Hello,
We recently upgraded a bunch of MR33’s from 22.03.3 to 23.05.6 then onwards to 24.10.5. They all have essentially the same config. Dual radios configured as 2.4 and 5ghz AP’s and the lan port plugged into the various POE swtiches on the main lan.
One of the devices we have upgraded cannot ping the gateway/DNS server from the lan. If we connect to it as a wifi client (mobile for instance) all is well and we can get to the internet. But the device itself cannot therefore it can’t resolve anthing and fails all diagnostic checks. We have tried resetting it to blank config and entering the full config agian to match the others the only difference being its IP address. But it still exhibits the same symptoms. It cannot see the DNS server.
Does anyone have any idea how we might solve this? WE can SSH into it. WE can ping all host on the network except the gateway address. Just bizarre. All of the others work exactly as expected.
Any help much appreciated.
Cheers
Let's take a look at the complete config to ensure that things are configured properly from the OpenWrt side.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
ubus call system board
{
"kernel": "6.6.119",
"hostname": "TWHG248MR33",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "Meraki MR33 Access Point",
"board_name": "meraki,mr33",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.5",
"revision": "r29087-d9c5716d1d",
"target": "ipq40xx/generic",
"description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
"builddate": "1766005702"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix ''
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.0.248'
option netmask '255.255.255.0'
option gateway '192.168.0.254'
option broadcast '192.168.0.255'
list dns '192.168.0.254'
list dns_search 'our.home'
option delegate '0'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/40000000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/a000000.wifi'
option channel 'auto'
option band '2g'
option htmode 'HT40'
option cell_density '0'
option country 'GB'
option noscan '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OURID'
option encryption 'psk2'
option key 'ourkey'
option ieee80211r '1'
option mobility_domain 'NNNN'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/soc/a800000.wifi'
option channel 'auto'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
option country 'GB'
config wifi-iface 'default_radio2'
option device 'radio2'
option network 'lan'
option mode 'ap'
option ssid 'OURID5'
option encryption 'psk2'
option key 'ourkey5'
option ieee80211r '1'
option mobility_domain 'NNNN'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
cat /etc/config/dhcp
config dnsmasq
option localise_queries '1'
option rebind_protection '0'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option piofolder '/tmp/odhcpd-piofolder'
cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option family 'ipv4'
option masq_allow_invalid '1'
cat /tmp/resolv.conf.d/resolv.conf.auto
# Interface lan
nameserver 192.168.0.254
search our.home
Details for all commands above. This config is the same as all the other working configs except for the Lan IP.
Thanks for taking a look.
Cheers
I don't see any obvious issues.
What happens if you swap the switch port to which this is connected (i.e. if you have a working AP and this one that isn't, swap their ports and see what happens)? If that doesn't change anything, what about if you swap their IP addresses?
Not simple they are in different buildings. I could give it a new IP address.
Cheers
Ok... so another option you can consider is simply unplugging the AP from the switch and plugging in a computer into the same port. Assign it the same IP (and subnet mask, gateway, and DNS) and see if that computer can get the desired connectivity.
Ok I can try that tomorrow and see what happens. I am pretty sure it will be fine as I used my laptop to config this one on the same switch. Pretty sure we also tried it in different ports.
But will give it a go as baffled by this.
Cheers
So the plot thickens although still a bit baffled. This MR33 is in an outbuilding connected to an unmanaged POE switch. The switch has a solar inverter, 3 cameras, 2 RS485 to ETH adaptors and an Rpi attached to it. All are accessible from the main network as is this MR33 via its lan port. If I go to the outbuilding and connect to the MR33 AP I am served a DHCP address from the main network and I am able to connect to any device on it and the internet. DNS etc. work perfectly.
Obviously, all of this connectivity is going via the lan port of the MR33 to the local POE switch to the wifi bridge and onto the main network.
The backhaul from this outbuilding to the main network is via a wifi bridge. At the main network end there is another MR33 configured with relayd with one of its radios acting as the wifi bridge and the lan port connected to the main network POE switch.
From an SSH session on the outbuilding MR33 it cannot ping the main network gateway, in fact that is the only address it can’t contact. It seems to be able to ping everything else. Both local addresses on the same lcoal POE switch and all addresses except the gateway address which is also the DNS and DHCP server for the main network. So it cannot update its software and fails all diagnostics on the diagnostic page.
I am sure I am missing something obvious somewhere but at a loss to see where. Whty can I connect locally to the MR33 provided AP and get full network services. But the MR33 itself cannot connect to the internet!
Any help apprecaited.
Cheers
It wouldn't entirely surprise me if this is an artifact of the relayd configuration. It's a bit of a hack in the first place and does have some quirks. I don't think that the behavior you're experiencing is necessarily inherent in the relayd mechanism, but it is possible that there is a misconfiguration in that part of the system that causes this issue.
That said, what is the other side of the wifi network (i.e. the upstream relative to the MR33 with relayd)? Can you use OpenWrt at that point? If so, you can use WDS or 802.11s/mesh which are much less likely to cause problems.
In truth, this isn't really an issue in most cases. You shouldn't be upgrading packages (it can cause major problems), and the AP itself really doesn't need connectivity to the world as long as its clients can connect as expected.
The upstream end is an outdoor PCOM AP. Been working fine for years. Provides service for outside as well as being connected to from the MR33 acting as the relayd bridge. What kind of misconfiguration? The relayd config is pretty simple. The MR33 is configured as a client and connected to the upstream AP with a static IP then the relayd repeater is given the same IP as the wifi client and bridges the lan and wwan connections.
What’s really confusing is if I connect via the outbuilding MR33 AP I get full service and can connect to the internet and all main network IP’s, including the gateway. To get that service, I am going through the LAN connection of the outbuilding MR33! Which itself cannot see the gateway if I ssh in and try to ping it.
The outdoor AP515 does support WDS but the MR33 does not seem to work with it when it is put in WDS mode.
Just an update I flashed the link MR33 that talks to the IP-COM P515 to the same version as all the other MR33’s 24.10.5 but that made no difference. I tried clean configs and every variation of WDS. THe MR33 as a WDS AP with the IP-COM as a client and the other way around. The only way I can get any connectivity is by setting the IP-COM as an AP and then the MR33 as a client and using relayd to bridge the wwan and lan interfaces.
If I connect directly to the IP-COM and use its in built diagnostics. I can ping the gateway ip fine and all network addresses apart from the downstream MR33 lan address. Its a similar issue to the upstream outbuilding MR33 where I can ping the local switch connected devices, downstream IP-COM and the downstream MR33 wwan interface but not the lan interface or the main network gateway.
Just posting this here in case it helps someone else out. I took 2 of our spare MR33’s and configured them as a WDS pair. One AP connected to the outbuilding switch and the other as a client connected to the main switch in the office building. I repurposed an outdoor Din rail enclosure to house the outdoor MR33.
The link burst into life and all network services are now restored. With what seems like a solid link.
IPCOM now retired.
Many thanks for the responses. WDS was trivial to setup and seems to be the answer.
Cheers