Hi,
I have a main router with wifi (and firewall and dhcp, etc.) and I am currently trying to configure an additional AP as dumb ap via single ethernet using 4 different vlans for 4 SSIDs:
R7800 (wifi's for basement) <-lan1-trunk-> managed switch <-port7-trunk-> dumb ap (wifi's for ground floor)
TLDR configuration:
tldr config snippets
dumb ap without firewall, no dnsmasq on network '20'
config interface '20'
option proto 'none'
option device 'br_20'
config device
option type 'bridge'
option name 'br_20'
list ports 'lan.20'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'Internet-2g'
option encryption 'psk2'
option key '***'
option network '20'
wifi is attached to network 20, but no dhcp - my guess - for clients.
Full configuration:
r7800 router network config:
/etc/config/network
config globals 'globals'
option ula_prefix 'fd99:8053:99d6::/48'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config device 'br_lan'
option name 'br-lan'
option type 'bridge'
list ports 'eth1.10'
config device 'br_management'
option name 'br-management'
option type 'bridge'
list ports 'eth1.20'
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config interface 'wan'
option proto 'pppoe'
option ipv6 'auto'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
option username '550320642718'
option password '29412544'
option device 'eth0.2000'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan'
option ip6hint '10'
config interface 'external'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ip6hint '20'
option device 'br-external'
config interface 'dmz'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ip6hint '30'
option device 'eth1.30'
config interface 'management'
option proto 'static'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-management'
option ip6hint '1000'
config interface 'offline'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ip6hint '40'
option device 'br-offline'
config interface 'iso_modem'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.200.2'
option ifname 'eth0.2000'
option device 'eth0.2000'
config switch_vlan
option device 'switch0'
option vlan '1'
option description 'lan'
option ports '2 3 4t 6t'
option vid '10'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option description 'wan'
option vid '2000'
config switch_vlan
option device 'switch0'
option vlan '3'
option description 'dmz'
option ports '4t 6t'
option vid '30'
config switch_vlan
option device 'switch0'
option vlan '4'
option description 'management'
option ports '4t 6t'
option vid '1000'
config switch_vlan
option device 'switch0'
option vlan '5'
option description 'external'
option ports '4t 6t'
option vid '20'
config device
option type 'bridge'
option name 'br-external'
list ports 'eth1.20'
config device
option type 'bridge'
option name 'br-offline'
list ports 'eth1.40'
config switch_vlan
option device 'switch0'
option vlan '6'
option ports '4t 6t'
option vid '40'
option description 'offline'
config switch_vlan
option device 'switch0'
option vlan '7'
option ports '4t 6t'
option vid '50'
option description 'iso_1'
config switch_vlan
option device 'switch0'
option vlan '8'
option vid '60'
option description 'iso_2'
option ports '1 6t'
config interface 'iso_1'
option proto 'static'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'eth1.50'
option ip6hint '50'
config interface 'iso_2'
option proto 'static'
option ipaddr '192.168.6.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'eth1.60'
option ip6hint '60'
config switch_vlan
option device 'switch0'
option vlan '9'
option ports '4t 6t'
option vid '70'
option description 'iso_ap'
config interface 'iso_ap'
option proto 'static'
option device 'eth1.70'
option ipaddr '192.168.7.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ip6hint '70'
r7800 router wireless config excerpt:
/etc/network/wireless excerpt
config wifi-iface 'wlan2_2g'
option device 'radio1'
option mode 'ap'
option network 'external'
option key '***'
option encryption 'psk2'
option ssid 'Internet-2g'
dumb ap network configuration:
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd59:94f2:1111::/48'
option packet_steering '1'
config interface 'lan'
option device 'lan.70'
option proto 'dhcp'
config interface '10'
option proto 'none'
option device 'br_10'
config interface '20'
option proto 'none'
option device 'br_20'
config interface '40'
option proto 'none'
option device 'br_40'
config interface '1000'
option proto 'none'
option device 'br_1000'
config interface 'debug'
option proto 'static'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
option defaultroute '0'
config device
option type 'bridge'
option name 'br_10'
list ports 'lan.10'
config device
option type 'bridge'
option name 'br_20'
list ports 'lan.20'
config device
option type 'bridge'
option name 'br_40'
list ports 'lan.40'
config device
option type 'bridge'
option name 'br_1000'
list ports 'lan.1000'
dumb ap wireless config excerpt:
/etc/config/wireless excerpt
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'Internet-2g'
option encryption 'psk2'
option key '***'
option network '20'
Firewall service on dumb ap is DISABLED.
dnsmasq and odhcp on dumb ap are enabled for debug network (but disabling them also did not work out):
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'ap-prod-ground-1.internal.example.com'
option expandhosts '1'
option cachesize '1000'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list interface 'debug'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'debug'
option interface 'debug'
option start '100'
option limit '150'
option leasetime '12h'
Devices connect to wifi but either immediately disconnect or stay connected but are not reachable. Android and Linux clients e.g. fail on getting network address, so I assume dhcp is somehow not working. However, unmanaged networks should forward dhcp requests on vlan port to main router, right?
How to debug this? I did like 10-15 hours trial & error the last days without success.
logread on ap:
logread excerpt
Thu Sep 26 17:56:46 2024 daemon.info hostapd: phy0-ap1: STA 30:c9:ab:05:82:57 IEEE 802.11: authenticated
Thu Sep 26 17:56:46 2024 daemon.info hostapd: phy0-ap1: STA 30:c9:ab:05:82:57 IEEE 802.11: associated (aid 1)
Thu Sep 26 17:56:46 2024 daemon.notice hostapd: phy0-ap1: AP-STA-CONNECTED 30:c9:ab:05:82:57 auth_alg=open
Thu Sep 26 17:56:46 2024 daemon.info hostapd: phy0-ap1: STA 30:c9:ab:05:82:57 WPA: pairwise key handshake completed (RSN)
Thu Sep 26 17:56:46 2024 daemon.notice hostapd: phy0-ap1: EAPOL-4WAY-HS-COMPLETED 30:c9:ab:05:82:57
Thu Sep 26 17:57:08 2024 daemon.info hostapd: phy0-ap1: STA e2:77:7b:93:d0:39 IEEE 802.11: authenticated
Thu Sep 26 17:57:08 2024 daemon.info hostapd: phy0-ap1: STA e2:77:7b:93:d0:39 IEEE 802.11: associated (aid 2)
Thu Sep 26 17:57:08 2024 daemon.notice hostapd: phy0-ap1: AP-STA-CONNECTED e2:77:7b:93:d0:39 auth_alg=open
Thu Sep 26 17:57:08 2024 daemon.info hostapd: phy0-ap1: STA e2:77:7b:93:d0:39 WPA: pairwise key handshake completed (RSN)
Thu Sep 26 17:57:08 2024 daemon.notice hostapd: phy0-ap1: EAPOL-4WAY-HS-COMPLETED e2:77:7b:93:d0:39
Thank you very much!