Hi
I configured a Dumb AP as in the guide below:
and setup a Guest WiFi as per below:
When I try to connect to the Guest WiFi, I get an error, Failed to obtain IP address.
In the first guide it states to disable firewall, dnsmasq and odhcpd but if I re-enable it, I can connect to the Guest WiFi.
If I leave it enabled (firewall, dnsmasq and odhcpd), what impact does it have/ cause between my main router (RPi4) and the "Dumb AP"?
Thanks
on the main openwrt router
you need to create a interface guest with a different network of you main network, in physical setting you need to choose a vlan or create one, on the firewall tab create a guest zone.
then on the firewall "guest to wan" must be input reject, output accept, forward reject.
add two trafic rule:
-named Allow-Guest-DHCP, protocol udp, source zone guest zone, destination zone device input, destination port 67 68, action accept
-named Allow-Guest-DNS, protocol tcp udp, source zone guest zone, destination zone device input, destination port 53, action accept
on the dump ap create an unmanaged interface guest, and bridge the guest interface with the wifi interface.
you can reuse the physical wan interface by deleting the wan interface,
then put the physical interface on the lan bridge.
On the dump ap switch cpu port & wan port must be tagged, all the other port can be off.
that's all.
You are describing a totally different setup to that of the guide. Of course this is also possible, if all components between router and AP support vlans, but the setup the guide describes has a guest network only on the AP and via firewall rules restricts access from guest into lan.
Coming back to your question, @ryan74:
Your AP only uses the dhcp/dns for the guest network, there is no interference with your lan on this. The 2nd guide describes exactly this.
Hi,
Thanks for the replies.
I tried @keiser1080 suggestion, but it did not work out as I use Raspberry Pi 4 as my main router and a hAP ac2 as the dumb WAP connected to a dumb 8-port switch. Somehow I lost access to the WAP, had to factory reset.
@Stefan1 - Thanks, I used the 2nd guide and it works, was just concerned about the (firewall, dnsmasq and odhcpd) services on the WAP.
Next question: How do I limit the guest clients to 1GB data every 24 hours?
When you were setting up your guest what did yo use for a 'device' on your guest 'interface' ?
If the guests will be on one wireless AP, leave device blank and it will be attached through the wireless config Network option. If you want guests on both bands, create a bridge which is initially empty and use it as the guest device-- again the wireless config will add both APs to the bridge as it comes up. You can also add an Ethernet interface to the guest bridge to extend the guest network by Ethernet to another AP.
I almost have it working but ...
The procedure to create the AP has you turn off dnsmasq .
If I turn it back on to support the guest setup and I try and ping a host on the original network I get this
ping: bad address 'somehost'
so there is something I'm missing
dnsmasq must be kept running since the guests need local DHCP and DNS. The proper configuration is to disable DHCP for the lan in the /etc/config/dhcp configuration rather than shutting down dnsmasq entirely.
DHCP was disabled for the lan. Disabling 'rebind protection' makes my ' bad address' error go away .