Dumb access point serving DCHP from main router over wireless, but wired clients do not get offers

I have configured a TOTOLINK X5000R with OpenWRT 22.03-rc3 as a dumb AP as per https://openwrt.org/docs/guide-user/network/wifi/dumbap.

It connects fine to my main router (Netgear R8000, OpenWrt 21.02.0) and I can connect wirelessly to the dumb AP fine, however, my wired clients connecting to the dumb AP do not get DHCP offers (manually setting the IP on those clients work and I can get to the internet)

Any idea why, despite everything being bridged and dnsmasq being disabled in the dumb AP, wireless clients would get DCHP offers, but wired would not?

Let me know if you need me to paste the contents of any file.

Thanks!

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

Thanks psherman, code below.

Remember that on top of that I have disabled in startup:
firewall
dnsmask
odhcpd

root@Rigel:~# cat /etc/config/network 

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd9b:0273:53fa::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'wan'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.6'
        option netmask '255.255.255.0'

root@Rigel:~# cat /etc/config/wireless 

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option band '2g'
        option htmode 'HT40'
        option country 'AU'
        option cell_density '0'
        option channel '9'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option encryption 'sae-mixed'
        option key 'xxxxxxxxx'
        option ssid 'Helios'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
        option band '5g'
        option htmode 'HE80'
        option country 'AU'
        option cell_density '0'
        option channel '108'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option encryption 'sae-mixed'
        option key 'xxxxxxxx'
        option ssid 'Helios'

root@Rigel:~# cat /etc/config/dhcp 

config dnsmasq
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        list server '192.168.1.1'
        option rebind_protection '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'


root@Rigel:~# cat /etc/config/firewall                                                                                                                                                                                                      
                                                                                                                                                                                                                                            
config defaults                                                                                                                                                                                                                             
        option syn_flood '1'                                                                                                                                                                                                                
        option input 'ACCEPT'                                                                                                                                                                                                               
        option output 'ACCEPT'                                                                                                                                                                                                              
        option forward 'REJECT'                                                                                                                                                                                                             
                                                                                                                                                                                                                                            
config zone                                                                                                                                                                                                                                 
        option name 'lan'                                                                                                                                                                                                                   
        option input 'ACCEPT'                                                                                                                                                                                                               
        option output 'ACCEPT'                                                                                                                                                                                                              
        option forward 'ACCEPT'                                                                                                                                                                                                             
                                                                                                                                                                                                                                            
config zone                                                                                                                                                                                                                                 
        option name 'wan'                                                                                                                                                                                                                   
        option input 'REJECT'                                                                                                                                                                                                               
        option output 'ACCEPT'                                                                                                                                                                                                              
        option forward 'REJECT'                                                                                                                                                                                                             
        option masq '1'                                                                                                                                                                                                                     
        option mtu_fix '1'                                                                                                                                                                                                                  
                                  
config forwarding                                                                                                                                                                                                                           
        option src 'lan'                                                                                                                                                                                                                    
        option dest 'wan'                                                                                                                                                                                                                   
                                                                                                                                                                                                                                            
config rule                                                                                                                                                                                                                                 
        option name 'Allow-DHCP-Renew'                                                                                                                                                                                                      
        option src 'wan'                                                                                                                                                                                                                    
        option proto 'udp'                                                                                                                                                                                                                  
        option dest_port '68'                                                                                                                                                                                                               
        option target 'ACCEPT'                                                                                                                                                                                                              
        option family 'ipv4'                                                                                                                                                                                                                
                                                                                                                                                                                                                                            
config rule                                                                                                                                                                                                                                 
        option name 'Allow-Ping'                                                                                                                                                                                                            
        option src 'wan'                                                                                                                                                                                                                    
        option proto 'icmp'                                                                                                                                                                                                                 
        option icmp_type 'echo-request'                                                                                                                                                                                                     
        option family 'ipv4'                                                                                                                                                                                                                
        option target 'ACCEPT'                                                                                                                                                                                                              
                                                                                                                                                                                                                                            
config rule                                                                                                                                                                                                                                 
        option name 'Allow-IGMP'                                                                                                                                                                                                            
        option src 'wan'                                                                                                                                                                                                                    
        option proto 'igmp'                                                                                                                                                                                                                 
        option family 'ipv4'                                                                                                                                                                                                                
        option target 'ACCEPT'                                                                                                                                                                                                              
                                                                                                                                                                                                                                            
config rule                                                                                                                                                                                                                                 
        option name 'Allow-DHCPv6'                                                                                                                                                                                                          
        option src 'wan'                                                                                                                                                                                                                    
        option proto 'udp'                                                                                                                                                                                                                  
        option src_ip 'fc00::/6'                                                                                                                                                                                                            
        option dest_ip 'fc00::/6'                                                                                                                                                                                                           
        option dest_port '546'                                                                                                                                                                                                              
        option family 'ipv6'                                                                                                                                                                                                                
        option target 'ACCEPT'                                                                                                                                                                                                              
                                                                                                                                                                                                                                            
config rule                                                                                                                                                                                                                                 
        option name 'Allow-MLD'                                                                                                                                                                                                             
        option src 'wan'                                                                                                                                                                                                                    
        option proto 'icmp'                                                                                                                                                                                                                 
        option src_ip 'fe80::/10'                                                                                                                                                                                                           
        list icmp_type '130/0'                                                                                                                                                                                                              
        list icmp_type '131/0'                                                                                                                                                                                                              
        list icmp_type '132/0'                                                                                                                                                                                                              
        list icmp_type '143/0'                                                                                                                                                                                                              
        option family 'ipv6'                                                                                                                                                                                                                
        option target 'ACCEPT'     

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

I don't think eth0 belongs in this list, unless you have something different like a USB ethernet adapter or something. Most DSA devices use named ports (i.e. lan1, wan, etc.) not the device name (eth0).

Try changing this to one of the non-overlapping channels: 1, 6, 11. Don't use any of the others.

This is a DFS channel (at least in the US)... try using one of the lower channels instead (maybe 36)

not all devices work well with WPA2/3 mixed mode operation. Try using WPA2-PSK (on both bands).

You may also want to try using 20MHz channel width for the 2.4G band, and 40MHz for the 5GHz band if you still have issues.

Hi,

Other than your first thing about eth0, which may or may not have relevance... what do the others have anything to do with DHCP offers not being served on wired connections?

The channels chosen for the wireless side were set to avoid channels used around my house (in Australia)

Cheers,
Marcos

WPA2/3 mixed mode can cause problems when client devices don't know how to use them.

The non-overlapping channels are the same world-wide: 1, 6, 11 (some countries have more than 11 channels, but within the first 11, this is the recommended set). That is, at least, if you want to have 3 useful channels. You need to have 4 unused channels between the actual channels you are using to avoid overlap. Meanwhile, using non-standard channels can, in some cases, prevent the network from operating properly (some client devices don't like it).

Try my recommendations one at a time (starting with the wpa2 psk option) to see if any/all of them help your situation.

Also, I just looked at the Australian channels map -- you are using a DFS channel on your 5G band. Try using something that is not DFS and you may have better luck -- maybe just use channel 36 to start.

Thanks psherman, but you are still talking about wireless, which works fine (I take note of the DFS thing). None of you answers, while welcome, are about the issue which is with the WIRED connections.

Oh man, my apologies … I had my wires crossed (pun intended). Thank you for kindly redirecting me to the real issue (wired), many people would have had terse reactions.

Ok, let’s go back to Ethernet. You’re using a TOTOLINK X5000R which appears to be DSA since it is mediatek. Let’s verify that. Can you post the network file from rom (/rom/etc/config/network)?

I believe eth0 refers to the switch to the wireless, but not sure. It is what is shown in luci's interface.

That file you mention does not exist:

root@Rigel:~# ls /rom/etc/config/
dhcp      dropbear  firewall  luci      rpcd      ucitrack  uhttpd

hmm... I'd love to see the default configuration file... it's probably generated at first boot.

Any chance you can take a backup and reset your router to defaults? From there you could grab the network file (/etc/config/network) as it is in the true default state. You can restore the backup if you want (although unless there is anything specific that is working and special, maybe best to start with a clean slate anyway).

1 Like

That will need to wait till the weekend :slight_smile:
Working from home this week.

I had started from clean states a few times, but not since I upgraded to the RC for 22.03 (was using snapshot before as this router is not supported in 21.02), so I was planning to do that anyway. BTW, DHCP offers have never worked in this router since I installed OpenWRT in it (official firmware works fine, but is not OpenWRT!)

Hopefully we can figure out why. Oddly, there are some situations where firmware can effectively swallow DHCP packets for no apparent reason. Unifi APs had been plagued with this issue for 1-2 years (may still be dealing with it, actually), and normal thinking about what constitutes a bridge couldn't explain the problem. So it could be a bug with OpenWrt, or (hopefully) just a configuration quirk.

Anyway, ping back when you can reset the device, and post the default network and wireless files.

I haven't forgotten psherman. I just haven't had a chance this weekend. Thanks!

Hi!

I have done a fresh install of the newly released RC4... and it works!?

I grabbed the config file you requested, but probably useless now that after configuring it as AP as before, it just works for both Wireless and Wired

Maybe some bug in RC1-3?

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd39:083e:bfb1::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'