I've got an EAP245 which I want to connect to a Fiber GPON to give me WiFi over my small apartment.
Background:
The GPON does not provide the primary connecting device with any DHCP address; the address is set manually to 10.x.y.z/24 associated with the MAC of the client device attached to the Ethernet interface of the GPON.
The stock firmware of the EAP245 DOES NOT provide any DHCP service; it forwards all dhcp requests upstream via it's Ethernet interface, piggybacking off existing infrastructure (this is apparently the expected mode of behaviour for this class of devices). In case the upstream device does not provide any DHCP, all clients for all interfaces on the EAP245v3 (wired or wireless) will connect, but keep waiting for DHCP responses to their DHCP requests, until everything times out and fails. TL;DR; - No DHCP on the EAP245, by design, it just adds a segment of Wireless Physical Layer to existing wired/Wireless networks.
Given that the GPON and the EAP245v3 both do not have DHCP, I cannot use it as-is, so in steps OpenWrt.
I want WiFi clients to get IPv4 addresses from the EAP245 itself
I want the Ethernet interface to be a WAN link, instead of an uplink.
I want all WiFi clients on interface to be able to connect upstream via the WAN interface (need Ethernet interface to NAT for WiFi probably).
Points to note:
I have little prior knowledge of OpenWRT and it's terminology.
I have just basic knowledge of networking, however very comfortable with non-constrained Linux systems.
I can follow an idiot's guide, but references to further reading would be ideal.
I've searched all over, but I haven't found any solution applicable to my situation.
WiFi radio1 (2.4Ghz) has identical MAC as Ethernet interface.
WiFi radio0 (5Ghz) has MAC+1 from the Ethernet interface
The EAP245 has 2 physical Ethernet ports, but i only see eth0 in OpenWrt; eth0 and eth0.1 (VLAN something something, which I don't understand yet), so I am unsure about how and where the 2nd interface went.
Since you only have one IP from the ISP, you need to route, not bridge. On devices with more than one Ethernet port, OpenWrt's default settings do basically that. With one port you'll need a slightly different setup.
In any case, start by disconnecting from the ONT and returning OpenWrt to default settings. Log in by Ethernet and create a wifi AP. Disconnect Ethernet from your PC, instead connect by wifi to the AP and log in. Go to the bridges and remove eth0 (the Ethernet port) from br-lan. Since the Ethernet port will be the wan link, the only way to log into the OpenWrt now will be by wifi.
Make a new network called wan. Name it exactly that, in lower case, since the default firewall has that name already set up. The protocol will be Static IP. In your new wan network, set the Device to be eth0. Configure the IP, DNS, and gateway as the ISP requires. Plug into the ONT and you should have what you want.
@mk24 Mike, The problem is that this device does not have it's own DHCP, so "Disconnect Ethernet from your PC, instead connect by WiFi to the AP" fails. The EAP245 is not connected to the ONT, it's connected to my laptop simulating the upstream provider, where my laptop is providing DHCP to it's WiFi clients (using NetworkManager's "share internet over Ethernet connection" dnsmasq).
So, rewinding a bit, how do I configure DHCP for the Wireless APs on the EAP245v3 itself?
(Ideally, please keep editing your first answer with all the extra information, so I can accept it as the final answer when it all works out )
In the default configuration, there will be a lan network with a DHCP server, connected to the Ethernet port and a wifi AP on each radio, using a bridge called br-lan. For security, the wifi radios are initially disabled. Otherwise, potentially malicious neighbors could immediately connect to your newly flashed router. When you initially connect your PC to the Ethernet port and obtain IP address automatically, it receives a 192.168.1.X IP from that network's server.
In the router role, you'd continue to use that network as the lan for wifi users, but you need to re-purpose the Ethernet port to be WAN.
@mk24 In the default configuration, there was NO DHCP configured, and when I connected my laptop to the wired port of the EAP245, my laptop did not receive any reply to it's DHCP requests (checked via tpcdump); I had to manually set the IP to 192.168.1.2, to be able to connect.
That's not what a new install typically does, but you could fix that by enabling a DHCP server on lan. The lan network should be static IP, but outside the range that the ISP uses (192.168.1.1/24 is fine here, since the ISP is 10.x), and have a DHCP server. Do not set any gateway or DNS in the lan network, those should be set in the wan.
Once you can connect to the lan by wifi and receive a DHCP address, then proceed to set up the wan network and move the Ethernet port to be wan.
OK now I see the EAP245 has two Ethernet ports and a switch (and I assume a swconfig kernel, since it is ath79). In that case eth0.1 will be one of them and eth0.2 will be the other one. And one should already be wan and one lan. Though in some cases the one you supply PoE to will be the wan not the lan.
Be aware that "fibre" and "ath79" sets off a trigger warning, your hardware is only capable of routing at roughly up to ~175 MBit/s (200 MBit/s if you push it and accept sawtooth lagging), if your fibre connection is faster than that, you will need different (better) hardware.
@mk24 Mike, yes, there are 2 ports listed on the switch page:
Port status on "switch0"
VLAN ID
Description
CPU (eth0)
LAN 1
LAN 2
Port status:
1000baseT full-duplex
no link
1000baseT full-duplex
There's one VLAN listed there, with ID 1, tagged on the CPU, but untagged for Lan1 and Lan2.
@slh The fiber connection is limited to 30 MBPS as of now (with maximum future expansion projected at double that), so I'm not going to hit the limits you mentioned anytime soon.
The OpenWrt wiki documents the common use case where a single (5-port) switch serves as WAN + LAN using VLANs. You will need to set up a similar configuration:
Switch port "LAN 1" untagged in VLAN x
Switch port "LAN 2" untagged in VLAN y
Switch port "CPU" tagged in both VLAN x and y
Then you will be able to configure the resulting (virtual) interfaces as a DHCP client (WAN interface) or DHCP server (LAN interface).
@svanheule To clarify, to keep VLAN x(I've set x=1) and VLAN y(2) seperate, do I keep the VLANs off for the other ports?
To illustrate my question better, is the below configuration what you mean:
For VLAN 1(x) (This is being used to configure, so keeping this as LAN)
Port "LAN 1" off in VLAN 1 (WAN port)
Port "LAN 2" untagged in VLAN 1 (Ethernet client, configuring from here)
Port "CPU" tagged in VLAN 1
For VLAN 2(y) (Created to be the WAN)
Port "LAN 1" untagged in VLAN 2
Port "LAN 2" off in VLAN 2
Port "CPU" tagged in VLAN 2
I have done this, and now the device is able to connect to the internet via the WAN interface (port "Lan 1", untagged for VLAN 2).
Next up, what do I need to do to enable the LAN to WAN routing (this "should" probably be NAT based, if I understand the mechanism of operation correctly)? WLAN clients connect up fine, but are unable to access the internet available to the EAP245v3 on it's WAN interface.
Yes, exactly. On the switch page first change LAN2 from Untagged to Off in VLAN 1. Then add a new VLAN, set the number to 2, and set CPU tagged and LAN2 untagged in VLAN 2, LAN1 is off in that VLAN.
Then create a WAN network if necessary and make its device eth0.2. eth0.1 remains the LAN device.
@mk24 Mike, That's done. However, my test device is unable to connect to the internet via the EAP245v3's WLAN (my Android phone), so I'm still missing some piece of the puzzle.
What works:
WAN interface with device as "eth0.2" (VLAN tagged eth), is set to the required static IP(as proviced by upstream), and works as expected.
The EAP245v3 has internet access via the WAN interface (tested successfully with opkg update).
LAN/WLAN interfaces have local DHCP as expected (192.168.1.1/24 segment).
A regular wifi client (receiving Internet from a smartphone hotspot or a hotel AP for example) cannot be bridged to an Ethernet port. You have to route to it.
OK. All done. It's all in a problem of names vs Names vs NAMES unfortunately.
Thank you @mk24 Mike, @svanheule Sander, and @slh for all your help. I'll add a final post with detailed instructions with what all I did, so that there's lots of documentation and an idiot's guide to solving the issue I faced.
The final solution to my problem is as below (AKA Idiot's Guide EAP245v3 as a WiFi Router with OpenWrt).
However before you begin, all the steps required to make things work come from information listed in the thread above, so please give it a read to inform yourself, BEFORE you any of the steps below.
Boot into OpenWrt, without any Ethernet connected to the EAP245v3 ports, other than just the POE line.
Connect an Ethernet cable from laptop/desktop to non-POE port of the EAP245v3, and it should get DHCP from the EAP245v3. If not, give a static address of 192.168.1.X where 2 < X < 245.
Log into the web console at http://192.168.1.1 and check status, for OpenWrt version.
Select Top-Menu -> Network -> Switch : Port status should show LAN 2 with a connected status, and "LAN 1" with no link. Ignore the "CPU(eth0)" port as of now.
Modify VLAN 1 (first and only line in the status table, under the port headers) as follows:
Port "LAN 1" off in VLAN 1 (this will become WAN port)
Port "LAN 2" untagged in VLAN 1 (Web client is connected and configuring from here)
Port "CPU" tagged in VLAN 1
Create a new VLAN and put an ID of 2 for it (Created to be the WAN)
Port "LAN 1" untagged in VLAN 2
Port "LAN 2" off in VLAN 2
Port "CPU" tagged in VLAN 2
Save & Apply both sets of changes to the VLANs.
Select Top-Menu -> Network -> Wireless and Enable and Configure as per your requirements; I needed to just change ESSID, Encryption, and Key, and I did no other changes. Save & Apply and test wireless connectivity.
Name: wan(ALL SMALL LETTERS; I made this CAPS, and that's what messed up my configuration)
Protocol: DHCP client or Static Address as per your configuration (I had a static address assigned by my Fiber Provider).
Device: Switch VLAN: "eth0.2"
Select Create Interface
Configure IP if static or Just OK if DHCP configured.
You're DONE. The firewall configuration already has the correct zones set up for "lan" vs "wan" and everything should "JUST WORK", based on default configurations in OpenWrt.
A big thanks to @mk24@svanheule and @slh for pointing out what I needed to do.
More background reading I found useful in understanding what I needed to do:
