How to add WLAN AP functionallity to OpenWRT Router

Hi,

I am operating an Archer C6 with openWRT installed as main router and DHCP server in my home network. As it is installed in the basement of my house I have resigned to enable WLAN functionallity on this Router.

Now I have installed a smart home device in the basement which communicates by WLAN. So I would like to enable WLAN on the Archer C6 for the smart home VLAN. Unfortunately I did not yet manage to make this operating.

The current configuration (/etc/config/network, only entry related to the smart home VLAN are copied) looks as follows

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '7'
        option vid '96'
        option description 'SmartHome'
        option ports '0t 2t'

config device
        option type '8021q'
        option ifname 'eth0'
        option vid '96'
        option name 'eth0.96'

config interface 'SmartHome'
        option proto 'static'
        option ipaddr '192.168.96.1'
        option netmask '255.255.240.0'
        option device 'eth0.96'

config route
        option interface 'SmartHome'
        option gateway '0.0.0.0'
        option target '192.168.96.0/20'

Now I have configured the wireless interface as follows

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option band '2g'
        option htmode 'HT40'
        option channel '11'
        option cell_density '0'
        option country 'DE'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'XXX'
        option key 'XXX'
        option wpa_disable_eapol_key_retries '1'
        option encryption 'sae-mixed'
        option network 'SmartHome'

The first try was to connect the wireless interface with the existing SmartHome interface as shown in the configuration above. In this case WLAN clients do not get an response for DHCP request. The second try was to create a new bridge device and connect it to eth0.96. When I connect the existing interface to this bridge device instead of the ethernet VLAN device the router is no longer accessible by LAN. I alos tried to create an unmanged bridge interface as second interface for the smart home network and connect the wireless inerface to this one, but this does not work also.

So what is the correct way to make this setup working?

I am looking forward to get any helpful hints.

best regards,

Holger

The configuration should look like this (unless you are using old OpenWrt version requiring the old syntax).

config device
        option type 'bridge'
        option name 'br-shome'
        list ports 'eth0.96'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '7'
        option vid '96'
        option description 'SmartHome'
        option ports '0t 2t'

config interface 'SmartHome'
        option proto 'static'
        option ipaddr '192.168.96.1'
        option netmask '255.255.240.0'
        option device 'br-shome'

The 8021q device and static route are not needed.

There are a bunch of potential issues here, but let's first gather more information:

• Is this an AP only? Or is it also being used as a router?
• Where is the upstream router connected (what physical port)?
• Is VLAN 96 configured on that upstream connection?
• Is VLAN 96 tagged on that connection?
• What is the address of the router on the upstream connection for VLAN96?
• Is the upstream VLAN96 network really a /20 (this is a bit unusual given the size)?
• What is the DHCP pool range on the upstream (for VLAN96)?
• Are any other networks running on this router and are they working?

And let's see the complete config, please:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

What does “Old OpenWRT version” mean in this context? I am using version

 -----------------------------------------------------
 OpenWrt 22.03.5, r20134-5f15225c1e
 -----------------------------------------------------

This is indeed old. It is EOL and unsupported.

Please provide the complete output of ubus call system board so we can help you properly.

root@hermes:~# ubus call system board
{
	"kernel": "5.10.176",
	"hostname": "hermes",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C6 v2 (EU/RU/JP)",
	"board_name": "tplink,archer-c6-v2",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.5",
		"revision": "r20134-5f15225c1e",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.5 r20134-5f15225c1e"
	}
}

Your device can be upgraded to 24.10. Please do that as the first step:

Keep in mind that keeping settings from 22.03 is not officially supported. It may work, but it's best practice (and can avoid headaches) to simply allow the upgrade process to reset your device to defaults by unchecking the "keep settings" box (or using the -n argument if you're using the command line). Make a backup first, then you have a reference you can use if you need it.

Once that is done, we can move on to helping you with your main issue, but it would be good if you could answer all the questions I asked above.

Hi,

In the meantime, I had the opportunity to do the system upgrade without interfering with online activities of my family. So the output of ubus call system board is now:

	"kernel": "6.6.110",
	"hostname": "hermes",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C6 v2 (EU/RU/JP)",
	"board_name": "tplink,archer-c6-v2",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.4",
		"revision": "r28959-29397011cc",
		"target": "ath79/generic",
		"description": "OpenWrt 24.10.4 r28959-29397011cc",
		"builddate": "1760891865"
	}

The upgrade process was without any problems.

Let me first answer some questions @psherman has asked:

Is this an AP only? Or is it also being used as a router?

No it’s not an AP. It is used as the main router, DHCP and DNS server in my home network. As I wrote in my first post this device in places in our basement so up to now the wireless functionallity of this device was not used at all and switched off.

Now I have installed a WLAN controled smart switch which should controll a water pump in the basement which does not have a sufficient radio reception from my access point in the first flor. Therefor I want to enable the wireless functionallity of the router.

Where is the upstream router connected (what physical port)?

What do you mean with “upstream router”? On one side the router is connected to an AVM fritzbox used as VDSL router and modem to the internet. This is connected to the WAN port of the router. On the other side the router is connected to a managed switch. I am using several VLANs e.g. to shield smart home devices from the internet while the home network has full access.

Are any other networks running on this router and are they working?

Apart from the AP functionallity for VLAN 96 the router works perfectly.

Here are the requested configuration files. These files are still excerpts for two reasons. Parts of the configuration are quite long, and the files contain some information about my home network I do not want to share on the internet. But the excerpts contain all configuration entries for the WAN, the home network and the smart home device VLAN.

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd4e:fc60:50f7::/48'
	option packet_steering '1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '64'
	option name 'eth0.64'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '128'
	option name 'eth0.128'

config interface 'Outside'
	option device 'eth0.128'
	option proto 'static'
	option ipaddr '192.168.128.1'
	option netmask '255.255.255.0'
	option gateway '192.168.128.200'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '64'
	option description 'Home'
	option ports '0t 2t 5'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option vid '128'
	option description 'Outside'
	option ports '0t 1 3'

config interface 'Home'
	option proto 'static'
	option device 'eth0.64'
	option ipaddr '192.168.64.1'
	option netmask '255.255.255.0'
	list dns '217.0.43.113'
	list dns '217.0.43.97'

config interface 'SmartHome'
	option proto 'static'
	option ipaddr '192.168.96.1'
	option netmask '255.255.240.0'
	option device 'eth0.96'

config route
	option interface 'Home'
	option target '192.168.64.1/24'
	option gateway '0.0.0.0'

config route
	option interface 'SmartHome'
	option gateway '0.0.0.0'
	option target '192.168.96.0/20'

config route
	option interface 'Outside'
	option target '192.168.128.0/24'
	option gateway '0.0.0.0'

config route
	option interface 'Outside'
	option target '0.0.0.0/0'
	option gateway '192.168.128.200'

config switch_vlan
	option device 'switch0'
	option vlan '7'
	option vid '96'
	option description 'SmartHome'
	option ports '0t 2t'

config device
	option name 'eth0.96'
	option type '8021q'
	option ifname 'eth0'
	option vid '96'

/etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option htmode 'HT40'
	option channel '11'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'wifinet1'
	option device 'radio1'
	option mode 'ap'
	option ssid 'XXX'
	option key 'XXX'
	option wpa_disable_eapol_key_retries '1'
	option encryption 'sae-mixed'
	option network 'SmartHome'

/etc/config/dhcp:

config dhcp 'Home'
	option interface 'Home'
	option leasetime '12h'
	option start '20'
	option limit '100'
	option force '1'

config dhcp 'SmartHome'
	option interface 'SmartHome'
	option leasetime '12h'
	option start '51'
	option limit '4000'

/etc/config/firewall:

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option drop_invalid '1'
	option forward 'DROP'

config zone
	option name 'wan'
	option mtu_fix '1'
	option forward 'DROP'
	option input 'DROP'
	option output 'ACCEPT'
	list network 'Outside'

config rule
	option name 'Allow-DHCP-Renew'
	option target 'ACCEPT'
	option family 'ipv4'
	option src '*'
	list proto 'tcp'
	list proto 'udp'
	option dest_port '67 68'

config zone
	option name 'home'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'Home'

config forwarding
	option src 'home'
	option dest 'wan'

config forwarding
	option src 'home'
	option dest 'pv'

config zone
	option name 'smarthome'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'REJECT'
	list network 'SmartHome'

config forwarding
	option src 'home'
	option dest 'smarthome'

config rule
	option name 'allow-DHCP-response'
	option family 'ipv4'
	option dest '*'
	option target 'ACCEPT'
	option src_port '67 68'

config rule
	option src '*'
	option target 'ACCEPT'
	option name 'allow-DHCP-renew-port67'
	option family 'ipv4'
	list proto 'tcp'
	list proto 'udp'
	option dest_port '67'
	option enabled '0'

config rule
	option name 'allow-DHCP-response-port67'
	option family 'ipv4'
	option src_port '67'
	option dest '*'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'allow-DNS'
	option src '*'
	option target 'ACCEPT'
	option dest_port '53'

config rule
	option name 'allow-DNS-response'
	option src_port '53'
	option dest '*'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option dest 'wan'
	option dest_port '53'
	option target 'ACCEPT'
	option name 'allow-dns-forwarding'

config rule
	option src '*'
	option dest_port '123'
	option target 'ACCEPT'
	option name 'allow-ntp-request'
	list proto 'udp'
	option dest 'wan'

regards, Holger