How to set-up the guest network to work on both master and AP?

Set-up I am trying to achieve:

Master router:

  • lan: bridged, router IP static 192.168.xx.1, dhcp, wireless and wired
  • guest: bridged, router IP static 192.168.yy.1, dhcp, wireless only

Access Point:

  • AP is wired to the Master, along with other devices on the same switch,
  • lan & guest, same as the Master, except for their IP addresses which I expect to be provided by DHCP. In fact I did not configure the AP, it automatically transposed the Master's configuration when I set it up as an AP, I trusted plug&play, but it fails.

What works:

  • Master & AP: wired and wireless lan client devices work well, full access to the Internet (at least I think they all work although the AP does not report any wireless client - even when devices seem to connect to the AP rather than the Master based on signal strength);
  • Master: guest client devices work well, full access to the Internet, segregation from lan (bridged to wan directly)

What does not work:

  • AP: guest client devices to the access point fail, they do not get an IP address,
  • In fact the AP's guest interface itself does not get an IP address.
  • I tried dhcpcd -T br-guest it assigned an IP address from 169.254.0.0/16! Not sure where that came from, I expected 192.168.yy.3 (association with MAC address) as this is the dhcp parameters for br-guest on the Master.

Other notes:

In my search for solutions I read a comment that implied I needed to set-up a VLAN.
Whether this is the way forward or not this is beyond my understanding at this stage.

Which part of the docs or what procedure should I follow to make this work?

You need to associate the guest network with the ethernet port that connects the two routers -- this is done by setting it up as a tagged network on that port (on both sides). On the AP side, you'll setup another bridge that allows you to associate the guest wifi network with the ethernet port (it will use proto none/unmanaged on the AP).

Do you have any switches between the two devices? If so, that should be a managed switch... unmanaged switches can be unpredictable and may not work properly.

2 Likes

Yes - this is what you want to do. Your lan is already set up on its own vlan. You will want to add a vlan for your guest network next.

Some targets have been converted to DSA and others are still on swconfig-they are compatible, but VLAN set up is a quite a bit different on each. Lookup your hardware and see which it uses - and it could be different on your main router and AP to make things especially "fun".

This post and following may be a good start for you: https://forum.openwrt.org/t/help-with-openwrt-router-3-dumb-access-points-vlan-setup/122123/3?u=eginnc. Your set up will be a little simpler (one AP versus three), but the concepts are the same.

2 Likes

Currently there is one switch between the Master and the AP, a Mercury SG116M:

Not sure if it handles VLANs.

I may be able to get away with connecting the AP directly to the Master, I may need extra wiring.
I will try and report once I have understood enough both replies.

For my Master I use:

For my AP, I use:

From the specs (to which you provided the link):

  • Getriebe-Rate 10/100/1000Mbps
  • Modellnummer SG116M
  • Paket Ja
  • ** VLAN NO**

Oops, I'd overlooked this. So I have to wire it straight, will see if I can.

Or replace that switch with a managed one. They aren’t very expensive.

I finally took the time to try.

Wired my main router and AP directly.

Main router:
OpenWrt 19.07.8 r11364-ef56c85848
Using LuCI, created a VLAN (10), added it to the guest bridge.
At this stage I am not sure whether I tag the right port, but I can't test it, see below.

AP:
OpenWrt Chaos Calmer 15.05.1 a828782+r49254
The [Switch "switch0" / Enable VLAN functionality] was unticked, I ticked it, saved & applied, rebooted, checked software for vlan, it showed "kmod-qca-nss-drv-vlan-mgr 4.4.60+g7e4a07e-2" installed.
Unfortunately LuCI will not let me create a VLAN.
The javascript console reports:

TypeError: gRecipeManager is null [LoginManagerParent.jsm:136:3](resource://gre/modules/LoginManagerParent.jsm)
<anonymous> resource://gre/modules/LoginManagerParent.jsm:136

Both the main router and the AP are the most up to date versions available as per the stock system installation and upgrade.

What next?

This is an old and unsupported version, and it has significant security vulnerabilities. You should upgrade to a more recent version (21.02.3 preferred, 19.07.10 necessary, but keep in mind that 19.07 has just gone EOL with the .10 release). If your hardware doesn't support a more recent version, buy new hardware.

1 Like

It does not. The GL-AX1800 is not supported by OpenWrt. The manufacturer forked a very old version of OpenWrt and modified it to create their own custom "OEM" firmware.

OP:
Your best bet for help with how the GL-AX1800 OEM firmware works is to ask the manufacturer. We could only guess what they have done to it.

I saw that slh noted in another thread that the switch built into the SoC on the GL-AX1800 may be similar to that built into ipq40xx targets - in other words a VLAN mess. Sorry about that if this is the case.

On ipq40xx OpenWrt devices, it is a good idea to:

a) Do not use LuCi to edit and save the VLAN configuration - change this by directly editing the /etc/config/network file only. LuCi will not save the VLAN configuration correctly for ipq40xx devices.

b) Do not modify the configuration or assignment of VLAN IDs 1 or 2 tot he WAN and LAN interfaces. If you succeed in figuring out how to set up more VLANs in the OEM firmware for a guest or other network, it would be a good idea to assign them to any other VLAN IDs. I use 10, 20, 30 and 40 for the additional VLAN ID's on an ipq40xx device for example.

These steps may not be necessary on your GL-AX1800 (maybe the manufacturer "fixed" the VLAN set up issues, if there were any to begin with?), but hopefully there is no harm in setting it up this way (i.e., hopefully the manufacturer did not change how the network file is used and you can ssh into the device to access and edit it with vi) and if the steps are necessary, they will save you a world of grief setting up VLANs.

Edit:
Your devices use swconfig, not DSA, so make sure you are following vlan set up tutorials for swconfig devices. Reading through this post and the following posts may be helpful in giving you some background on what you want to set up.
https://forum.openwrt.org/t/help-with-openwrt-router-3-dumb-access-points-vlan-setup/122123/3?u=eginnc
Once again, just be sure to not use DSA configurations for your swconfig devices.

1 Like

Thank you.
Seems like there is active work on getting OpenWrt v21 to work on the GL-AX1800 - community work and maybe some official support eventually. I'll wait a bit for the community versions to be stable.

Now the 21.02 build works.