I'm basically wondering if someone can validate my configuration since this will help me determine if I'm facing a bug with this particular router/firmware combination or if this is user error. I've tried following the available guides and I believe this is correct at least. Thanks.. configuration details below:
I’ve installed Openwrt SNAPSHOT from the firmware selector on two MX4300. If I use the main router on it's own, everything works as expected. However, when I connect the dumb AP to the router using a trunk port, I am not able to reach the internet from the dumb AP, clients receive a DHCP address but cannot access the internet or ping the DHCP server (192.168.10.1).
I'm not experienced enough to go much further on my own so I appreciate the help. I've posted the output of route
for each AP (I thought it was suspicious that there is no default route for my main lan 192.168.10.0 on the dumb AP, but I didn't configure it to be that way explicitly as far as I'm aware).
Main Router - MX4300
VLAN10 - Trusted LAN
VLAN20 - Untrusted LAN
Br-lan with Ports tagged as follows
Private SSID and Guest SSID
AdguardHome setup using the wiki here: https://openwrt.org/docs/guide-user/services/dns/adguard-home
Notes:
- Everything works as expected on both VLANS, ethernet and wifi, connecting directly to this router (both ethernet and wifi) without the dumb AP connected.
- With second AP plugged in, I can access the second AP web interface at 192.168.10.2/ping it successfully.
Dumb AP - MX4300
VLAN10 - Trusted LAN
VLAN20 - Untrusted LAN
Br-lan with Ports tagged as follows
Same port configuration as above screenshot (I can only post one embedded image as a new user, sorry)
Notes:
- Internet is not accessible from the AP itself (through ssh, ping to google fails for example)
- Clients successfully get DHCP address from main router, but cannot ping main router or access internet
- As seen in the screenshots, the router and the AP are connected on lan3
Things I’ve tried
- Reverting to 24.10.1 the dumb AP but have since put it back to the same snapshot build to continue troubleshooting (haven't tried the main router yet)
- Eliminating long ethernet cable run and testing the AP side-by-side with a the router (current setup until I can get everything working)
Details about the configurations for each router (apologies for the formatting, not sure how to do this correctly):
Main router config -
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
list ipaddr '127.0.0.1/8'
config globals 'globals'
option ula_prefix 'fd34:f0e1:964::/48'
option packet_steering '0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
option bridge_empty '1'
option igmp_snooping '1'
config device
option name 'lan1'
option macaddr '***'
config device
option name 'lan2'
option macaddr '***'
config device
option name 'lan3'
option macaddr '***'
config interface 'lan'
option device 'br-lan.10'
option proto 'static'
option ip6assign '60'
list ipaddr '192.168.10.1/24'
config interface 'guest'
option device 'br-lan.20'
option proto 'static'
option ip6assign '60'
list ipaddr '192.168.20.1/24'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan1'
list ports 'lan3:t'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan2'
list ports 'lan3:t'
config interface 'wg'
option proto 'wireguard'
option private_key '***'
option listen_port '***'
list addresses '10.12.0.1/32'
…wg clients below, redacted
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option port '54'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
option dhcpv6 'server'
list dhcp_option '3,192.168.10.1'
list dhcp_option '6,192.168.10.1'
list dhcp_option '15,lan'
list dns 'fd34:f0e1:964:10::1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wg'
option interface 'wg'
option ignore '1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '3,192.168.20.1'
list dhcp_option '6,192.168.20.1'
/etc/config/firewall
…All defaults except for the following (not sure if this is even necessary):
config rule
option src 'untrusted'
option name 'Guest DHCP and DNS'
option dest_port '53 67 68'
option target 'ACCEPT'
option dest 'trusted'
Route output:
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default REDACTED_IP 0.0.0.0 UG 0 0 0 wan
10.12.0.2 * 255.255.255.255 UH 0 0 0 wg
10.12.0.3 * 255.255.255.255 UH 0 0 0 wg
10.12.0.4 * 255.255.255.255 UH 0 0 0 wg
REDACTED_IP REDACTED_IP 255.255.255.255 UGH 0 0 0 wan
REDACTED_IP * 255.255.254.0 U 0 0 0 wan
192.168.10.0 * 255.255.255.0 U 0 0 0 br-lan.10
192.168.20.0 * 255.255.255.0 U 0 0 0 br-lan.20
Dumb AP configuration:
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
list ipaddr '127.0.0.1/8'
config globals 'globals'
option ula_prefix 'fd34:f0e1:964::/48'
option packet_steering '0'
config device
option name 'br-lan'
option type 'bridge'
option bridge_empty '1'
option igmp_snooping '1'
option macaddr '***'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config device
option name 'lan1'
option macaddr '***'
config device
option name 'lan2'
option macaddr '***'
config device
option name 'lan3'
option macaddr '***'
config interface 'lan'
option device 'br-lan.10'
option proto 'static'
option ipaddr '192.168.10.2'
option netmask '255.255.255.0'
option gateway '192.168.10.1'
list dns '192.168.10.1'
config interface 'guest'
option device 'br-lan.20'
option proto 'static'
option ipaddr '192.168.20.2'
option netmask '255.255.255.0'
option gateway '192.168.20.1'
option dns '192.168.20.1'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan1'
list ports 'lan3:t'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan2'
list ports 'lan3:t'
/etc/config/dhcp (both interfaces set to ignore)
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option port '54'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
list dhcp_option '3,192.168.10.1'
list dhcp_option '6,192.168.10.1'
list dhcp_option '15,lan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wg'
option interface 'wg'
option ignore '1'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '3,192.168.20.1'
list dhcp_option '6,192.168.20.1'
list dhcp_option '15,lan'
option ignore '1'
Default routes:
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.20.1 0.0.0.0 UG 0 0 0 br-lan.20
192.168.10.0 * 255.255.255.0 U 0 0 0 br-lan.10
192.168.20.0 * 255.255.255.0 U 0 0 0 br-lan.20