Nighthawk R7800: guest WiFi internet connectivity suddenly stopped working

Foil64 · January 21, 2024, 4:56pm

I have a main wifi network and a guest wifi network. Everything was working fine for several months. Today, the internet connectivity for the guest wifi network is down. On the main wifi network, everything still works perfectly.

What I've tried so far:

Rebooted the router.
Rebooted the cable modem.
Examined the logs with logread

Nothing in the logs stands out to me and I'm not sure where to go next in the troubleshooting process. Any suggestions are greatly appreciated.

System info in screenshots:

psherman · January 21, 2024, 6:25pm

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Foil64 · January 21, 2024, 9:37pm

ubus call system board

{
        "kernel": "5.10.161",
        "hostname": "OpenWrt-Unified",
        "system": "ARMv7 Processor rev 0 (v7l)",
        "model": "Netgear Nighthawk X4S R7800",
        "board_name": "netgear,r7800",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.3",
                "revision": "r20028-43d71ad93e",
                "target": "ipq806x/generic",
                "description": "OpenWrt 22.03.3 r20028-43d71ad93e"
        }
}

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd98:5263:e6dc::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0t'

config interface 'guest'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'
        option country 'US'
        option channel '40'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'US'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'wifi A'
        option encryption 'psk2'
        option key '<redacted>'
        option network 'lan'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'ap'
        option encryption 'psk2'
        option network 'guest'
        option ssid 'wifi B'
        option key '<redacted>'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'wifi C'
        option encryption 'psk2'
        option key '<redacted>'
        option network 'lan'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'wifi D'
        option encryption 'psk2'
        option key '<redacted>'
        option network 'guest'

cat /etc/config/dhcp

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'guestwifi'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'guest'

config forwarding
        option src 'guestwifi'
        option dest 'wan'

psherman · January 21, 2024, 9:45pm

I believe your problem is that you have the guest network attached to two radios. For that to work, you need a bridge. Add a bridge and then modify your guest network to use that bridge.

config device
        option name 'br-guest'
        option type 'bridge'
        option bridge_empty '1'

config interface 'guest'
        option device 'br-guest'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

Then reboot your rotuer and test again.

Also, unrelated to your issue -- you should upgrade to the latest OpenWrt. At least 22.03.6, but preferably 23.05.2.

Foil64 · January 21, 2024, 10:17pm

I added your suggested modifications to /etc/config/network and that fixed my issue, thank you so much!

And I will add "Upgrade OpenWRT to my TODO list", thanks for pointing that out.

For my own understanding, I'd like to learn more about why it wasn't working, and why your suggested modification fixed it. Are there any particular sections of the documentation that you could recommend that are relevant?

What's mysterious is why it was working with my previous configuration for several months before deciding to stop working out of nowhere, but I doubt I'll ever find an answer to that.

psherman · January 21, 2024, 10:53pm

Each network interface has one logical port and can attach to exactly one 'device' -- a device, in this case, is Ethernet (a physical port or VLAN), a wifi radio, or a bridge.

A bridge is in essence a software equivalent to an unmanaged switch. A bridge makes a single connection to the network interface and then allows one or more other physical devices to be attached. So if you want to use more than one wifi radio or wifi + ethernet (and in some cases, multiple Ethernet ports), you need to use a bridge. (simplisticly, you can think of it as a splitter.)

I don't know why it worked for you in the past and what caused it to stop working, but one possible situation is that only one radio had actually been connected, and maybe a device reboot or other event caused both radios to try to connect, thus resulting in the problem you experienced. The bridge fixes that because it allows multiple devices to connect to the network interface.

system · January 31, 2024, 10:54pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.