Help with Dumb AP on Aruba AP303H

Feighery · May 23, 2022, 6:51pm

Hi all

I am very new to OpenWrt and flashed a few old Aruba 303H I had to extend my network.

I wanted to set them up as dumb APs with my router doing most of the work.

I tried two different guides on here, Dumb AP, Bridge AP, but I'm having the same problems.

I am 100% sure this is down to something newbish I am doing as oppsed to something hardware related. I would be a bit more comfortable with cli config as im still getting used to the web interface.

Setup
The devices is powered via PoE on eth0 and I have a laptop connected to eth1 with the two wireless modems setup. I am doing the config via serial port.

The main config I tried is shown below.

config interface lan
        option type     'bridge'
        option ifname   'eth0 eth1.1' 
        option proto    'static'
        option ipaddr 192.168.88.200
        option netmask 255.255.255.0
        option gateway 192.168.88.1
        option dns 192.168.1.10

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 4 5'

The problem I am having is that with a static set on my laptop on eth1 or any wifi devices, I can use the network no problem but I cannot get DHCP from my router, so seems there might be a broadcast issue. On the switch the AP is connected to, I see the arp entries for any devices connected to wifi or eth1, but I cannot connect to the static IP on the AP from the eth0 network side, I can from client side on any devices on wifi or eth1.

Firewall and DHCP are disabled and stopped on the AP.

As I said, I am very new to OpenWrt so this might seem like a stupid issue.

slh · May 23, 2022, 9:03pm

I would start with it rather naively:

factory reset
disable (and totally ignore) the WAN port (proto=none)
configure your desired (static-) IP on LAN
disable DHCPd and DHCPdv6 on LAN
connect to your existing LAN network using one of the LAN ports (leave WAN unconnected)
set up wireless as you desire

This should get you a working setup, everything from there on would be an optimization, but not functionally required - so this is a safe baseline configuration.

Adding WAN to the LAN bridge is something I'd avoid, unless really needed - especially in this case, where you'd have to resort to software bridging (and the performance penalty that incurs).

Feighery · May 23, 2022, 9:13pm

Only problem is where I want to locate them there is one ethernet cable and the only port with Poe is the WAN port.

frollic · May 23, 2022, 9:22pm

You can swap the ports, or put them both in the lan fw zone.

Feighery · May 23, 2022, 9:23pm

Never though of that. I'll give that a try.

Feighery · May 23, 2022, 9:53pm

I have just noticed after a reset that eth0 is actually the physical E1 port on the AP and eth1 is E0. So thats added a bit of confusion to the matter.

Ok, Putting eth1 (the WAN port) into LAN got me up and going. I can reach the AP from the network and the AP and see the outside world. Now to get DHCP requests to passthrough as thats not working.

psherman · May 23, 2022, 11:22pm

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Feighery · May 23, 2022, 11:35pm

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option proto 'dhcp'
        option device 'eth1'
        option delegate '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 0 2 3 4'
        option vid '1'

config device
        option name 'eth1'
        option ipv6 '0'
        option acceptlocal '1'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/a000000.wifi'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option country 'IE'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid '***********'
        option encryption 'psk2'
        option key '********'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/a800000.wifi'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option country 'IE'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid '*********'
        option encryption 'psk2'
        option key '********'

/etc/config/dhcp

config dnsmasq
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option ednspacket_max '1232'
        option localservice '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ignore '1'
        option ra 'hybrid'
        option dhcpv6 'hybrid'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'

From a previous try I have Firewall and Dnsmasq disabled.

psherman · May 23, 2022, 11:43pm

The lan network interface needs to be a bridge:

So you'll want the interface to look like this:

config interface 'lan'
        option proto 'dhcp'
        option device 'br-lan'
        option delegate '0'

and then you'll want your bridge to use eth1... giving you two options of how to structure it:
for just eth1 (and eth0 unused):

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

or if you want eth1 and eth0 to be bridged (such that the device would effectively pass the signal through):

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth1'

Feighery · May 23, 2022, 11:54pm

Thank you do much. One little change made all the difference. Now to save it, backup and save again.

Feighery · May 24, 2022, 7:46am

For anyone searching with the same issue. Below is the final full /etc/config/network that works, but remember that this is specific to situations where eth1 is the WAN port and eth0 was the LAN. Ensure that you know which is which as this caused much of my confusion.

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        option ipv6 '0'

config interface 'lan'
        option proto 'dhcp'
        option delegate '0'
        option device 'br-lan'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 0 2 3 4'
        option vid '1'

system · June 3, 2022, 7:47am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.