Hello everyone, I'm having a weird issue.
I've 3 routers with openwrt.
Main one: GL.iNet GL-MT6000
Second and third act as dumb aps, I create vlans and everything in main router, and pass it to second router, Second router is connected to third and pass the vlans.
I've an interface for management on vlan10 with statics addresses for each router, so I can access to 2nd and 3rd router interface from a pc connected to main one. No firewall on dumb aps.
Everything is working as expected, vlan tagging, wireless on dumb aps, etc.
The only thing I've to do is reboot main router from LuCi interface, then when it comes back, everything start to work again in 3rd router: LuCi, WiFi, etc.
Any ideas in what could be caussing this issue? I mean, I don't have power outages frequently, but it is a pain, because I'm not always home to solve it.
I can post config or anything if needed.
Thanks for your help.
brada4
October 24, 2024, 12:21pm
2
Get a PSU with supercapacitors or at least AC conditioner like an UPS in general, the typical power adapters do not handle brownouts or spikes well.
It's not about brownouts or spikes, it just happen when there is a power cut, when power comes back, everything startup, but 3rd router doesnt work until I manually reboot first one.
Let’s take a look at the details of the 3rd AP that doesn’t come back online.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Here it is!
ubus call system board
{
"kernel": "5.15.150",
"hostname": "OpenWrt-Cochera",
"system": "ARMv8 Processor rev 4",
"model": "ASUS TUF-AX4200",
"board_name": "asus,tuf-ax4200",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "mediatek/filogic",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd58:6306:8678::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option ipv6 '0'
config device
option name 'lan1'
option macaddr '10:7c:61:**:**:**'
option ipv6 '0'
config device
option name 'lan2'
option macaddr '10:7c:61::**:**:**'
option ipv6 '0'
config device
option name 'lan3'
option macaddr '10:7c:61::**:**:**'
option ipv6 '0'
config device
option name 'lan4'
option macaddr '10:7c:61::**:**:**'
option ipv6 '0'
config interface 'lan'
option device 'br-lan.10'
option proto 'static'
option ipaddr '192.168.10.4'
option netmask '255.255.255.0'
option gateway '192.168.10.1'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config device
option name 'eth1'
option macaddr '10:7c:61::**:**:**'
option ipv6 '0'
config bridge-vlan
option device 'br-lan'
option vlan '5'
list ports 'eth1:t'
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'eth1:t'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'eth1:t'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'eth1:t'
list ports 'lan1:u*'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'eth1:t'
config interface 'GAMING'
option proto 'none'
option device 'br-lan.9'
list dns '1.1.1.1'
list dns '8.8.8.8'
option delegate '0'
config interface 'LOCAL'
option proto 'none'
option device 'br-lan.5'
list dns '1.1.1.1'
list dns '8.8.8.8'
option delegate '0'
config interface 'GUEST'
option proto 'none'
option device 'br-lan.30'
list dns '1.1.1.1'
list dns '8.8.8.8'
option delegate '0'
config interface 'IoT'
option proto 'none'
option device 'br-lan.20'
list dns '1.1.1.1'
list dns '8.8.8.8'
option delegate '0'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel '13'
option band '2g'
option htmode 'HE20'
option country 'ES'
option cell_density '0'
option txpower '19'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'IoT'
option mode 'ap'
option ssid '*********'
option encryption 'psk2'
option key '*********'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel '161'
option band '5g'
option htmode 'HE80'
option country 'ES'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'GUEST'
option mode 'ap'
option ssid '*********'
option encryption 'psk2'
option key '*********'
config wifi-vlan
option name 'vl5'
option network 'LOCAL'
option vid '5'
option iface 'default_radio1'
config wifi-station
option key '*********'
option vid '5'
option iface 'default_radio1'
config wifi-vlan
option name 'vl30'
option network 'GUEST'
option vid '30'
option iface 'default_radio1'
config wifi-station
option key '*********'
option vid '30'
option iface 'default_radio1'
config wifi-vlan
option name 'vl20'
option network 'IoT'
option vid '20'
option iface 'default_radio1'
config wifi-station
option key '*********'
option vid '20'
option iface 'default_radio1'
I don't have any dhcp active in this AP,
all interfaces are set to unmanaged but management interface,
which is set to static address.
Here is the config anyways:
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
Firewall is disabled, and no rules created.
brada4
October 24, 2024, 5:44pm
6
jmanuelmri:
option txpower '19'
cell density 1/normal is better at limiting range.
ch161 is 13dBm in ETSI, like 1m range if you are lucky?
brada4
October 24, 2024, 5:45pm
7
You totally cannot have VLAN-s over wifi.
Remove the dns lines and the delegate line from below:
Those are not necessary because the interface is unmanaged. Do the same for the other networks (LOCAL, GUEST, and IoT)
I'm not entirely certain that this is valid:
Where did you get this syntax from?
This could potentially cause some issues, but I don't think it's relevant for this particular situation.
brada4:
jmanuelmri:
option txpower '19'
cell density 1/normal is better at limiting range.
ch161 is 13dBm in ETSI, like 1m range if you are lucky?
Right, both fixed, anyways this is not causing the problem.
You can, using RADIUS or having an SSID with multiple password, one per vlan.
Done.
It's indeed working, so syntax should be valid.
I got it from the forum:
Just for reference, are you running the latest OpenWrt release? I was not able to get the hostapd.wpa_psk method to work-- even though I believe my configuration is correct and I could tell something had changed (i.e. the radio was disabled). Are your interfaces created and destroyed on-demand or does everything appear at startup?
I decided to try the equally obscure wifi-vlan and wifi-station sections (which do not get stripped out by LuCI). This actually works as expected and does not require…
or
I've adjusted the given config to suit my needs and everything looks fine in luci and the passwords for the vlans work, I only have 1 issue when I try the wifi it doesn't give me an IP address, I left 1 wifi radio without vlan just to be able to access to router while setting up.
Now that I'm thinking about it, is this config tailored for the "dumb AP" router 2 and the vlans should get the ip's from dhcp pools on the main router, is this assumption correct ?
here are my configs:
config interf…
What issues? I'm glad of manage potencial problem outcomes. The only thing annoying is firewall enabling itself again when I update, so I get stuck out the router on the management vlan, so I have to connect to it directly.
Ok... as long as this is part of the single SSID + multiple password method, it should be fine.
jmanuelmri:
What issues? I'm glad of manage potencial problem outcomes. The only thing annoying is firewall enabling itself again when I update, so I get stuck out the router on the management vlan, so I have to connect to it directly.
This is exactly the issue I am referring to.
The preferred method is to leave the default firewall file alone, except to ensure that the management network is included in the LAN zone (or a similar zone that has input = accept). There is no need to disable the firewall as it sits entirely idle on a dumb/bridged AP. Therefore, as long as it is configured such that the management network is explicitly allowed to access the device, the status of the firewall (enabled vs disabled) can never cause you to be locked out.
Meanwhile... let's confirm...
physical topology:
Internet > main router > AP 1 > AP 2
all connections via ethernet
Let's now take a look at the main router's config, as well as the second one.
1 Like
psherman:
Internet > main router > AP 1 > AP 2
Let's now take a look at the main router's config, as well as the second one.
Thats right.
Here is the config.
Main router:
Main router config
ubus call system board
{
"kernel": "5.15.150",
"hostname": "OpenWrt-Main",
"system": "ARMv8 Processor rev 4",
"model": "GL.iNet GL-MT6000",
"board_name": "glinet,gl-mt6000",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "mediatek/filogic",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda2:****:****::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
option ipv6 '0'
config device
option name 'lan1'
option macaddr '94:83:c4:**:**:**'
option ipv6 '0'
config device
option name 'lan2'
option macaddr '94:83:c4:**:**:**'
option ipv6 '0'
config device
option name 'lan3'
option macaddr '94:83:c4:**:**:**'
option ipv6 '0'
config device
option name 'lan4'
option macaddr '94:83:c4:**:**:**'
config device
option name 'lan5'
option macaddr '94:83:c4:**:**:**'
option ipv6 '0'
config interface 'lan'
option device 'br-lan.9'
option proto 'static'
option ipaddr '192.168.9.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config device
option name 'eth1'
option macaddr '94:83:c4:**:**:**'
option ipv6 '0'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'lan1:u*'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:u*'
list ports 'lan5:u*'
config bridge-vlan
option device 'br-lan'
option vlan '5'
list ports 'lan2:t'
list ports 'lan3:t'
config bridge-vlan
option device 'br-lan'
option vlan '7'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '16'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '18'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan2:t'
list ports 'lan3:t'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'lan2:t'
list ports 'lan3:t'
config interface 'LOCAL'
option proto 'static'
option device 'br-lan.5'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config interface 'TRABAJO'
option proto 'static'
option device 'br-lan.7'
option ipaddr '192.168.7.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config interface 'CAMARAS'
option proto 'static'
option device 'br-lan.16'
option ipaddr '192.168.16.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config interface 'ALARMA'
option proto 'static'
option device 'br-lan.18'
option ipaddr '192.168.18.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config interface 'IoT'
option proto 'static'
option device 'br-lan.20'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config interface 'GUEST'
option proto 'static'
option device 'br-lan.30'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan2:t'
list ports 'lan3:t'
config interface 'MANAGEMENT'
option proto 'static'
option device 'br-lan.10'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config bridge-vlan
option device 'br-lan'
option vlan '21'
list ports 'lan2:t'
list ports 'lan3:t'
config interface 'homeIOT'
option proto 'static'
option device 'br-lan.21'
option ipaddr '192.168.21.1'
option netmask '255.255.255.0'
list dns '1.1.1.1'
list dns '8.8.8.8'
option delegate '0'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option htmode 'HE20'
option country 'ES'
option cell_density '0'
option channel '1'
option txpower '7'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel '36'
option band '5g'
option htmode 'HE80'
option country 'ES'
option cell_density '0'
option txpower '12'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid '********'
option encryption 'psk2'
option key '********'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid '********'
option encryption 'psk2'
option key '********'
option network 'homeIOT'
config wifi-vlan
option name 'vl30'
option network 'GUEST'
option vid '30'
option iface 'default_radio1'
config wifi-station
option key '********'
option vid '30'
option iface 'default_radio1'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'LOCAL'
option interface 'LOCAL'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'TRABAJO'
option interface 'TRABAJO'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'CAMARAS'
option interface 'CAMARAS'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'ALARMA'
option interface 'ALARMA'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'IoT'
option interface 'IoT'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'GUEST'
option interface 'GUEST'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'MANAGEMENT'
option interface 'MANAGEMENT'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
config dhcp 'homeIOT'
option interface 'homeIOT'
option start '100'
option limit '150'
option leasetime '12h'
cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'LOCAL'
option input 'REJECT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'LOCAL'
config forwarding
option src 'LOCAL'
option dest 'wan'
config zone
option name 'TRABAJO'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'TRABAJO'
config forwarding
option src 'TRABAJO'
option dest 'wan'
config zone
option name 'CAMARAS'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'CAMARAS'
config forwarding
option src 'CAMARAS'
option dest 'wan'
config zone
option name 'ALARMA'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'ALARMA'
config forwarding
option src 'ALARMA'
option dest 'wan'
config zone
option name 'IoT'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'IoT'
config forwarding
option src 'IoT'
option dest 'wan'
config zone
option name 'GUEST'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GUEST'
config forwarding
option src 'GUEST'
option dest 'wan'
config forwarding
option src 'LOCAL'
option dest 'ALARMA'
config forwarding
option src 'LOCAL'
option dest 'CAMARAS'
config forwarding
option src 'LOCAL'
option dest 'IoT'
config rule
option name 'LOCAL DHCP and DNS'
option src 'LOCAL'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'CAMARAS DHCP and DNS'
option src 'CAMARAS'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'ALARMA DHCP and DNS'
option src 'ALARMA'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'IoT DHCP and DNS'
option src 'IoT'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'GUEST DHCP and DNS'
option src 'GUEST'
option dest_port '53 67 68'
option target 'ACCEPT'
config zone
option name 'MANAGEMENT'
option input 'ACCEPT'
option output 'REJECT'
option forward 'ACCEPT'
list network 'MANAGEMENT'
config forwarding
option src 'lan'
option dest 'MANAGEMENT'
config zone
option name 'homeIOT'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'homeIOT'
config forwarding
option src 'homeIOT'
option dest 'wan'
config rule
option name 'HOMEIOT DHCP and DNS'
option src 'homeIOT'
option dest_port '53 67 68'
option target 'ACCEPT'
config forwarding
option src 'MANAGEMENT'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'homeIOT'
config forwarding
option src 'homeIOT'
option dest 'IoT'
And here AP1 AKA second router:
AP1 config
ubus call system board
{
"kernel": "5.15.162",
"hostname": "OpenWrt-Salon",
"system": "ARMv8 Processor rev 4",
"model": "ASUS TUF-AX6000",
"board_name": "asus,tuf-ax6000",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.4",
"revision": "r24012-d8dd03c46f",
"target": "mediatek/filogic",
"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdd5:****:****::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
option ipv6 '0'
config device
option name 'lan1'
option macaddr 'c8:7f:54:**:**:**'
config device
option name 'lan2'
option macaddr 'c8:7f:54:**:**:**'
config device
option name 'lan3'
option macaddr 'c8:7f:54:**:**:**'
config device
option name 'lan4'
option macaddr 'c8:7f:54:**:**:**'
config device
option name 'lan5'
option macaddr 'c8:7f:54:**:**:**'
config interface 'lan'
option device 'br-lan.10'
option proto 'static'
option ipaddr '192.168.10.3'
option netmask '255.255.255.0'
option delegate '0'
option gateway '192.168.10.1'
list dns '192.168.10.1'
config device
option name 'eth1'
option macaddr 'c8:7f:54:**:**:**'
config bridge-vlan
option device 'br-lan'
option vlan '5'
list ports 'eth1:t'
list ports 'lan5:t'
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'eth1:t'
list ports 'lan5:t'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'eth1:t'
list ports 'lan4:u*'
list ports 'lan5:t'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'eth1:t'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan5:t'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'eth1:t'
list ports 'lan3:u*'
list ports 'lan5:t'
config interface 'GAMING'
option proto 'none'
option device 'br-lan.9'
config interface 'LOCAL'
option proto 'none'
option device 'br-lan.5'
config interface 'IoT'
option proto 'none'
option device 'br-lan.20'
config interface 'GUEST'
option proto 'none'
option device 'br-lan.30'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel '8'
option band '2g'
option htmode 'HE20'
option country 'ES'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'IoT'
option mode 'ap'
option ssid '***********'
option encryption 'psk2'
option key '***********'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel '44'
option band '5g'
option htmode 'HE40'
option country 'ES'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid '***********'
option encryption 'psk2'
option key '***********'
option network 'GUEST'
config wifi-vlan
option name 'vl5'
option network 'LOCAL'
option vid '5'
option iface 'default_radio1'
config wifi-station
option key '***********'
option vid '5'
option iface 'default_radio1'
config wifi-vlan
option name 'vl30'
option network 'GUEST'
option vid '30'
option iface 'default_radio1'
config wifi-station
option key '***********'
option vid '30'
option iface 'default_radio1'
config wifi-vlan
option name 'vl9'
option network 'GAMING'
option vid '9'
option iface 'default_radio1'
config wifi-station
option key '***********'
option vid '9'
option iface 'default_radio1'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option ignore '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option dhcpv6 'disabled'
option ra 'disabled'
cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
Tons of config here, I don't know how you can see anything at it without looking for days..
Thank you so much.
Smartphones often do 12-15 dBm, so 13 isn’t that bad. You might get symmetric WiFi link. If speeds are good enough and higher powered channels are swamped with other networks, then this is ok.
evs
October 24, 2024, 10:05pm
13
mm. I was also initially confused by that statement as limiting transmit power has other applications/effects than limiting range.
My understanding is that upping the minimum data rate only effects the minimum modulation rate.
brada4
October 24, 2024, 10:08pm
14
Significantly less as the furthest station will use 1/6 of airtime per frame compared to unrestricted mode.
1 Like
evs
October 24, 2024, 10:25pm
15
mm. Thanks!
Farther stations will use less airtime, or just won't be able to communicate. But for that shorter period of time everyone is going to still see (more) interference because of the higher transmit power?
So what you're saying is that on average you use 1/6th the airtime per frame, but in this 13dbm vs 19dbm example, you're using 4x the power. So it works out?
Furthest station won't be able to decode higher modulation management traffic, so yes, that will be noise for them and this limits the effective range. Also other stations/APs from other BSSIDs might not hear your management traffic, so you might get more collisions and retries.
When looking at a smartphone with max EIRP of 13 dBm, when it gets to the edge of 19 dBm cell, it won't be able to reply to the AP anymore. Higher power is therefore nice to enable higher modulations mid-range, but doesn't really increase range. You can shout louder, but you can't listen harder. Unless you replace your antenna, but that's not possible with a smartphone and has other consequences.
1 Like
brada4
October 24, 2024, 10:38pm
17
Or shorter - limiting range.
I'm not seeing any config issues that would explain the issues you're experiencing.
But to make sure that the topology is correct at a port level:
Main router port 2 (or port 3) -> | port eth1 (AP 1) port lan5 | -> AP2 port eth1
Assuming that this is correct, the VLAN-port membership is correct.
Going back to the original description, you said that AP2 is not reachable after a power outage until the main router is power-cycled, correct?
Have you tried:
Connecting to port 4 on AP2 and setting your computer with a static IP address on the 192.168.10.0/24 network? If so, is the management interface for AP2 available (ssh or LuCI)?
bouncing the uplink port on AP2 (eth1) -- so disconnect the ethernet cable briefly and then test again.
power cycling AP2?
power cycling AP1?
port bouncing the connection between the router and AP1?
The reason I'm asking these questions is that it is strange that AP2 comes online again after rebooting the main router given that AP2 has a static IP and all the VLAN connectivity is consistent through the chain. I'd like to find out what really triggers AP2 to become reachable.
1 Like
brada4
October 25, 2024, 6:21am
19
Actualy - can you trigger "no connection" rebooting device like 10x in a row?
psherman:
I'm not seeing any config issues that would explain the issues you're experiencing.
But to make sure that the topology is correct at a port level:
Main router port 2 (or port 3) -> | port eth1 (AP 1) port lan5 | -> AP2 port eth1
Thats correct.
psherman:
Assuming that this is correct, the VLAN-port membership is correct.
Going back to the original description, you said that AP2 is not reachable after a power outage until the main router is power-cycled, correct?
Have you tried:
Connecting to port 4 on AP2 and setting your computer with a static IP address on the 192.168.10.0/24 network? If so, is the management interface for AP2 available (ssh or LuCI)?
I did, management interface is available, but there is no network connection in the AP, I see WiFi SSID (changed name to be sure its from this ap), but can't connect neither, stuck in connecting on every device.
psherman:
bouncing the uplink port on AP2 (eth1) -- so disconnect the ethernet cable briefly and then test again.
Tried it, no effect, still unreachable.
psherman:
Power cycling AP2 has no effect, tried it using the hardware power button and rebooting through LuCi connected directly to that router.
psherman:
Power cycling AP1 via power button or rebooting through LuCi solves the issue and AP2 is reachable and I can connect to WiFi again.
psherman:
port bouncing the connection between the router and AP1?
Disconnected and reconnected the ethernet cable several times, on both ends of ethernet cable (AP1 and main router), has no effect, AP2 is not reachable.
Tried rebooting main router through LuCi interface (it doesn't have hardware button), and I WAS WRONG, rebooting main router doesn't solve the issue, it's only rebooting or power cycling AP1.
Actually, I can achieve the 'no connection' state by cutting the main power to the house and then restoring it.
