Help configuring a [wireless] Wireless Dumb AP

No problem, appreciate you taking the time!

root@router-garage-E4200-v2:~# ubus call system board
{
        "kernel": "5.10.176",
        "hostname": "router-garage-E4200-v2",
        "system": "Feroceon 88FR131 rev 1 (v5l)",
        "model": "Linksys E4200 v2 (Viper)",
        "board_name": "linksys,e4200-v2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "kirkwood/generic",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"
        }
}
root@router-garage-E4200-v2:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd2d:5f60:3015::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'ethernet1'
        list ports 'ethernet2'
        list ports 'ethernet3'
        list ports 'ethernet4'
        option stp '1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.0.3'
        option gateway '192.168.0.1'

config device
        option name 'internet'
        option macaddr '****:f1'

config interface 'wan'
        option device 'internet'
        option proto 'dhcp'

config interface 'wan6'
        option device 'internet'
        option proto 'dhcpv6'

config interface 'wwan'
        option proto 'dhcp'

root@router-garage-E4200-v2:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:01.0/0000:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'CA'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:02.0/0000:02:00.0'
        option channel '36'
        option band '5g'
        option cell_density '0'
        option country 'CA'
        option htmode 'HT40'

config wifi-iface 'wifinet0'
        option device 'radio1'
        option mode 'sta'
        option ssid 'ObiWanKenobi'
        option encryption 'psk2'
        option key '****'
        option wds '1'
        option network 'lan'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'ap'
        option ssid 'wifinet1'
        option encryption 'psk2'
        option key '********'
        option network 'lan'

root@router-garage-E4200-v2:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        list server '192.168.0.1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

where is the firewall?

I disabled the firewall and DNS

image947×184 9.13 KB

Sorry, either give me the cat or, I would prefer, a screenshot of 5Ghz radio edit screen. That is the radio you did the scan with?

Its on a few screens, so here are a few screecaps:

image891×818 35.8 KB

image879×841 21.6 KB

image906×775 30 KB

When you scanned and had options did you set the firewall to lan?

Yes I did, I disabled the firewall after that step. I can trash the link and re-create it if you want with screenshots along the way

I do not see anywhere in the instructions to disable the firewall.

Cat the firewall

Apologies! That was part of the dumb AP process, and when it didnt work I tried disabling the firewall. Let me know if you want me to turn it back on.

Also I now see i forgot to add the cat of the firewall in the data dump, When I went back to my ssh session, i saw the command there, unexecuted, so apologies number 2!

root@router-garage-E4200-v2:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wwan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

No worries.

I do not know what time it is for you, but I know you are capable of looking over the instructions, line by line, and checking for results without me looking over your shoulder. By the nature of the setup, you will not find everything. just take a note and move on.

I'll be up for a while.

We can finish tomorrow or work all night but just for some resolution tonight please do the peruse the overview.

Do not fret; we learn more from mistakes.

And like @mk24 wrote: This all may be futile because of your chipset then we will do it my way.

I am in EST, so coming up on midnight - ill probably be up for another half hour or so.

So we are on the same page, what overview are you talking about - the preamble on the how-to link, or the dump of data I sent you (or both lol)?

#### The upstream access point

For the wireless access point, just set the wireless mode to “Access Point (WDS)” ([screenshot](http://i.imgur.com/pzj2KFY.png))

#### The repeater

On the LAN network interface of the repeater, change the default IP to a different one from the same subnet and disable the DHCP server. ([screenshot](http://i.imgur.com/21pJD9E.png))

For a wireless interface working on the same frequency band as the access point, click **Scan**, join the previously created wireless network and when asked, set the firewall zone to `lan`.

The wireless mode should be `Client (WDS)` and the **Network** in **Interface Configuration** has to be changed from `wwan` to `lan`. ([screenshot](http://i.imgur.com/cx8dAae.png))

Go to **Network**, **DHCP and DNS**. Set `DNS forwardings` to the IP address of the access point.

Go to **Network**, **Interfaces**, **Lan**, **Edit**. Set `IPv4 gateway` to the IP address of the access point.

Go to **Network**, **Interfaces**, **Devices** tab, **Configure...** on br-lan, **Advanced device options** and enable `STP`. Failing to do so can allow a network loop to form that will take down all routers.

Finally, add a new Wi-Fi network if you want to enable wireless access to the network. It can have the same name (SSID), password and settings than the access point, to allow transparent roaming, or they can be different. When creating the new Wi-Fi network, under **General Setup**, ensure that **Mode** is `Access Point` and **Network** is set to `lan`.

Just look at the line and check the results you got. should not take more than 20 minutes.

Just looking for "oh $#!^, I did not see that!"

I have a few times now (and even scrolled up to the command line version to validate they are the same (which they are not, the command line version is missing the ipv4 gateway), but for the sake of argument ill summarize them here:

1. Upstream set to WDS, check
2. LAN interface - disable DHCP (Check) and set static IP in same subnet (Primary 192.168.0.1, secondary 192.168.0.3), Set ipv4 gateway (192.168.0.1 check)
3. Network - DNS Forwarding set o 192.168.0.1. Check.
4. Client scanned Primary AP, set to Client WDS, Interface set to LAN, firewall set to LAN (Check)
5. Enable STP on br-lan - Check.
6. Setup new AP - check

NOTE: The operating frequency of the 5ghz networks are different - Primary supports 80MHz, Secondary only supports 40.
Note2: Primary is also setup to do roaming, but I dont think that will affect us here.

That will not work.

Primary ap changed to AP-WDS?

Confirmed. Do you need me to change the primary down to 40MHz now?

image735×857 38.5 KB

As a last thing tonight, I think we'd be changed if that fixed it tomorrow.

I made the change, no luck. Also noticed primary was AC, secondary was N so changed primary back to N, keeping settings as identical as possible. No luck.

Also, because why not, added a tether on the 2.4ghz range . No luck there either.

Ok, tomorrow when you are ready, click any avatar of mine (must be between ears) and there is an envelope to PM me. Use that.

Have a good night.

Weirdly, both interfaces show connected, just no IP assigned. They also show 20 MHz... even though both interfaces are set to 40 MHz.

image994×345 17.1 KB

Have a good night! Thank you

Okay, signal on second sucks. -74.

We will get it done.