I've installed the latest build of OpenWRT on my GL-MT300A. All I've really changed is to make both LAN and WAN interfaces DHCP clients; my firewall does not allow devices that do not connect using DHCP. Both interfaces get their IPs successfully, the web interface is accessible over LAN and new packages can be downloaded over WAN. The Wi-Fi radio is broadcasting and devices can attempt to connect, but they stall at obtaining their own IP. I'm not sure how to troubleshoot this; any ideas?
Yes.
If you changed LAN from static to DHCP, this is why you do not receive an IP. As there is no LAN DHCP server with it's own IP on the Broadcast Domain.
- Is it your intention for another device to be the DHCP server?
- What are you trying to accomplish?
- Where is this "firewall"?
Interesting, @lleachii, thank you for clarifying! What I'm trying to accomplish is a WiFi AP that can be administered remotely over the LAN interface but whose wireless clients are totally isolated from other hosts connected to the same firewall; no wireless device should be able to communicate with any wired host. LAN would only be used for luCI/dropbear, and WAN would handle everything related to wireless and the devices connected to it. If you know of a better way to do this, I'm all ears!
I've partially accomplished this by connecting the GL-MT300A's LAN and WAN interfaces to different interfaces on my firewall. The interface to which the AP LAN is connected (LOCAL) treats it as just another wired device. The interface to which the AP WAN is connected (OUTONLY) does not allow it to communicate with other hosts, but it can still get out to the internet. The firewall interfaces are connected to separate switches, and the AP is connected to those switches as appropriate.
I can bridge WAN and radio0 in the same way LAN is currently ow that I understand this is not what was causing address assignment to not work. I can set up DHCP on OUTONLY; if I could make it the DHCP server for wireless clients, that would be ideal.
I'm not sure how you intend to put the LAN-side of the AP on the LAN of the wired devices, then wish to separate them.
Assuming your "firewall" is also your upstream router, I advise:
AP <> OpenWrt LAN <> OpenWrt WAN <> Firewall
- I would then advice you open the firewall to permit input to LuCI (tcp/80) and SSH (tcp/22).
If your AP is not OpenWrt and/or doesn't have a WAN port:
- Make a separate VLAN for the AP, and place that VLAN on an available switch port. It seems you have the ability to do this on either your firewall's second interface, or the OpenWrt device.
Isn't wireless isolation one of the features supported by openwrt ?
LOL yes.
- But, isolation is from other wireless clients.
- Also, we know nothing about the AP.
Ok wireless isolation is different from guest network
that is:
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration
here ?
Yes, they are different. I thought you were referring to:
Since I suggested creating a different VLAN above, you are describing a similar method as noted in the link. I have not reviewed the UCI config on that page, though.
yes I was talking about that
my question was if @incirrata was talking about something similar to the guest lan, guest network
option that a lot of new consumer grade router advertise nowadays ?
No dude client isolation, wireless isolation all are same and @Pippo is correct isolation is between wireless and wired 
@arjuniet, please provide that information on OpenWrt.
Thanks
From: https://openwrt.org/docs/guide-user/network/wifi/basic#common_options1
isolate boolean no 0 Isolate wireless clients from each other, only applicable in ap mode.
sorry didnt understand ? what you are saying ?
I'm saying you are incorrect - HowToGeek is not OpenWrt. Per the OpenWrt WiKi:
Please refrain from taking over the topic to provide improper information.
oh sorry i beg your pardon , i had some generalised concept , my intention was not to take over the topic , sorry again
No problem. The "isolation" in OpenWrt only refers to the wireless clients. So in order to fully isolate in the OP's case:
- We need to know if his AP is OpenWrt-based
- In any case, the OP can create another VLAN for the WiFi clients, either on the firewall, the AP (if capable) or on the OpenWrt - only permitting traffic from LAN-to-WiFi. Traffic initiating in the opposite direction would not allowed by default.
@lleachii how making vlans can prevent wifi clients from reaching wired clients ? considering it to be openwrt router case
Simple:
- VLAN A (e.g. LAN)
- VLAN B (e.g. WiFi)
They can't talk to each other.
For more, see:
Firewall:
config rule
option src 'lan'
option dest 'wifi'
option name 'Allow_wired_to_wifi'
option proto 'all'
option target 'ACCEPT'
(This can also be done on his firewall instead)
This is the same information suggested at: https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration
Again, if you have an issue, please consider making a new thread.
why are vlans created if same can be done without vlans ? WIFI radio and etherport are already seperate in layer 2 untill we bridge them. so why VLANS ?
now as we have three interface , three zone need to be created in firewall
LAN , WAN , WLAN
forwarding should be allowed b/w LAN - WAN and WLAN - WAN and whatever is requirement
and as the creator of topic is not getting ip , host a dhcp server on wlan interface along with a dns resolver.
This time I havnt done any mistake
Simple...
- again, in OpenWrt...you have to have a bridge if you intend to have a WiFi to a VLAN
- OpenWrt creates a br-lan by default
- A vlan is needed for Wired
- IF YOU REMOVE THIS, LAN has to be reconfigured.
- in OpenWrt, VLANs and Interfaces are synonyms, so it is possible to address a wlan1 without VLAN and add it to a bridge. BUT you would need to do this future if, FOR EXAMPLE, the OP CONNECTED IT TO THE FIREWALL MENTIONED!
The only problem is, your suggestion is more complex in OpenWrt.
Again, if you have an issue, please consider making a new thread.