You don't need to, in fact you shouldn't. This and vlan_bridge are convenience functions; If you don't have a bridge and don't have vlan-tagged ethernet interfaces within, hostapd will basically create the whole shebang for you. This is convenient for dumb access points with only one ethernet interface.
You already have both, you only need hostapd to create the vlan-tagged wifi and attach it to the existing bridge. Remove vlan_tagged_interface. (And also vlan_interface, that's not a real option and will be ignored.)
That being said:
is a clear indication that you are using the stripped-down default wpad-basic which is missing the features for this purpose. That also explains the missing wifi interface in your bridge. You need the full wpad .
Yes, you're right. I had wpad-basic-mbedtls package installed, so I removed it, killed hostpad, and then installed wpad-mbedtls package.
In logs now I can see the following:
Fri Feb 21 18:22:22 2025 daemon.info hostapd: phy0-ap1: STA XX:XX:XX:XX:XX:XX IEEE 802.11: authenticated
Fri Feb 21 18:22:22 2025 daemon.info hostapd: phy0-ap1: STA XX:XX:XX:XX:XX:XX IEEE 802.11: associated (aid 1)
Fri Feb 21 18:22:22 2025 daemon.notice hostapd: Assigned VLAN ID 104 from wpa_psk_file to XX:XX:XX:XX:XX:XX
Fri Feb 21 18:22:22 2025 daemon.notice hostapd: phy0-ap1: AP-STA-CONNECTED XX:XX:XX:XX:XX:XX auth_alg=open
Fri Feb 21 18:22:22 2025 daemon.info hostapd: phy0-ap1: STA XX:XX:XX:XX:XX:XX RADIUS: starting accounting session YYYYYYYYYYYYYY
Fri Feb 21 18:22:22 2025 daemon.info hostapd: phy0-ap1: STA XX:XX:XX:XX:XX:XX WPA: pairwise key handshake completed (RSN)
Fri Feb 21 18:22:22 2025 daemon.notice hostapd: phy0-ap1: EAPOL-4WAY-HS-COMPLETED XX:XX:XX:XX:XX:XX
So RADIUS is getting involved.brctl show is the same:
root@ap01:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.44f7702b3c58 no phy1-ap0
lan4
lan2
wan
lan3
phy0-ap0
No new interfaces are listed. And, of course, gateway is still unreachable.
Do you have any clue why is that?
Not at the moment, mainly because I don't have a similar test case set up. Sorry. Did you try rebooting the device, to give it a clean bringup? What does the logfile say when wifi is initialized?
Yes, I rebooted the device, no changes.
Logs produced by using wifi down command:
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: Set new config for phy phy1:
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: Remove interface 'phy1'
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: phy1-ap0: interface state ENABLED->DISABLED
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: phy1-ap0: AP-STA-DISCONNECTED 9a:dc:e2:84:46:d3
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: phy1-ap0: AP-STA-DISCONNECTED 80:8a:bd:50:77:78
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: phy1-ap0: AP-DISABLED
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: phy1-ap0: CTRL-EVENT-TERMINATING
Fri Feb 21 18:36:29 2025 daemon.err hostapd: rmdir[ctrl_interface=/var/run/hostapd]: Permission denied
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: nl80211: deinit ifname=phy1-ap0 disabled_11b_rates=0
Fri Feb 21 18:36:29 2025 kern.info kernel: [ 5294.038590] mt798x-wmac 18000000.wifi phy1-ap0: left allmulticast mode
Fri Feb 21 18:36:29 2025 kern.info kernel: [ 5294.045205] mt798x-wmac 18000000.wifi phy1-ap0: left promiscuous mode
Fri Feb 21 18:36:29 2025 kern.info kernel: [ 5294.051746] br-lan: port 5(phy1-ap0) entered disabled state
Fri Feb 21 18:36:29 2025 daemon.notice netifd: Network device 'phy1-ap0' link is down
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: Set new config for phy phy0:
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: Remove interface 'phy0'
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: phy0-ap0: interface state ENABLED->DISABLED
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: phy0-ap1: AP-DISABLED
Fri Feb 21 18:36:29 2025 daemon.notice hostapd: phy0-ap1: CTRL-EVENT-TERMINATING
Fri Feb 21 18:36:29 2025 daemon.err hostapd: rmdir[ctrl_interface=/var/run/hostapd]: Permission denied
Fri Feb 21 18:36:30 2025 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED 58:b6:23:02:f9:59
Fri Feb 21 18:36:30 2025 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED 24:d7:eb:04:2e:8c
Fri Feb 21 18:36:30 2025 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED d8:f1:5b:92:29:b8
Fri Feb 21 18:36:30 2025 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED dc:4f:22:be:c2:c8
Fri Feb 21 18:36:30 2025 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED 00:80:92:a6:a5:69
Fri Feb 21 18:36:30 2025 daemon.notice hostapd: phy0-ap0: AP-DISABLED
Fri Feb 21 18:36:30 2025 daemon.notice hostapd: phy0-ap0: CTRL-EVENT-TERMINATING
Fri Feb 21 18:36:30 2025 daemon.err hostapd: rmdir[ctrl_interface=/var/run/hostapd]: Permission denied
Fri Feb 21 18:36:30 2025 daemon.notice hostapd: nl80211: deinit ifname=phy0-ap0 disabled_11b_rates=0
Fri Feb 21 18:36:30 2025 kern.info kernel: [ 5295.537934] mt798x-wmac 18000000.wifi phy0-ap0: left allmulticast mode
Fri Feb 21 18:36:30 2025 kern.info kernel: [ 5295.544496] mt798x-wmac 18000000.wifi phy0-ap0: left promiscuous mode
Fri Feb 21 18:36:30 2025 kern.info kernel: [ 5295.551026] br-lan: port 6(phy0-ap0) entered disabled state
Fri Feb 21 18:36:31 2025 daemon.notice netifd: Network device 'phy0-ap0' link is down
Fri Feb 21 18:36:31 2025 daemon.notice wpa_supplicant[5857]: Set new config for phy phy1
Fri Feb 21 18:36:31 2025 daemon.notice wpa_supplicant[5857]: Set new config for phy phy0
Fri Feb 21 18:36:31 2025 daemon.notice netifd: Wireless device 'radio1' is now down
Fri Feb 21 18:36:31 2025 daemon.notice netifd: Wireless device 'radio0' is now down
And logs produced by using wifi up command:
Fri Feb 21 18:38:08 2025 daemon.notice netifd: radio1 (6888): WARNING: Variable 'data' does not exist or is not an array/object
Fri Feb 21 18:38:08 2025 daemon.notice netifd: radio0 (6887): WARNING: Variable 'data' does not exist or is not an array/object
Fri Feb 21 18:38:08 2025 daemon.notice hostapd: Set new config for phy phy1:
Fri Feb 21 18:38:08 2025 daemon.notice hostapd: Set new config for phy phy0:
Fri Feb 21 18:38:08 2025 daemon.notice wpa_supplicant[5857]: Set new config for phy phy1
Fri Feb 21 18:38:08 2025 daemon.notice wpa_supplicant[5857]: Set new config for phy phy0
Fri Feb 21 18:38:08 2025 daemon.notice wpa_supplicant[5857]: Set new config for phy phy1
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: Set new config for phy phy1: /var/run/hostapd-phy1.conf
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: Restart interface for phy phy1
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: Configuration file: data: driver=nl80211 logger_syslog=127 logger_syslog_level=2 logger_stdout=127 logger_stdout_level=2 country_code=MY ieee80211d=1 ieee80211h=1 hw_mode=a beacon_int=100 stationary_ap=1 chanlist=100 tx_queue_data2_burst=2.0 #num_global_macaddr=1 #macaddr_base= ieee80211n=1 ht_coex=0 ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935] ieee80211ac=1 vht_oper_chwidth=2 vht_oper_centr_freq_seg0_idx=114 vht_capab=[RXLDPC][SHORT-GI-80][SHORT-GI-160][TX-STBC-2BY1][SU-BEAMFORMER][SU-BEAMFORMEE][MU-BEAMFORMER][MU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][SOUNDING-DIMENSION-3][BF-ANTENNA-3][VHT160][MAX-MPDU-11454][MAX-A-MPDU-LEN-EXP7] ieee80211ax=1 he_oper_chwidth=2 he_oper_centr_freq_seg0_idx=114 he_su_beamformer=1 he_su_beamformee=1 he_mu_beamformer=1 he_bss_color=128 he_spr_sr_control=3 he_default_pe_duration=4 he_rts_threshold=1023 he_mu_edca_qos_info_param_count=0 he_mu_edca_qos_info_q_ack=0 he_mu_edca_qos_info_que
Fri Feb 21 18:38:09 2025 daemon.notice wpa_supplicant[5857]: Set new config for phy phy0
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.075769] br-lan: port 5(phy1-ap0) entered blocking state
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.081424] br-lan: port 5(phy1-ap0) entered disabled state
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.087035] mt798x-wmac 18000000.wifi phy1-ap0: entered allmulticast mode
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.094075] mt798x-wmac 18000000.wifi phy1-ap0: entered promiscuous mode
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.104975] br-lan: port 5(phy1-ap0) entered blocking state
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.110559] br-lan: port 5(phy1-ap0) entered forwarding state
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.116528] br-lan: port 5(phy1-ap0) entered disabled state
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: phy1-ap0: interface state UNINITIALIZED->COUNTRY_UPDATE
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: phy1-ap0: interface state COUNTRY_UPDATE->HT_SCAN
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: Set new config for phy phy0: /var/run/hostapd-phy0.conf
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: Restart interface for phy phy0
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: Configuration file: data: driver=nl80211 logger_syslog=127 logger_syslog_level=2 logger_stdout=127 logger_stdout_level=2 country_code=MY ieee80211d=1 hw_mode=g supported_rates=60 90 120 180 240 360 480 540 basic_rates=60 120 240 beacon_int=100 stationary_ap=1 chanlist=11 noscan=1 #num_global_macaddr=1 #macaddr_base= ieee80211n=1 ht_coex=0 ht_capab=[HT40-][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-7935] ieee80211ax=1 he_su_beamformer=1 he_su_beamformee=1 he_mu_beamformer=1 he_bss_color=128 he_spr_sr_control=3 he_default_pe_duration=4 he_rts_threshold=1023 he_mu_edca_qos_info_param_count=0 he_mu_edca_qos_info_q_ack=0 he_mu_edca_qos_info_queue_request=0 he_mu_edca_qos_info_txop_request=0 he_mu_edca_ac_be_aifsn=8 he_mu_edca_ac_be_aci=0 he_mu_edca_ac_be_ecwmin=9 he_mu_edca_ac_be_ecwmax=10 he_mu_edca_ac_be_timer=255 he_mu_edca_ac_bk_aifsn=15 he_mu_edca_ac_bk_aci=1 he_mu_edca_ac_bk_ecwmin=9 he_mu_edca_ac_bk_ecwmax=10 he_mu_edca_ac_bk_timer=255 he_mu_edca_ac_vi_ecwmin=
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.406834] br-lan: port 6(phy0-ap0) entered blocking state
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.412460] br-lan: port 6(phy0-ap0) entered disabled state
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.418056] mt798x-wmac 18000000.wifi phy0-ap0: entered allmulticast mode
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.425081] mt798x-wmac 18000000.wifi phy0-ap0: entered promiscuous mode
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.442867] br-lan: port 6(phy0-ap0) entered blocking state
Fri Feb 21 18:38:09 2025 kern.info kernel: [ 5394.448447] br-lan: port 6(phy0-ap0) entered forwarding state
Fri Feb 21 18:38:09 2025 daemon.notice hostapd: phy0-ap0: interface state UNINITIALIZED->COUNTRY_UPDATE
Fri Feb 21 18:38:09 2025 daemon.notice netifd: Wireless device 'radio1' is now up
Fri Feb 21 18:38:09 2025 daemon.notice netifd: Network device 'phy0-ap0' link is up
Fri Feb 21 18:38:10 2025 daemon.notice hostapd: phy0-ap0: interface state COUNTRY_UPDATE->ENABLED
Fri Feb 21 18:38:10 2025 daemon.notice hostapd: phy0-ap0: AP-ENABLED
Fri Feb 21 18:38:10 2025 daemon.notice hostapd: phy1-ap0: interface state HT_SCAN->DFS
Fri Feb 21 18:38:10 2025 daemon.notice hostapd: phy1-ap0: DFS-CAC-START freq=5500 chan=100 sec_chan=1, width=2, seg0=114, seg1=0, cac_time=60s
Fri Feb 21 18:38:10 2025 daemon.notice netifd: Wireless device 'radio0' is now up
[clients getting connected]
Fri Feb 21 18:39:14 2025 daemon.notice hostapd: phy1-ap0: DFS-CAC-COMPLETED success=1 freq=5500 ht_enabled=0 chan_offset=0 chan_width=5 cf1=5570 cf2=0 radar_detected=0
Fri Feb 21 18:39:14 2025 daemon.notice netifd: Network device 'phy1-ap0' link is up
Fri Feb 21 18:39:15 2025 kern.info kernel: [ 5459.859135] br-lan: port 5(phy1-ap0) entered blocking state
Fri Feb 21 18:39:15 2025 kern.info kernel: [ 5459.864727] br-lan: port 5(phy1-ap0) entered forwarding state
Fri Feb 21 18:39:15 2025 daemon.notice hostapd: phy1-ap0: interface state DFS->ENABLED
Fri Feb 21 18:39:15 2025 daemon.notice hostapd: phy1-ap0: AP-ENABLED
Only error that I can see is daemon.err hostapd: rmdir[ctrl_interface=/var/run/hostapd]: Permission denied
What's interesting - I can't see phy0-ap1 network device in wifi up logs.
monotux
February 24, 2025, 8:46am
187
I got around to update my configuration and use wifi-vlan & wifi-station. Below is my /etc/config/wireless in full.
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/11280000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '2g'
option channel '1'
option country 'SE'
option htmode 'HE20'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'oc/11280000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0+1'
option htmode 'HE80'
option country 'SE'
option cell_density '0'
config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel '64'
option band '5g'
option htmode 'HE80'
option cell_density '0'
option country 'SE'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option dynamic_vlan '1'
option vlan_tagged_interface 'internet'
option vlan_bridge 'br-'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option dynamic_vlan '1'
option vlan_tagged_interface 'internet'
option vlan_bridge 'br-'
config wifi-iface 'default_radio2'
option device 'radio2'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option dynamic_vlan '1'
option vlan_tagged_interface 'internet'
option vlan_bridge 'br-'
config wifi-vlan
option vid '100'
option network 'wifi'
option name 'wifi'
config wifi-vlan
option vid '200'
option network 'iot'
option name 'iot'
config wifi-station
option vid '100'
option key 'foobar'
config wifi-station
option vid '200'
option key 'bazfoo'
The only thing I was unsure of was name and network for wifi-vlan. In this case I just used the interface names from my /etc/config/network.
# from my network configuration
config interface 'wifi'
option proto 'none'
option device 'br-100'
option defaultroute '0'
config interface 'iot'
option proto 'none'
option device 'br-200'
option defaultroute '0'
1 Like
I'm in the process of implementing this on my home routers (running OpenWrt 24.10.0 (r28427-6df0e3d02a)) and would like to be able to add keys without reload_config or wifi reload, but sadly the command mentioned for this above hostapd_cli reload_wpa_psk only prints this error:
Selected interface 'global'
Can somebody help me with that?
raenye
February 25, 2025, 12:35pm
189
Neat!br-X) manually in /etc/config/network? I guess so, because you have to add internet.X to them...
Let's see your /etc/config/wireless (with sensitive information redacted of course)
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option htmode 'VHT80'
option channel 'auto'
option country 'AT'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'ssid5'
option encryption 'psk2'
option network 'lan'
option ieee80211r '1'
option key '***********'
option ft_over_ds '1'
option wpa_disable_eapol_key_retries '1'
option ft_psk_generate_local '1'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option channel 'auto'
option htmode 'HT40'
option country 'US'
option path 'platform/ahb/18100000.wmac'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'ssid2'
option encryption 'psk2'
option ieee80211r '1'
option pmk_r1_push '1'
option key '***************'
option ft_over_ds '1'
option wpa_disable_eapol_key_retries '1'
option ft_psk_generate_local '1'
option network 'lan'
config wifi-iface 'wifinet3'
option ssid 'ssid3'
option encryption 'psk2'
option device 'radio0'
option ieee80211r '1'
option ft_over_ds '1'
option key '***************'
option network 'lan'
option mode 'ap'
option wpa_disable_eapol_key_retries '1'
option ft_psk_generate_local '1'
option mobility_domain 'fa33'
option ieee80211w '2'
config wifi-iface 'wifinet4'
option ssid 'ssid3'
option encryption 'psk2'
option device 'radio1'
option ieee80211r '1'
option ft_over_ds '1'
option key '****************'
option mode 'ap'
option wpa_disable_eapol_key_retries '1'
option ft_psk_generate_local '1'
option mobility_domain 'fa33'
option ieee80211w '2'
option network 'lan'
config wifi-iface 'wifinet5'
option ssid 'guest_ssid'
option encryption 'psk2'
option device 'radio0'
option ieee80211r '1'
option ft_over_ds '1'
option key '*************'
option mode 'ap'
option wpa_disable_eapol_key_retries '1'
option ft_psk_generate_local '1'
option network 'lan'
config wifi-iface 'wifinet6'
option ssid 'guest_ssid'
option encryption 'psk2'
option device 'radio1'
option ieee80211r '1'
option ft_over_ds '1'
option key '**********'
option mode 'ap'
option wpa_disable_eapol_key_retries '1'
option ft_psk_generate_local '1'
option mobility_domain 'a25a'
option network 'lan'
config wifi-iface 'new_network_for_this0'
option device 'radio0'
option mode 'ap'
option ssid 'new_network_for_this'
option encryption 'psk2'
option network 'lan'
option wpa_psk_file '/etc/hostapd.wpa_psk'
option vlan_file '/etc/hostapd.vlan'
option vlan_tagged_interface 'eth0'
option vlan_bridge 'br-vlan'
option dynamic_vlan '1'
config wifi-iface 'new_network_for_this1'
option device 'radio1'
option mode 'ap'
option ssid 'new_network_for_this'
option encryption 'psk2'
option network 'lan'
option wpa_psk_file '/etc/hostapd.wpa_psk'
option vlan_file '/etc/hostapd.vlan'
option vlan_tagged_interface 'eth0'
option vlan_bridge 'br-vlan'
option dynamic_vlan '1'
config wifi-iface 'new_network_for_this5'
option device 'radio0'
option mode 'ap'
option ssid 'new_network_for_this5'
option encryption 'psk2'
option network 'lan LAN6'
option wpa_psk_file '/etc/hostapd.wpa_psk'
option vlan_file '/etc/hostapd.vlan'
option vlan_tagged_interface 'eth0'
option vlan_bridge 'br-vlan'
option dynamic_vlan '1'
config wifi-iface 'new_network_for_this2'
option device 'radio1'
option mode 'ap'
option ssid 'new_network_for_this2'
option encryption 'psk2'
option network 'lan LAN6'
option wpa_psk_file '/etc/hostapd.wpa_psk'
option vlan_file '/etc/hostapd.vlan'
option vlan_tagged_interface 'eth0'
option vlan_bridge 'br-vlan'
option dynamic_vlan '1'
raenye
February 25, 2025, 1:27pm
192
option network 'lan LAN6'
Hmm, can network names have whitespace?
no, it's two networks. I don't know from which sample this came from, but never got that ipv6 stuff to work.. but that's besides the point of this thread, the network itself works, though I'm struggling with the /etc/hostapd.wpa_psk part. One device works, all others say wrong password, even though I rebooted the router in between...
daemon.notice hostapd: phy0-ap4: AP-STA-POSSIBLE-PSK-MISMATCH
UPDATE: Now I found that none of the below actually reloads the /etc/hostapd.wpa_psk file, only rebooting the router makes changes take effect..:
reload_config
wifi reload
hostapd_cli interface phy1-ap3 reload_wpa_psk
hostapd_cli interface phy1-ap4 reload_wpa_psk
hostapd_cli interface phy0-ap3 reload_wpa_psk
hostapd_cli interface phy0-ap4 reload_wpa_psk
Phew, there's an anthill's worth of configuration going on there. I know it sounds tedious, but my approach would be to tear it all down and rebuild the wifi interfaces from scratch, one iface at a time, testing and confirming operation of every step before the next.
my plan was to remove all the old networks once the new ones work as intended and I've brought over all the clients to that new ssid with the unique per client keys.
I realize that. I can't shake the feeling, though, that the old networks are interfering with the new ones. I actually never tried mixing "regular" wifi networks with wpa_psk_key ones, maybe that's the problem, they don't work together? I really don't know.
1 Like
Well. it does work, at least the non-vlan stuff. It's only that changes to /etc/hostapd.wpa_psk don't take effect until I reboot the router. That's annoying, but at the moment for me this doesn't justify the effort it would take to start my home router configs fresh from a blank state...
_bernd
February 25, 2025, 5:40pm
198
How do you restart or reload the wireless config? (Which did not worked for you.)
I tried lots of things. I tried via ssh = cli:
reload_config
wifi reload
hostapd_cli interface phy1-ap3 reload_wpa_psk
hostapd_cli interface phy1-ap4 reload_wpa_psk
hostapd_cli interface phy0-ap3 reload_wpa_psk
hostapd_cli interface phy0-ap4 reload_wpa_psk
And via the LuCI website I tried:
disabling and re-enabling the wifi network
using the "restart" button for the wifi device hosting the network
but nothing but rebooting works.
_bernd
February 25, 2025, 7:29pm
200
Afaik reload only reloads. You need wifi to restart wireless. Or just restart networking and wifi gets restarted too...
1 Like
I'm trying to replace my separate guest wifi with a vlanid=4 00:00:00:00:00:00 myguestpassword entry in /etc/hostapd.wpa_psk. My /etc/hostapd.vlan reads 4 wan.4. Trying to connect a client with that password fails with those lines in the log:
Sun Mar 2 10:06:13 2025 daemon.info hostapd: phy1-ap1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Sun Mar 2 10:06:13 2025 daemon.info hostapd: phy1-ap1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Sun Mar 2 10:06:13 2025 daemon.notice hostapd: Assigned VLAN ID 4 from wpa_psk_file to xx:xx:xx:xx:xx:xx
Sun Mar 2 10:06:13 2025 daemon.err hostapd: nl80211: NL80211_ATTR_STA_VLAN (addr=xx:xx:xx:xx:xx:xx ifname=wan.4 vlan_id=4) failed: -22 (Invalid argument)
Sun Mar 2 10:06:18 2025 daemon.info hostapd: phy1-ap1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request
Can somebody help me? What do I need to do, to make this work?
UPDATE: just found that @saxy had the same error message last month but says it works on 2ghz for them. I'm gonna force my client to 2GHz to verify if it's the same for me. Did you solve your issue with 5GHz @saxy ?
saxy
March 3, 2025, 8:09am
202
hy,
I have a new problem, the management IP on VLAN 11 replys very short during boot up. after 1 minute of operation it does not replay anymore.
root@OpenWrt:~# cat /etc/hostapd.vlan2
11 wlan0.11 br-lan.vlan11
22 wlan0.22 br-lan.vlan22
33 wlan0.33 br-lan.vlan33
root@OpenWrt:~# cat /etc/hostapd.vlan5
11 wlan1.11 br-lan.vlan11
22 wlan1.22 br-lan.vlan22
33 wlan1.33 br-lan.vlan33
root@OpenWrt:~# cat /etc/hostapd.wpa_psk
vlanid=11 00:00:00:00:00:00 secret11
vlanid=22 00:00:00:00:00:00 secret22
vlanid=33 00:00:00:00:00:00 secret33
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd70:1574:e9fe::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'mgmt'
option proto 'static'
option device 'eth1'
option ipaddr '192.168.95.1'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth0'
config bridge-vlan
option device 'br-lan'
option vlan '11'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '22'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '33'
list ports 'eth0:t'
config interface 'vlan11'
option proto 'static'
option device 'br-lan.11'
option ipaddr '192.168.11.14'
option netmask '255.255.255.0'
option gateway '192.168.11.1'
list dns '192.168.11.1'
config interface 'vlan22'
option proto 'none'
option device 'br-lan.22'
config interface 'vlan33'
option proto 'none'
option device 'br-lan.33'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option band '2g'
option channel '1'
option htmode 'VHT20'
option disabled '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option channel '36'
option htmode 'VHT80'
option disabled '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid '127-O-O-5-X'
option encryption 'psk2'
option key 'secret11'
option wpa_psk_file '/etc/hostapd.wpa_psk'
option vlan_file '/etc/hostapd.vlan'
option vlan_tagged_interface 'eth0'
option vlan_bridge 'br-vlan'
option dynamic_vlan '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid '127-O-O-2-X'
option encryption 'psk2'
option key 'secret11'
option wpa_psk_file '/etc/hostapd.wpa_psk'
option vlan_file '/etc/hostapd.vlan'
option vlan_tagged_interface 'eth0'
option vlan_bridge 'br-vlan'
option dynamic_vlan '1'
root@OpenWrt:~#```
1 Like
