I have pretty much the same issue as @wifime in the Post:
Unfortunatly I dont understand the workaround.
I did a factory reset an I went to 19.07.10.
With this Firmware the setup is running as expected, except that some Wifi Clients seam not to operate with the 2.4GHz driver/card.
It would be great if someone has some ideas, either getting dhcp/vlan to work or wifi driver.
Is any additional log/debug necessary?
Here are some Information and exports:
Hardware:
tplink Archer C7v5 with OpenWrt 22.03.0-rc5 r19523-bfd070e7fa
Proxmox Openwrt Container Firewall
Network:
I want to have network segments for lan, dmz, iot, guests and homeoffice.
dhcpd, firewall, dnsmasq services are stopped in Archer Router.
The Archer Router is used for Wifi Networks (dmz, iot, homeoffice, ...) and I use some of the Switch Ports. Ex.: DMZ Vlan 198 untagged on wan Port.
Dhcp and DNS is done by Openwrt Firewall Container in Proxmox.
I startet with DMZ zone.
(Zones/Interfaces: lan vlan 200/199; dmz vlan 198; homeoffice vlan 197; iot vlan 196; guests vlan 195)
In the DMZ zone I have wifi and a Webserver. The Webserver is untagged 198 on wan Port.
The Webserver is getting his dhcp lease. The Wifi Clients connected to wifi dmz do not get a ip address by dhcp. I can assign a fixed ip for the wifi clients and they do operate.
uci export OpenWrt 22.03.0-rc5 r19523-bfd070e7fa:
root@archer-c7-8:~# uci export
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package dropbear
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'on'
option Port '22'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'dmz'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'dmz'
package luci
config core 'main'
option lang 'auto'
option mediaurlbase '/luci-static/bootstrap'
option resourcebase '/luci-static/resources'
option ubuspath '/ubus/'
config extern 'flash_keep'
option uci '/etc/config/'
option dropbear '/etc/dropbear/'
option openvpn '/etc/openvpn/'
option passwd '/etc/passwd'
option opkg '/etc/opkg.conf'
option firewall '/etc/firewall.user'
option uploads '/lib/uci/upload/'
config internal 'languages'
config internal 'sauth'
option sessionpath '/tmp/luci-sessions'
option sessiontime '3600'
config internal 'ccache'
option enable '1'
config internal 'themes'
option Bootstrap '/luci-static/bootstrap'
option BootstrapDark '/luci-static/bootstrap-dark'
option BootstrapLight '/luci-static/bootstrap-light'
config internal 'apply'
option rollback '90'
option holdoff '4'
option timeout '5'
option display '1.5'
config internal 'diag'
option dns 'openwrt.org'
option ping 'openwrt.org'
option route 'openwrt.org'
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4e:83c4:8973::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.200.8'
option gateway '192.168.200.2'
list dns '192.168.200.2'
config device
option name 'eth0.2'
option macaddr 'e4:c3:2a:47:33:2a'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '198'
option description 'dmz'
option ports '0t 2t 1'
config interface 'dmz'
option proto 'static'
option device 'eth0.198'
option ipaddr '192.168.198.8'
option netmask '255.255.255.0'
option type 'bridge'
package rpcd
config rpcd
option socket '/var/run/ubus/ubus.sock'
option timeout '30'
config login
option username 'root'
option password '$p$root'
list read '*'
list write '*'
package system
config system
option ttylogin '0'
option log_size '64'
option urandom_seed '0'
option hostname 'archer-c7-8'
option zonename 'Europe/Berlin'
option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'
option log_proto 'udp'
option conloglevel '8'
option cronloglevel '5'
config timeserver 'ntp'
list server '192.168.200.2'
config led 'led_wan'
option name 'WAN'
option sysfs 'green:wan'
option trigger 'switch0'
option port_mask '0x02'
config led 'led_lan1'
option name 'LAN1'
option sysfs 'green:lan1'
option trigger 'switch0'
option port_mask '0x04'
config led 'led_lan2'
option name 'LAN2'
option sysfs 'green:lan2'
option trigger 'switch0'
option port_mask '0x08'
config led 'led_lan3'
option name 'LAN3'
option sysfs 'green:lan3'
option trigger 'switch0'
option port_mask '0x10'
config led 'led_lan4'
option name 'LAN4'
option sysfs 'green:lan4'
option trigger 'switch0'
option port_mask '0x20'
package ubootenv
package ucitrack
config network
option init 'network'
list affects 'dhcp'
config wireless
list affects 'network'
config firewall
option init 'firewall'
list affects 'luci-splash'
list affects 'qos'
list affects 'miniupnpd'
config olsr
option init 'olsrd'
config dhcp
option init 'dnsmasq'
list affects 'odhcpd'
config odhcpd
option init 'odhcpd'
config dropbear
option init 'dropbear'
config httpd
option init 'httpd'
config fstab
option exec '/sbin/block mount'
config qos
option init 'qos'
config system
option init 'led'
option exec '/etc/init.d/log reload'
list affects 'luci_statistics'
list affects 'dhcp'
config luci_splash
option init 'luci_splash'
config upnpd
option init 'miniupnpd'
config ntpclient
option init 'ntpclient'
config samba
option init 'samba'
config tinyproxy
option init 'tinyproxy'
package uhttpd
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
option redirect_https 'on'
config cert 'defaults'
option days '730'
option key_type 'ec'
option bits '2048'
option ec_curve 'P-256'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
option htmode 'HT40'
option channel '52'
option country 'DE'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'qwertydmz'
option encryption 'psk2+tkip+ccmp'
option key 'password'
option network 'dmz'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
I think, now I understood some things better.
Under interfaces I selected the vlan Interface (Ex: eth0.198). If I do so, then all things are running except dhcp.
If I create a Switch in Devices (Ex:br-dmz) and I assign the eth0.198 to that Switch, and using the Switch device br-dmz in Interfaces, then dhcp is working.
Sorry for the post.
Can be closed/deleted
Here is my config from one of my Archer-Router and some explanation:
vlan 199 = Lan Temp/Migration
vlan 198 = dmz -> Wifi "qwertydmz" -> 192.168.198.0/24
vlan 197 = homeoffice -> ...
vlan 196 = iot -> ...
vlan 195 = guests -> ...
vlan 194 = wan -> ...
As I wrote in my previous post, the key was to create Bridges for each vlan and assign the vlan-device (ex.: eth0.198) to that Bridge-Device (ex.: br-dmz). Then assign the Interface (dmz) to the Bridge (br-dmz). Hope that helps a little bit.
As a hint: Iam not sure, but it could be helpful to not do too much changes at one.
create the empty Bridge devices (br-dmz, br-lan, br-homeoffice, etc.) with "bring up empty bridge" checked. save and commit
Create the Interfaces and assign them to the Bridges (Interface dmz -> br-dmz, etc.). Save and commit
Assign the Vlan-Devices (eth0.198, etc.) to the Bridge-Devices (br-dmz, etc.). Save and commit
DHCP is done by a separate OpenWRT Instance in a Proxmox Container.
root@archer-c7-9:~# uci export
package dhcp
config dnsmasq
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package dropbear
config dropbear
option PasswordAuth 'on'
option RootPasswordAuth 'on'
option Port '22'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config zone
option name 'dmz'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'DMZ'
config zone
option name 'guests'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guests'
config zone
option name 'iot'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'iot'
config zone
option name 'homeoffice'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'homeoffice'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
package luci
config core 'main'
option lang 'auto'
option mediaurlbase '/luci-static/bootstrap'
option resourcebase '/luci-static/resources'
option ubuspath '/ubus/'
config extern 'flash_keep'
option uci '/etc/config/'
option dropbear '/etc/dropbear/'
option openvpn '/etc/openvpn/'
option passwd '/etc/passwd'
option opkg '/etc/opkg.conf'
option firewall '/etc/firewall.user'
option uploads '/lib/uci/upload/'
config internal 'languages'
config internal 'sauth'
option sessionpath '/tmp/luci-sessions'
option sessiontime '3600'
config internal 'ccache'
option enable '1'
config internal 'themes'
option Bootstrap '/luci-static/bootstrap'
option BootstrapDark '/luci-static/bootstrap-dark'
option BootstrapLight '/luci-static/bootstrap-light'
config internal 'apply'
option rollback '90'
option holdoff '4'
option timeout '5'
option display '1.5'
config internal 'diag'
option dns 'openwrt.org'
option ping 'openwrt.org'
option route 'openwrt.org'
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd24:fbc1:ea44::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
list ports 'eth0.2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.200.9'
option gateway '192.168.200.2'
list dns '192.168.200.2'
list dns_search 'fritz.box'
config device
option name 'eth0.2'
option macaddr 'e4:c3:2a:47:3f:e1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option description 'lan'
option ports '0t 2 3 4 5 1'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '0t'
option description 'wan factory'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 2t 3t 4t 5t 1t'
option vid '198'
option description 'DMZ'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '197'
option description 'homeoffice'
option ports '0t 2t 3t 4t 5t 1t'
config switch_vlan
option device 'switch0'
option vlan '5'
option vid '196'
option description 'iot'
option ports '0t 2t 3t 4t 5t 1t'
config switch_vlan
option device 'switch0'
option vlan '6'
option ports '0t 2t 3t 4t 5t 1t'
option vid '195'
option description 'guests'
config interface 'DMZ'
option proto 'static'
option ipaddr '192.168.198.9'
option netmask '255.255.255.0'
option type 'bridge'
option device 'br-dmz'
config device
option type 'bridge'
option name 'br-dmz'
option bridge_empty '1'
list ports 'eth0.198'
config device
option type 'bridge'
option name 'br-homeoffice'
option bridge_empty '1'
list ports 'eth0.197'
config device
option type 'bridge'
option name 'br-guests'
option bridge_empty '1'
list ports 'eth0.195'
config device
option type 'bridge'
option name 'br-iot'
option bridge_empty '1'
list ports 'eth0.196'
config interface 'homeoffice'
option proto 'static'
option device 'br-homeoffice'
option ipaddr '192.168.197.9'
option netmask '255.255.255.0'
config interface 'iot'
option proto 'static'
option device 'br-iot'
option ipaddr '192.168.196.9'
option netmask '255.255.255.0'
config interface 'guests'
option proto 'static'
option device 'br-guests'
option ipaddr '192.168.195.9'
option netmask '255.255.255.0'
config switch_vlan
option device 'switch0'
option vlan '7'
option ports '0t 2t 3t 4t 5t 1t'
option vid '199'
option description 'lan temp'
config device
option type 'bridge'
option name 'br-wan'
option bridge_empty '1'
list ports 'eth0.194'
config switch_vlan
option device 'switch0'
option vlan '8'
option ports '0t'
option vid '194'
option description 'wan'
package rpcd
config rpcd
option socket '/var/run/ubus/ubus.sock'
option timeout '30'
config login
option username 'root'
option password '$p$root'
list read '*'
list write '*'
package system
config system
option ttylogin '0'
option log_size '64'
option urandom_seed '0'
option hostname 'archer-c7-9'
option description 'location:office'
option zonename 'Europe/Berlin'
option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'
option log_proto 'udp'
option conloglevel '8'
option cronloglevel '5'
config timeserver 'ntp'
list server '192.168.200.2'
config led 'led_wan'
option name 'WAN'
option sysfs 'green:wan'
option trigger 'switch0'
option port_mask '0x02'
config led 'led_lan1'
option name 'LAN1'
option sysfs 'green:lan1'
option trigger 'switch0'
option port_mask '0x04'
config led 'led_lan2'
option name 'LAN2'
option sysfs 'green:lan2'
option trigger 'switch0'
option port_mask '0x08'
config led 'led_lan3'
option name 'LAN3'
option sysfs 'green:lan3'
option trigger 'switch0'
option port_mask '0x10'
config led 'led_lan4'
option name 'LAN4'
option sysfs 'green:lan4'
option trigger 'switch0'
option port_mask '0x20'
package ubootenv
package ucitrack
config network
option init 'network'
list affects 'dhcp'
config wireless
list affects 'network'
config firewall
option init 'firewall'
list affects 'luci-splash'
list affects 'qos'
list affects 'miniupnpd'
config olsr
option init 'olsrd'
config dhcp
option init 'dnsmasq'
list affects 'odhcpd'
config odhcpd
option init 'odhcpd'
config dropbear
option init 'dropbear'
config httpd
option init 'httpd'
config fstab
option exec '/sbin/block mount'
config qos
option init 'qos'
config system
option init 'led'
option exec '/etc/init.d/log reload'
list affects 'luci_statistics'
list affects 'dhcp'
config luci_splash
option init 'luci_splash'
config upnpd
option init 'miniupnpd'
config ntpclient
option init 'ntpclient'
config samba
option init 'samba'
config tinyproxy
option init 'tinyproxy'
package uhttpd
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
option redirect_https '0'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
config cert 'defaults'
option days '730'
option key_type 'ec'
option bits '2048'
option ec_curve 'P-256'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
option htmode 'HT40'
option channel '44'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'qwerty5'
option dtim_period '3'
option encryption 'psk2+tkip+ccmp'
option key 'password'
option ieee80211r '1'
option mobility_domain 'ff14'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option band '2g'
option htmode 'HT20'
option channel '9'
option country 'DE'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'qwerty2'
option dtim_period '3'
option encryption 'psk-mixed+tkip+ccmp'
option key 'password'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'qwertyho'
option encryption 'psk2+tkip+ccmp'
option dtim_period '3'
option key 'password'
option ieee80211r '1'
option mobility_domain 'dd14'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'lan'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'qwertyiot'
option encryption 'psk2+tkip+ccmp'
option key 'password'
option network 'iot'
config wifi-iface 'wifinet4'
option device 'radio0'
option mode 'ap'
option ssid 'qwertyguests'
option encryption 'psk2'
option key 'password'
option network 'guests'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'qwertydmz'
option encryption 'psk2+tkip+ccmp'
option key 'password'
option network 'DMZ'
Managed to get it working on my Archer C7 v5. Was going crazy for the past 2 days trying to figure out why DHCP works perfectly through a wired connection and to the AP itself, but not for wireless clients.
All is well, both VLANs (Main and Guest) working as they should on the AP, in my case DHCP is being done by OPNsense on a dedicated x86 PC with multiple NICs.