enabled '1'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '67-68'
option name 'guest DHCP'
option src 'guest'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option htmode 'VHT80'
option country 'US'
option legacy_rates '1'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/ahb/ahb:apb/18100000.wmac'
option htmode 'HT20'
option country 'US'
option legacy_rates '1'
config wifi-iface
option device 'radio1'
option mode 'ap'
option ssid 'Put your phone down'
option network 'guest'
option encryption 'psk2'
option key 'xxxxxxxxxx'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'Bill Wi The Science Fi'
option network 'lan'
option encryption 'psk2'
option key 'xxxxxxxxx'
config wifi-iface
option device 'radio1'
option mode 'ap'
option ssid 'Bill Wi The Science Fi'
option network 'lan'
option encryption 'psk2'
option key 'xxxxxxxxx'
Thanks in advance.