I have an AP with recent OpenWRT that is managed out of band and doesnt need any IP for ssh or something.
I want it to act as an AP without itself being layer 3 reachable in the network it expands.
Is anything like that possible?
Current setup that doesnt work:
(Upstream Trunk)--[Internal Switch]--(Tagged to CPU)--CPU--(Wifi(((
Iface wifi proto none
The rationale behind this is to reduce attack surface so as to need less updating and more set and forget.
Yes, this is entirely possible.
What is exactly failing in your setup?
How is the AP configured?
No packets crossing the switch at all.
/etc/config/wireless
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'wifi'
option mode 'ap'
Wifi layer seems to work.
/etc/config/network
config interface 'wifi'
option ifname 'eth0.5'
option proto 'none'
++ other stuff
config switch_vlan
option device 'switch0'
option vlan '5'
option ports '1t 0t'
1 is uplink, 0 is cpu
The switch itself works fine including vlans. The radio too when used on an interface with proto /= none.
If I had to diagnose this issue using your info strictly:
I would have to answer that the switch is faulty...
Or you could add more info.
I added more info.
I think you need to add an "option type 'bridge'" line in the interface config.
Exactly what I missed. I found it before seeing the post but might not have.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.