Guest WiFi DHCP issues?

So I finally tried to set up a guest wifi to segregate out some IoT devices from the main network (22.03.4, Archer a7). I followed the wiki (using either CLI or LuCI, same result), and things sort of work. However, I keep getting the following in syslog and, unless there's a static lease, no IPv4 being assigned, on the main, i.e. non-guest, network:

daemon.warn dnsmasq-dhcp[1]: no address range available for DHCP request via br-lan

Other threads suggested that this could be related to either (a) lack of a guest bridge device, or (b) lack of forcing the DHCP server, but I've implemented both, and still this keeps happening.

Any suggestions are much appreciated, thanks!

dhcp

config dnsmasq 'lan_dns'
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases.lan'
	option localservice '1'
	option ednspacket_max '1232'
	option dnsforwardmax '500'
	option noresolv '1'
	list server '0::1#5453'
	list server '127.0.0.1#5453'
	list interface 'lan'
	list interface 'guest'

config dnsmasq 'adblock_dns'
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/adblock/'
	option domain 'adblock'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases.adblock'
	option localservice '1'
	option ednspacket_max '1232'
	option dnsforwardmax '500'
	list interface 'lan'
	list server '0::1#5453'
	list server '127.0.0.1#5453'
	option noresolv '1'
	option port '5333'
	option confdir '/tmp/adblock'

config dhcp 'lan'
	option instance 'lan_dns'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option leasetime '24h'
	option force '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
[some static hosts]

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'

firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option flow_offloading '1'
	option flow_offloading_hw '1'
	option forward 'DROP'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option input 'DROP'
	option forward 'DROP'
	list network 'wan'
	list network 'wan6'
	list network 'VPN'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
[standard openwrt rules]

config redirect
	option target 'DNAT'
	option name 'Adblock-Intercept'
	option src 'lan'
	option src_dport '53'
	option dest_port '5333'
	list src_mac 'xxx'

config rule
	option name 'Local-Devices'
	list proto 'all'
	option src 'lan'
	list src_mac 'xxx'
	option dest 'wan'
	option target 'DROP'

config zone
	option name 'guest'
	option output 'ACCEPT'
	option forward 'DROP'
	list network 'guest'
	option input 'DROP'

config rule
	option name 'guest-dhcp-dns'
	option src 'guest'
	option dest_port '53 67 68'
	option target 'ACCEPT'

config forwarding
	option src 'guest'
	option dest 'wan'

network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdad:xxx'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'eth0.2'
	option macaddr '74:xxx

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

config interface 'VPN'
	option proto 'dhcp'
	option device 'vpn_sevpn'
	option defaultroute '0'
	option delegate '0'

config device
	option name 'vpn_sevpn'
	option ipv6 '0'

config route
	option interface 'VPN'
	option target 'xxx'
	option gateway '192.168.192.1'

config route
	option interface 'VPN'
	option target 'xxx'
	option gateway '192.168.192.1'

config device
	option type 'bridge'
	option name 'br-guest'
	option ipv6 '0'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	option ipaddr '10.0.10.1'
	option netmask '255.255.255.0'

wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option htmode 'VHT80'
	option disabled '0'
	option channel '48'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option disabled '0'
	option ssid 'xxx'
	option key 'xxx'
	option disassoc_low_ack '0'
	option wpa_disable_eapol_key_retries '1'
	option max_inactivity '86400'
	option encryption 'psk2+ccmp'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option htmode 'HT40'
	option channel '11'
	option country 'DE'
	option cell_density '0'
	option txpower '20'
	option noscan '1'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option key 'xxx'
	option ssid 'xxx'
	option disassoc_low_ack '0'
	option wpa_disable_eapol_key_retries '1'
	option max_inactivity '86400'
	option encryption 'psk2+ccmp'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'ap'
	option ssid 'xxx-Z'
	option key 'xxx'
	option network 'guest'
	option encryption 'psk2+ccmp'

I'm going to bump this once, since it's an ongoing issue and I'm still looking for potential culprits

hmm from what I see it looks good, but what those other threads suggested with the bridge that can be very true.

from my experience if you edit the bridge device and accidentally checked the Bring up the bridge interface even if no ports are attached then a dumbap access point will not work or atleast give issues getting clients on it.

I got a setup working if you want I can show my configuration so you can compare, however mine is a little bit more complicated because I use vlan from the Mochabin modem to the GL-AX1800 (Dumbap) but maybe you can find something here :slight_smile:

Modem:
    - Device:
          - network.cfg090f15=device
          - network.cfg090f15.name='br-lan.52'
           - network.cfg090f15.type='8021q'
           - network.cfg090f15.ifname='br-lan'
           - network.cfg090f15.vid='52'
           - network.cfg090f15.ipv6='0'

   -  Interface:
          - network.cfg0a0f15=device
          - network.cfg0a0f15.type='bridge'
          - network.cfg0a0f15.name='br-zigbee'
           - network.cfg0a0f15.ports='br-lan.52'
           - network.cfg0a0f15.igmp_snooping='1'
           - network.cfg0a0f15.ipv6='0'

    - Bridge:
          - network.cfg0a0f15=device
          - network.cfg0a0f15.type='bridge'
          - network.cfg0a0f15.name='br-zigbee'
          - network.cfg0a0f15.ports='br-lan.52'
          - network.cfg0a0f15.igmp_snooping='1'
          - network.cfg0a0f15.ipv6='0'
Dumbap:
   - Device:
         - network.@device[10].name='eth0.52'
         - network.@device[10].type='8021q'
         - network.@device[10].ipv6='0'

    - Interface:
         - network.zigbee=interface
          - network.zigbee.proto='dhcp'
          - network.zigbee.device='br-zigbee'

   - The shared psysical port and bridge:
         - network.@device[11]=device
         - network.@device[11].ports='eth0.52'
         - network.@device[11].type='bridge'
         - network.@device[11].name='br-zigbee'
         - network.@device[11].ipv6='0'

for wireless I just add the interface to it, the same like your configuration.