Guest wifi client gets "lan" IP address

cloud-rocket · January 16, 2023, 4:02am

I am pretty new to OpenWRT, but I followed few Youtubes as well as https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration_webinterface Wiki.

The configuration is pretty straight forward in all manuals, yet no matter what I do - the IP address I am getting on Guest Wifi connections are from Lan Pool (192.168.10.) instead of Guest pool (192.168.11.). And as a result guests can connect to management panel.

My device is: Belkin RT3200 running 22.03.01 UBI

My /etc/config/wirelss config is:

root@b10:/etc# cat /etc/config/wireless 

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/18000000.wmac'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option channel '7'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'HOMEDEVICES'
	option key '*******'
	option ieee80211r '1'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option mobility_domain '123F'
	option encryption 'psk2'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option band '5g'
	option cell_density '0'
	option country 'US'
	option htmode 'HE160'
	option channel '100'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ieee80211r '1'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option ssid 'HOMEDEVICES'
	option key '*****'
	option mobility_domain '123F'
	option encryption 'psk2'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'GUESTS'
	option key '******'
	option ieee80211r '1'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option encryption 'psk2'
	option mobility_domain '2222'
	option isolate '1'
	option network 'GUEST'

config wifi-iface 'wifinet4'
	option device 'radio0'
	option mode 'ap'
	option ssid 'IOT1'
	option encryption 'psk2'
	option key '******'
	option ieee80211r '1'
	option mobility_domain '43f1'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'RING'

config wifi-iface 'wifinet5'
	option device 'radio0'
	option mode 'ap'
	option ssid 'IOT2'
	option encryption 'psk2'
	option key '*****'
	option network 'IOT'
	option ieee80211r '1'
	option mobility_domain '4441'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'

Network config (/etc/config/network):

root@b10:/etc# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	option vlan_filtering '0'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.10.1'
	option ipv6 '0'
	option delegate '0'
	option device 'br-lan'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option ipv6 '0'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config interface 'GUEST'
	option proto 'static'
	option defaultroute '0'
	option device 'br-lan.11'
	list ipaddr '192.168.11.1/24'

config interface 'PROXMOX'
	option proto 'static'
	option device 'br-lan'
	option ipaddr '192.168.4.1'
	option defaultroute '0'
	option netmask '255.255.255.0'

config interface 'RING'
	option proto 'static'
	option ipaddr '192.168.12.1'
	option netmask '255.255.255.0'
	option defaultroute '0'
	option device 'br-lan.12'

config interface 'IOT'
	option proto 'static'
	option ipaddr '192.168.14.1'
	option netmask '255.255.255.0'
	option device 'br-lan.14'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan1:t'
	list ports 'lan4:u*'

config bridge-vlan
	option device 'br-lan'
	option vlan '11'
	list ports 'lan1:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '14'
	list ports 'lan1:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '12'
	list ports 'lan1:t'

Help will be appreciated!
Thanks!

psherman · January 16, 2023, 4:18am

Do the other networks function properly? What is connected to port lan1? Do you have any other APs broadcasting this SSID?

cloud-rocket · January 16, 2023, 4:32am

I have the 1st router (the one I am working on) connected to the internet (WAN port) and 2 more similar routers acting as APs connected to lan4 port using ethernet switch.

I have SSID HOMEDEVICES configured on all routers - it's working fairly well with home devices distributed between different routers. The GUESTS SSID is currently configured only on the 1st main router and I am trying to make it work.

HOMEDEVICES acts properly. I have another Interface PROXMOX to connect to Proxmox VMs which have it's own DHCP. This one works well also. The only problem is with any additional WIFI networks which no matter what connects only to the initially created subnet.

I started configuring VLANs to serve GUESTS SSID on the other APs, but run into issues probably related to the described problem.

psherman · January 16, 2023, 4:45am

I'm confused by this statement... does this mean all of the wifi SSIDs have this problem?

There could be a bunch of things going since you have additional stuff connected -- if they aren't properly configured, they could cause these problems.

As a test and starting point, I'd recommend that you remove the device br-lan.11 line from below...

doing this will disconnect the guest network from ethernet, but it will still be able to be associated with guest wifi network. Then connect a device by wifi to the guest network and see if it gets an IP in the correct network. Obviously make sure that the guest wifi network is not being broadcast by any other APs.

Let me know what happens.

cloud-rocket · January 16, 2023, 4:51pm

1st of all thank you so much for this dedicated support!!

Yes any additional SSIDs getting IP address from incorret (lan) networks

They don't have FW / DHCP configured (only master router does it) and they don't serve any secondary SSIDs (such as GUEST)

I removed it and reloaded the network:

config interface 'GUEST'
	option proto 'static'
	option defaultroute '0'
	list ipaddr '192.168.11.1/24'
	option device 'wlan0-1'

The result is the same - connected device is getting an an IP 192.168.10.227 with gateway 192.168.10.1 and DNS 192.168.10.1

psherman · January 16, 2023, 5:13pm

Remove the line that turns off default route and also remove the device line... make it look like this:

config interface 'GUEST'
	option proto 'static'
	list ipaddr '192.168.11.1/24'

Then restart the router and try connecting to the guest network again.

cloud-rocket · January 16, 2023, 5:43pm

It works! I got the correct IP address and Guest can access the internet.

But I don't understand why.....

What is the goal of "device" configuration in the network interface?

In addition I guess there is a bug in Luci - checking the option "Use default gateway" under Network interface configuration actually removes this line in config (should be vice versa).

psherman · January 16, 2023, 5:51pm

'device' is there to connect a network to the physical interfaces, but it actually does not apply to the wifi radios.

A device can be an ethernet port (or VLAN), or it can be a bridge.

A bridge is necessary if you want to connect multiple physical interfaces such as an ethernet port + radio, or multiple ethernet and or radio interfaces.

Yes, that makes sense. You had set the network to not use the default gateway... so the line that gets inserted is option defaultroute '0' -- the zero indicates the do not use part of the equation. Setting it to '1' has the same effect as removing the line entirely because the default state is to use the default route (as it implies ).

system · January 26, 2023, 5:51pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.