DumbAP - no internet connection on router itself (cannot reach gateway)

themultiplexer · January 7, 2019, 5:02pm

My setup

Fritz!Box - Main router & DHCP server (192.168.1.1)
|
Archer C7 v5 - OpenWRT (192.168.1.2)

The dumb AP itself works just perfectly. All clients (WiFi & LAN) have an internet connection and DHCP works through the main router. The only thing is that the router itself can not ping 192.168.1.1 although it is obviously connected. So it can neither ping the outside nor can it resolve domains.
I configured everything through LUCI.

What I did:

Disabled firewall
Tried to disable dnsmasq
Changing to DNS to 192.168.1.1 and 8.8.8.8

Configuration:

One LAN interface
One VLAN with all ports untagged
Static IP with disabled DHCP

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fddf:7c56:91c8::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.1.2'
        option gateway '192.168.1.1'
        option broadcast '192.168.1.255'
        option dns '192.168.1.1 8.8.8.8'
        option ifname 'eth0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '0 1 2 3 4 5'

/etc/resolv.conf

search lan
nameserver 127.0.0.1

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 br-lan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

mj5030 · January 7, 2019, 6:13pm

/etc/reslove.conf, nameserver should point to 192.168.1.1. If it is pointing to 127.0.0.1 dnsmasq is probably not properly disabled. A correct dumb AP /etc/resolv.conf file should be:

# Interface lan
nameserver 192.168.1.1

If 192.168.1.1 is the gateway of the device.

Do not change the dns on the Dumb AP. Simply leave it as the same address of the gateway (192.168.1.1). I would not recommend adding extra DNS servers.

Also, is eth0 or eth1 normally the interface for LAN on the Archer C7 v5 by default? Change the ifname under the lan section in your /etc/config/network to the default LAN interface.

I would also recommend disabling odhcpd as well.

trendy · January 7, 2019, 11:04pm

I believe the switchport that goes to CPU must be always tagged.
That should fix the ping issue.
Regarding nameserver, you can change the contents of /etc/resolv.conf (after you delete the symbolic link and recreate the file) or you can leave it pointing to 127.0.0.1 and let dnsmasq to use your Fritz modem and google as nameservers. I prefer the second option, as it survives an upgrade.

themultiplexer · January 8, 2019, 6:01pm

@mj5030
I did that now and was sure everything had to work now, but it still does not work.
Apparently the Archer C7 has only eth0 and VLANs for LAN (eth0.1) and WAN (eth0.2). I tried using the whole eth0 as the interface for lan but then everyting stops working => reset / failsafe needed.

@trendy
Ahhh yes in the stock config it was also tagged, but sadly it has no effect.

I removed the symbolic link and recreated resolv.conf and set it up correctly. tagged eth0 and rebooted several times.
Even if the dns is misconfigured, I should at least be able to ping 192.168.1.1, right?
What is also very weird is that I sometimes can't access the luci webinterface (192.168.1.2) when connected to the main router. It simply times out
When pulling out the cable to the main router everything works fine...
Hopefully this helps

Thanks for your help!!

trendy · January 9, 2019, 8:49am

Can you ping anything else on the network other than the main router?
I still believe it is a switch issue and incorrect tagging, as everything that goes through the Archer works fine, but when the connection is sourced or destined to the Archer it gets blocked.

On which port have you connected the main router? On WAN or some LAN?

I suppose you have already consulted these:
https://openwrt.org/toh/tp-link/archer-c5-c7-wdr7500#port_map
https://dev.archive.openwrt.org/changeset/37507

themultiplexer · January 9, 2019, 9:32am

@trendy
I can ping any other device even if it is connected to the main router.

I want to have only one VLAN to have one big network.

Thank you for the links! No I did not take these into account I will try and report back soon.

Thank you very much

trendy · January 9, 2019, 10:06am

In case it won't work, I suggest to start from scratch.
Do a restore to factory defaults.
Use only the LAN ports on the device.
Disable DHCP on LAN
Firewall won't interrupt the intra-LAN traffic, so no need to mess with it.
Regarding Nameserver part of dnsmasq, you can leave it as is and in LAN interface add the Nameservers you want to use.
Also add the default gateway in LAN interface

mj5030 · January 9, 2019, 2:30pm

According to the Archer C7's port map from the link @trendy has provided it uses port 6 for the CPU to control the WAN port as eth0. Maybe this is for an older version of the C7 that has both eth0 and eth1?

Can you screenshot the VLAN's in LuCI under Network->Switch? Or list all interfaces/ports it allows you to tagged/untagged/off.

I know my TL-WR1043ND v3 has the same port map setup listed in that link. It is currently being used as a dumb AP and has ports 0-6 untagged in the switch_vlan. I'm curious to see if you have a port 6 that is not currently on your switch_vlan.

themultiplexer · January 9, 2019, 6:01pm

@mj5030 Yeah it seems like the C7 v5 is pretty different to previous versions. (Needed to flash it through TFTP)
Meanwhile I screwed the config up and I had to reset it. I did everything trendy said but sadly the same symtoms.
I really only have eth0 which is port 0 on the switch and 1 2 3 4 5 for WAN and LAN 1 - 4.

grafik

Default for eth0.1 (lan) is: 2 3 4 5 0t
Default for eth0.2 (wan) is: 1 0t

Neither ping -I br-lan 192.168.1.1 nor ping -I eth0.1 192.168.1.1 works....

trendy · January 10, 2019, 1:14am

First of all you don't need to use the -I interface option in ping. Straight ping 192.168.1.1

Second, take a step back. Reset to factory defaults, configure everything else for the usage that you want (turn off DHCP, add default gw and dns in LAN interface) and leave the WAN port and the switch configuration for the end, when all the lan ports and the wifi will be working properly. Take a backup before you start dealing with WAN port and switch, so to have a reference point.

mj5030 · January 10, 2019, 2:18pm

Yeah definitely a change as to what was listed in the port map.

I have a Netgear WNDR3400v2 as a dumb AP as well that has a the identical switch0 layout as what you have on your C7 v5. It was originally using eth0.2 for WAN and eth0.1 for LAN. Here is my /etc/config/network for it:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd44:ca90:824c::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.70'
	option gateway '192.168.1.1'
	option delegate '0'
	option dns '192.168.1.1'
	option _orig_ifname 'eth0.1'
	option _orig_bridge 'true'
	option ifname 'eth0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 4 5'

Note: I have deleted the WAN/WAN6 interface as well as the VLAN (id 2) for them on the switch as well. I think the option _orig_ifname 'eth0.1' and option _orig_bridge '1' are missing from the configuration in the OP of your /etc/config/network. However, these should only should only have been used by LuCI to to keep previous information across edits. The delegate '0' option is just telling it not to use built-in IPv6 on the interface. All the ports are untagged including the CPU port (eth0), because we are only using 1 VLAN.

Here is a little description about the tagging of the ports and interfaces. First off, the interface (CPU eth0) should always be either tagged or untagged, never off if you want to be able to reach SSH or LuCI in OpenWRT through that specified VLAN. If you have one interface that controls multiple ports, like in your case (eth0), and those ports are distributed across multiple VLANs, which is the default configuration, WAN for VLAN id 2 (eth0.2) and LAN for VLAN id1 (eth0.1), the interface should be tagged. If all the ports controlled by the interface are on the same VLAN and do not span multiple VLANs there is no need to tag that interface. Which is how you want your dumb AP to be, all ports on VLAN id 1, thus no need have the CPU (eth0) tagged, leaving it untagged.

I suggest as @trendy suggested as starting fresh at this point and resetting to factory defaults and just setting up and testing with LAN ports leaving the WAN port and switch tagging configuration to the end of the configuration after a save.

After a fresh start, disable the WAN/WAN6 (not delete for the time being), also uncheck the 'bring up on boot option'. Then configure the LAN, set a static IP, gateway and DNS to the router, with a matching netmask. Also in the LAN interface check 'ignore interface' under DHCP. If you are using wireless set that up then bridge it to LAN.

Then disable your services: firewall, odhcp, dnsmasq
(You can always go back and enable dnsmasq and add 8.8.8.8 to the DNS servers for failsafe later)

Back up the router configuration at this point then reboot the router.

Using the LAN ports only test and see if your dumb AP is working as it should.

themultiplexer · January 11, 2019, 3:48pm

Fuck my life

Sorry for taking your time. But at least I have learnt a lot about switches and the Archer C7 v5 itself. Thank you again! Maybe going to write a tutorial about the C7 v5

The problem was NOT OpenWRT! It was the FritzBox....

I deleted the VPN Configuration which looked like that:

So the main issue is that there was NO IP under lokales Netz (local network). So I thought the configuration was not active. But today I saw the VPN Access in the Network-Overview with the IP 192.168.1.2

That explains why I couldn't ping the Fritzbox, had no internet on OpenWRT and why LUCI was not responding sometimes!
What I also learnt: Try different IPs. Always check ALL configurations. Never use anything else than OpenWRT

Hopefully somebody learns from my mistakes and this thread in general.

system · January 21, 2019, 3:48pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.