lan: bridged, router IP static 192.168.xx.1, dhcp, wireless and wired
guest: bridged, router IP static 192.168.yy.1, dhcp, wireless only
AP is wired to the Master, along with other devices on the same switch,
lan & guest, same as the Master, except for their IP addresses which I expect to be provided by DHCP. In fact I did not configure the AP, it automatically transposed the Master's configuration when I set it up as an AP, I trusted plug&play, but it fails.
Master & AP: wired and wireless lan client devices work well, full access to the Internet (at least I think they all work although the AP does not report any wireless client - even when devices seem to connect to the AP rather than the Master based on signal strength);
Master: guest client devices work well, full access to the Internet, segregation from lan (bridged to wan directly)
What does not work:
AP: guest client devices to the access point fail, they do not get an IP address,
In fact the AP's guest interface itself does not get an IP address.
I tried dhcpcd -T br-guest it assigned an IP address from 169.254.0.0/16! Not sure where that came from, I expected 192.168.yy.3 (association with MAC address) as this is the dhcp parameters for br-guest on the Master.
In my search for solutions I read a comment that implied I needed to set-up a VLAN.
Whether this is the way forward or not this is beyond my understanding at this stage.
Which part of the docs or what procedure should I follow to make this work?
You need to associate the guest network with the ethernet port that connects the two routers -- this is done by setting it up as a tagged network on that port (on both sides). On the AP side, you'll setup another bridge that allows you to associate the guest wifi network with the ethernet port (it will use proto none/unmanaged on the AP).
Do you have any switches between the two devices? If so, that should be a managed switch... unmanaged switches can be unpredictable and may not work properly.
Yes - this is what you want to do. Your lan is already set up on its own vlan. You will want to add a vlan for your guest network next.
Some targets have been converted to DSA and others are still on swconfig-they are compatible, but VLAN set up is a quite a bit different on each. Lookup your hardware and see which it uses - and it could be different on your main router and AP to make things especially "fun".
OpenWrt 19.07.8 r11364-ef56c85848
Using LuCI, created a VLAN (10), added it to the guest bridge.
At this stage I am not sure whether I tag the right port, but I can't test it, see below.
OpenWrt Chaos Calmer 15.05.1 a828782+r49254
The [Switch "switch0" / Enable VLAN functionality] was unticked, I ticked it, saved & applied, rebooted, checked software for vlan, it showed "kmod-qca-nss-drv-vlan-mgr 4.4.60+g7e4a07e-2" installed. Unfortunately LuCI will not let me create a VLAN.
TypeError: gRecipeManager is null [LoginManagerParent.jsm:136:3](resource://gre/modules/LoginManagerParent.jsm)
Both the main router and the AP are the most up to date versions available as per the stock system installation and upgrade.
This is an old and unsupported version, and it has significant security vulnerabilities. You should upgrade to a more recent version (21.02.3 preferred, 19.07.10 necessary, but keep in mind that 19.07 has just gone EOL with the .10 release). If your hardware doesn't support a more recent version, buy new hardware.
It does not. The GL-AX1800 is not supported by OpenWrt. The manufacturer forked a very old version of OpenWrt and modified it to create their own custom "OEM" firmware.
Your best bet for help with how the GL-AX1800 OEM firmware works is to ask the manufacturer. We could only guess what they have done to it.
I saw that slh noted in another thread that the switch built into the SoC on the GL-AX1800 may be similar to that built into ipq40xx targets - in other words a VLAN mess. Sorry about that if this is the case.
On ipq40xx OpenWrt devices, it is a good idea to:
a) Do not use LuCi to edit and save the VLAN configuration - change this by directly editing the /etc/config/network file only. LuCi will not save the VLAN configuration correctly for ipq40xx devices.
b) Do not modify the configuration or assignment of VLAN IDs 1 or 2 tot he WAN and LAN interfaces. If you succeed in figuring out how to set up more VLANs in the OEM firmware for a guest or other network, it would be a good idea to assign them to any other VLAN IDs. I use 10, 20, 30 and 40 for the additional VLAN ID's on an ipq40xx device for example.
These steps may not be necessary on your GL-AX1800 (maybe the manufacturer "fixed" the VLAN set up issues, if there were any to begin with?), but hopefully there is no harm in setting it up this way (i.e., hopefully the manufacturer did not change how the network file is used and you can ssh into the device to access and edit it with vi) and if the steps are necessary, they will save you a world of grief setting up VLANs.
Seems like there is active work on getting OpenWrt v21 to work on the GL-AX1800 - community work and maybe some official support eventually. I'll wait a bit for the community versions to be stable.