Linksys WRT1900ACS 19.07 to 21.02 DSA WIFI Bridge

Dear Community

Today I made the transition from OpenWrt 19.07.8 to 21.02.

And clearly red the following topics beforehand

• https://openwrt.org/releases/21.02/notes-21.02.0
• https://openwrt.org/docs/guide-user/network/dsa/upgrading-to-2102
• https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial
• https://openwrt.org/docs/guide-user/network/dsa/converting-to-dsa
• https://forum.openwrt.org/t/linksys-wrt1900acs-upgrade-19-07-8-to-21-02-1/110929
• https://openwrt.org/toh/linksys/wrt1900acs

I started to use OpenWrt around 2 years ago and did the setup with the help of the following blog https://www.kuketz-blog.de/flash-openwrt-auf-fritzbox-4040-openwrt-teil2/.

The network topology looks as follows

netzwerkaufbau700×266 12.4 KB

Honestly I am not a network pro, but adblock, banip, stubby, wireguard, wan, lan and internet over wifi works fine at the moment, except for the fact, that I don't get the concept of creating a new Bridge (I call it br-wifi) with the 5GHz and 2.4GHz Wifi in it and a IP range of 192.168.150.1 as illustrated in the image above.

So right now everything, LAN as well as WLAN is going over the br-lan interface.

But I would like to get this above setup with DSA too on my Linksys WRT1900ACS Router with the following configuration:

• LAN (br-lan) 192.168.200.1/24
• WAN (wan) 192.168.50.5/24
• WIFI (br-wifi?) 192.168.150.1/24

Can someone assist me or tell me how I can create a new br-wifi interface with the APs (5Ghz and 2.4GHz) in it as I had similar with 19.07 so that I have an own network range of 192.168.150.1/24? I tried to create a br-wifi interface and wanted to add the APs, but it did not let me choose the WIFI AP Devices, so I guess there must be another way to do it.

Here is the /etc/config/network configuration so far

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd01:0c7a:5b93::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.200.1'
	list dns '127.0.0.1'

config device
	option name 'wan'
	option macaddr 'aa:bb:cc:dd:ee:ff'

config interface 'wan'
	option device 'wan'
	option proto 'static'
	option ipaddr '192.168.50.5'
	option netmask '255.255.255.0'
	option gateway '192.168.50.1'
	option dns '127.0.0.1'
	option peerdns '0'

# MISSING WIFI Section

And of course the /etc/config/wireless configuration

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option htmode 'VHT80'
	option cell_density '0'
	option country 'FR'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option macaddr '11:22:33:44:55:66'
	option ssid 'OpenWrt5'
	option encryption 'psk2'
	option key 'DUMMY_PASSWORD'
	option network 'lan'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option htmode 'HT20'
	option cell_density '0'
	option country 'FR'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option macaddr '11:22:33:44:55:77'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key 'DUMMY_PASSWORD'

Let me know if you need some configuration snippets or more images of my setup and I try my best.

You leave wifi pretty much as before, outside of /etc/config/network, it's exclusively configured via /etc/config/wireless and gets added as bridge member to an existing bridge (existing as in /etc/config/network) from there.

Hi slh

Thank you for your quick reply. I added in the above post the /etc/config/network and the /etc/config/wireless configuration so far.

So basically all is setup and ready except for the wifi bridge and the attachement of the wifi devices itself, because they are mapped in DSA automatically to the br-lan interface by default and I dont see a chance to create my new br-wifi interface and move them in there via LUCI GUI as it does not allow me to select them in my new br-wifi. I tried to create this new bridge interface yesterday, without ability to attach the wifi in it.

I would share more images but as a new member it seems that I am limited to only post one image

Kind regards

Dear Community

I try to give a step by step solution to my own question as good as I can.

1. Under Network -> Firewall: Create a new zone for wifi
2. Under Network -> Interfaces -> Devices: Create a Bridge Device br-wifi (Important: Leave Bridge ports unspecified)
3. Under Network -> Interfaces -> Interfaces: Create Interface WIFI
   • General Settings -> Device: Assign the bridge device br-wifi
   • Firewall Settings -> Create / Assign firewall-zone: Assign wifi
4. Under Network -> Wireless -> Your AP -> Edit -> Interface Configuration -> Network: Add WIFI
5. Under Network -> Firewall: Create your appropriate rule set

This worked like a charm and I have assigned all my wifi devices with a IP in the range 192.168.150.x/24 and have smooth network connection

Final /etc/config/network configuration

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd01:0c7a:5b93::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.200.1'
	list dns '127.0.0.1'

config device
	option type 'bridge'
	option name 'br-wifi'

config interface 'WIFI'
	option proto 'static'
	option device 'br-wifi'
	option ipaddr '192.168.150.1'
	option netmask '255.255.255.0'
	option type 'bridge'

config device
	option name 'wan'
	option macaddr 'aa:bb:cc:dd:ee:ff'

config interface 'wan'
	option device 'wan'
	option proto 'static'
	option ipaddr '192.168.50.5'
	option netmask '255.255.255.0'
	option gateway '192.168.50.1'
	option peerdns '0'
	list dns '127.0.0.1'

Final /etc/config/wireless configuration

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option htmode 'VHT80'
	option cell_density '0'
	option country 'FR'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option macaddr '11:22:33:44:55:66'
	option ssid 'OpenWrt5'
	option encryption 'psk2'
	option key 'DUMMY_PASSWORD'
	option network 'WIFI'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option htmode 'HT20'
	option cell_density '0'
	option country 'FR'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'WIFI'
	option mode 'ap'
	option macaddr '11:22:33:44:55:77'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key 'DUMMY_PASSWORD'

As well as the two additions to the /etc/config/firewall

# ...

config zone
	option name 'wifi'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'WIFI'

config forwarding
	option src 'wifi'
	option dest 'wan'

P.S: Solution was quite simple, so honestly I got confused by the naming clashes/issues with interface, device, network

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.