Hi.
On a previous Debian device, I managed to set wlan0 to have three separate IP addresses, each associated with a different subnet - and now I want to try that on OpenWRT as well.
However, in /etc/config/network, if I have "option ipaddr X.X.X.X" for an interface multiple times, it only uses the last one for its IP rather than all three. What would I need to change elsewhere in order to have multiple IPs on an interface?
I don't know if this is the correct way, but that is how i'm doing, and it works well.
You have to create multiple interfaces, with the ip you want. just be sure to assign the same port (br-lan in my example, or eth0 or eth1 etc...).
Do it like this :
As @shdf says, you must create two new virtual interfaces on the radio, one for each.
The new wireless interfaces will be something like wlan0-1 and wlan0-2.
The screenshot does not look correct though. there should be a different bridge interface for each LAN, to support the new subnets.
You should use "list ipaddr X.X.X.X/Y" (in CIDR format) if you want to configure multiple subnets.
If I'm understanding that correctly, instead of the option netmask and option ipaddr fields for the interface in /network, I'd do list ipaddr? Would I still need the netmask? And how would that interact with /dhcp - would I need to do list start and list limit instead of option start and option limit?
Yes, netmask isn't used in this case. I don't think the DHCP settings have changed, at least luci only allow you to configure one start and one limit on 21.02. But I don't use DHCP on interfaces with multiple IPv4 addresses, and I don't know for sure.
You can simply list additional IPs.
I've never did this on an interface with a DHCP server, though - unless I was simply assing a /32.
how 2 dhcp servers on 2 different subnets are going to work ? Sometime your device will be in one subnet and sometimes it will be in the other one, depending on which dhcp server is going ton answer first ?
you'll have to handle some static leases, mac addresses exclusions, etc...else you'll have a lot of unexpected behavior...
I’m going to ask a question: what is your goal? Why do you want the router to have multiple addresses?
Others have answered about how to actually do this in the config, but it would be helpful to know what you are actually trying to achieve since there may be a different/better method.
I want to be able to block the devices from talking to each other using iptables, which doesn't work if they're in the same subnet because then they're switching between each other rather than routing.
Putting multiple ip addresses on one interface won’t solve your problem. You need to setup VLANs.
Yes you can add multiple ip addresses in the same subnet in this way, but not multiple subnets.
I think the OP wants multiple subnets - in fact, regardless of the misleading title, I think he only wants to set up a typical "guest" wifi.......
Multiple ip addresses in the same subnet can be useful eg running a web server on its own ip address. In the dim and distant past I knew this as "multi-homing" although I have not heard the term for a long time.
Not accurate.
I am able to add IPs of different subnets. But again, I've never added enough to conflict with DHCP setting of the original network.
Your noted use case is the most common. Actually, I can't think of many more.
Regarding the OP's intent, maybe they should clarify; but I agree it seems more like how to setup WiFi.
I want them all on the same SSID. I've found that the virtual interface + dhcp pair for each is working, just wondering how I'd do that if I was to use a single interface w/ list ipaddr instead of a set of separate interfaces.
I guess I'm not being clear.
You just add them. Just in case this is confusing:
list ipaddr 'xxx.xxx.xxx.xxx/24'
list ipaddr 'yyy.yyy.yyy.yyy/xx'
Works for me...but again I've never tried to address clients by DHCP from both. I guess if you need static from the other pool, it would work (i.e. DHCP tagging).
You cannot have multiple subnets on the same ssid unless you use wpa2 enterprise mode (which requires a radius server). This is overkill for most installations.
You can enable WiFi client isolation, but that is an all-or-nothing control.