DHCP through dumb AP fails intermittently

Warmak · April 30, 2025, 3:08pm

Hi all,

I need some help as I'm obviously missing something but at this point I'm out of ideas.
Sorry for the long post in advance!

I have the following network setup:

One GL.iNet GL-MT6000 as the main router and a Linksys E8450 as a dump AP.
I have 3 networks, each has its own separate WiFi SSID.
Both devices are running 24.10.1 and are connected over ethernet with traffic in tagged VLANs.

The networks are configured on both devices, while DHCP/DNS/firewall is only on the main router.
dnsmasq runs on the AP but is configured to ignore the bridges. (stopping it didn't make a difference)

The problem is, sometimes when a device tries to connect to the AP, a lot of DHCP messaging occurs without a success IP assignment.
Eventually the connecting device might just give up and connect over the much weaker signal of the main router.
See example from logs of the main router:

Wed Apr 30 14:21:03 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:03 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) <device_ip> <device_mac> <device_hostname>
Wed Apr 30 14:21:04 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:04 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) <device_ip> <device_mac> <device_hostname>
Wed Apr 30 14:21:06 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:06 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) <device_ip> <device_mac> <device_hostname>
Wed Apr 30 14:21:13 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:13 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) <device_ip> <device_mac> <device_hostname>
Wed Apr 30 14:21:14 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:14 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) <device_ip> <device_mac> <device_hostname>
Wed Apr 30 14:21:16 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:16 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) <device_ip> <device_mac> <device_hostname>
Wed Apr 30 14:21:18 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) <device_mac>
Wed Apr 30 14:21:18 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:19 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) <device_mac>
Wed Apr 30 14:21:19 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:21 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) <device_mac>
Wed Apr 30 14:21:21 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:25 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) <device_mac>
Wed Apr 30 14:21:25 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:32 2025 daemon.info hostapd: wlan-lan-5g: STA <device_mac> IEEE 802.11: authenticated
Wed Apr 30 14:21:32 2025 daemon.info hostapd: wlan-lan-5g: STA <device_mac> IEEE 802.11: associated (aid 1)
Wed Apr 30 14:21:32 2025 daemon.notice hostapd: wlan-lan-5g: AP-STA-CONNECTED <device_mac> auth_alg=open
Wed Apr 30 14:21:32 2025 daemon.info hostapd: wlan-lan-5g: STA <device_mac> WPA: pairwise key handshake completed (RSN)
Wed Apr 30 14:21:32 2025 daemon.notice hostapd: wlan-lan-5g: EAPOL-4WAY-HS-COMPLETED <device_mac>
Wed Apr 30 14:21:32 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) <device_ip> <device_mac>
Wed Apr 30 14:21:32 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) <device_ip> <device_mac> <device_hostname>

First my phone connected to the AP and was trying to get an IP, but eventually it connected to the main router and only then was it successful.

Things I've noticed:

This only occurs over Wifi.
This affects all 3 networks on both 2.4Ghz and 5Ghz.
This affects multiple different devices with different hardware/OS/etc.
This occurs randomly, sometimes connection works via the AP without any issues:

Wed Apr 30 15:26:07 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) <device_ip> <device_mac>
Wed Apr 30 15:26:07 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) <device_ip> <device_mac> <device_hostname>

This setup was working reliably before updating to 24.10. The upgrade for the MT6000 was done via ASU while keeping the config. The upgrade for the E8450 was a bit more involved, I followed the wiki and restored the adjusted backup once all the flashing was done.

Config from AP:
/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '<omitted>'
        option packet_steering '1'

config device
        option type 'bridge'
        option name 'br-uplink'
        option ipv6 '0'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config bridge-vlan
        option device 'br-uplink'
        option vlan '99'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-uplink'
        option vlan '30'
        list ports 'wan:t'

config interface 'guest'
        option proto 'none'
        option device 'br-guest'

config bridge-vlan
        option device 'br-uplink'
        option vlan '2'
        list ports 'lan4'
        list ports 'wan:t'

config interface 'iot'
        option proto 'none'
        option device 'br-iot'

config interface 'lan'
        option proto 'dhcp'
        option device 'br-lan'
        option delegate '0'

config device
        option type 'bridge'
        option name 'br-guest'
        list ports 'br-uplink.30'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'br-iot'
        list ports 'br-uplink.2'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'br-lan'
        list ports 'br-uplink.99'
        option ipv6 '0'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/18000000.wmac'
        option channel 'auto'
        option band '2g'
        option htmode 'HT40'
        option cell_density '0'
        option country 'IE'
        
config wifi-device 'radio1'
        option type 'mac80211'
        option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '36'
        option band '5g'
        option htmode 'HE160'
        option cell_density '0'
        option country 'IE'
        option he_su_beamformee '1'
        option he_bss_color '56'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid '<lan_ssid>'
        option encryption 'psk2'
        option key '<lan_pw>'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option ifname 'wlan-lan'
        option network 'lan'
        option mobility_domain 'a3e6'
        option wmm '0'
        option ieee80211w '1'
        option ocv '0'

config wifi-iface 'wifinet4'                                                                                                                                                                        15:52:31 [15/548]
        option device 'radio1'
        option mode 'ap'
        option ssid '<lan_ssid>'
        option encryption 'psk2'
        option key '<lan_pw>'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option ieee80211w '1'
        option ifname 'wlan-lan-5g'
        option network 'lan'
        option mobility_domain 'a3e6'
        option ocv '0'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid '<guest_ssid>'
        option encryption 'psk2'
        option isolate '1'
        option ifname 'wlan-guest'
        option key '<guest_pw>'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option ieee80211w '1'
        option network 'guest'
        option mobility_domain '4dce'

config wifi-iface 'wifinet8'
        option device 'radio1'
        option mode 'ap'
        option ssid '<guest_ssid>'
        option encryption 'psk2'
        option isolate '1'
        option key '<guest_pw>'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option ieee80211w '1'
        option network 'guest'
        option ifname 'wlan-guest-5g'
        option mobility_domain '4dce'

config wifi-iface 'wifinet9'
        option device 'radio0'
        option mode 'ap'
        option ssid '<iot_ssid>'
        option encryption 'psk2'
        option isolate '1'
        option ifname 'wlan-iot'
        option key '<iot_pw>'
        option ieee80211r '1'
        option mobility_domain '2ac3'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option network 'iot'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'iot'
        option interface 'iot'
        option ignore '1'

config dhcp 'guest'
        option interface 'guest'
        option ignore '1'

Any feedback or insight is appreciated!

pavelgl · April 30, 2025, 3:36pm

The AP network configuration should look like this

...

config device
        option type 'bridge'
        option name 'br-uplink'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config bridge-vlan
        option device 'br-uplink'
        option vlan '99'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-uplink'
        option vlan '30'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-uplink'
        option vlan '2'
        list ports 'lan4'
        list ports 'wan:t'

config interface 'lan'
        option proto 'dhcp'
        option device 'br-uplink.99'

config interface 'iot'
        option proto 'none'
        option device 'br-uplink.30'

config interface 'guest'
        option proto 'none'
        option device 'br-uplink.2'

Warmak · April 30, 2025, 5:36pm

You're probably right.
I've made the changes and looks good now.
Will wait a day or two before marking your response as solution, due to the intermittent nature of the issue.

Warmak · April 30, 2025, 8:26pm

Now I remember why I started tinkering with the interfaces and bridges initially:

I connected a new device via ethernet to the dumb AP and configured it to be part of the 'lan' network.
This new device is reachable from everywhere with the exception of devices connected the main router via wifi.

Based on what I can see in tcpdump, the ARP requests reach the device, it sends back a response but that never arrives back to the main router.

system · May 10, 2025, 8:27pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.