How to use lan/wan ports on a unifi AP AC Pro

gcbwrt · December 23, 2023, 6:26pm

what's the best setup to have regular LAN and WAN physical ports on a unifi AP which have

"main" port, which receives PoE
"secondary" port

ideally i'd want to have main=wan, and secondary=lan

but luci shows (only "Secondary" have an active cable):

psherman · December 23, 2023, 6:37pm

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network

gcbwrt · December 23, 2023, 6:45pm

# ubus call system board
{
        "kernel": "5.15.134",
        "hostname": "modemU",
        "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
        "model": "Ubiquiti UniFi AC Pro",
        "board_name": "ubnt,unifiac-pro",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0",
                "revision": "r23497-6637af95aa",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.0 r23497-6637af95aa"
        }
}

# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0b:7c7d:ad2a::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.0.3.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '9.9.9.9'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 0t'

It's a clean install btw. just updated the static ip (which is completely ignored if I plug another openWRT LAN into the Main port... this one doesn't even get a IP lease, just runs as an extension which is something i have zero knowledge of... it's like I just connected to that other openWRT modem's LAN but using this one's wifi)

psherman · December 23, 2023, 6:55pm

Consider upgrading tot 23.05.2 -- it has a number of improvements in general, but this isn't related to your immediate questoin.
This is the switch vlan configuration...

I don't know which one of logical ports 2 or 3 is the main (PoE) vs the secondary, but we'll do this:

remove one of the ports from the above stanza and place it into a new vlan 2 stanza like this:

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '3 0t'

Now, create a new network interface using eth0.2 (the new vlan) for your wan:

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

This obviously assumes your upstream connection will use DHCP to assign an address to your router.

Once this is done, you should have a functional wan on one port, and the lan on the other. If I messed up the assignments, simply swap the 2 and 3 in the two VLANs stanzas above.

If you're connecting via wifi, you won't loose connectivity regardless of the ethernet port status... but you might want to have an ethernet cable on hand to swap between the main and secondary in case I got it wrong.

gcbwrt · December 23, 2023, 6:58pm

Oh, i see. i have a switch with (forced) VLANs using those ports.

awesome info thank you.

i was trying to create new interfaces directly and failing. I will try your configs. I was trying to do the exact same via luci and it wasn't playing along (I could add a secondary VLAN and add both ports as untagged there, but the new interface only showed vlan.1 always. no matter how much i applied things)

psherman · December 23, 2023, 7:01pm

In general for OpenWrt, VLAN 1 is used for the lan and VLAN 2 for the wan.

The UAP-AC-PRO has 2 physical ports that are connect to a switch. The switch, in turn, is connected to the CPU at eth0. In order to separate the ports into different functions, we use VLANs with the configuration I provided above. Does that make sense?

gcbwrt · December 23, 2023, 7:57pm

Yep! it does. I was struggling with the concept of "CPU must exist tagged on all vlans"... I guess this should be mentioned on the UI. It might be obvious for hardware designers and openwrt maintainers, but not for regular bit pushers.

These are not my devices and when i install openwrt for other people I like to do everything from the UI because I know more exotic configs might show wrong and get overwritten later when saving via luci. But i think i could do the same setup you described on the text files after I got the cpu port concept. And the wiki is excellent as always, it mentioned which port was which.

Thanks a lot for the help! enjoy the holidays!

psherman · December 23, 2023, 7:59pm

Glad it worked. Most config changes made in the text files will work properly with LuCI as well -- they're basically equivalent ways of approaching the same thing for almost everything standard. There are some unusual things that won't be reflected properly, but that is the exception not the rule.

system · January 2, 2024, 7:59pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.