Fritz!Box (FritzOS) -> Fujitsu S920 (openWRT) -> unmanaged switch -> TP Link EAP245 v1 AP (TP Link FW, dynamic IP).
So the AP is part of eth0 in br-lan. All phisycally connected devices work, PC and phone are working on wifi aswell. Macbook can ping the openWRT-router but has no internet connection. But when I activate the wifi on my FritzBox and connect to it with my macbook it works just fine.
The chain is too long - dont you think? Make "unmanaged switch" a home LAN network and let internet-connected Fritzbox be a DHCP server and router for the rest, other AP-s can serve as dumb AP-s - set static LAN IP inside fritzbox-es DHCP subnet and connect to their LAN ports.
It is this device - your WiFi AP - that is not working as expected. You need to refer to the documentation that TP-Link provides or ask on their support channels for help.
Or…
Install OpenWrt on that device and we will absolute be able to help you with that ap!
Not likely a problem with Openwrt - I think your issue is the configuration of your ap with the vendor firmware. But let’s look at the config of your openwrt router.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
I installed openWRT on the AP and configured it as dumb AP but still same behavior. Still good to have openWRT instead of the tp link fw of course
I also thought AdGuardHome might somehow block the macbook but disabling it didn't help either.
here's the result of the commands. I configured the "wifi" zone because I initially wanted to separate ethernet and wifi. But right now the AP is connected via ethernet and part of br-lan.
root@OpenWrt:~# ubus call system board
{
"kernel": "5.15.150",
"hostname": "OpenWrt",
"system": "AMD GX-415GA SOC with Radeon(tm) HD Graphics",
"model": "FUJITSU FUTRO S920",
"board_name": "fujitsu-futro-s920",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "x86/64",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxx'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '62'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config interface 'wifi'
option proto 'static'
option device 'wifi'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option type 'bridge'
option name 'wifi'
option mtu '1500'
option txqueuelen '1000'
option macaddr 'xxx'
list ports 'eth2'
root@OpenWrt:~# cat /etc/config/wireless
cat: can't open '/etc/config/wireless': No such file or directory
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option confdir '/tmp/dnsmasq.d'
option port '553'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'LAMBO'
option ip '192.168.1.100'
option mac 'xxx'
config host
option name 'Desktop'
option ip '192.168.1.154'
option mac 'xxx'
config dhcp 'wifi'
option interface 'wifi'
option start '100'
option limit '150'
option leasetime '12h'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ra_mtu '1500'
option ra_hoplimit '64'
option dhcpv6 'server'
config host
option name 'homeassistant'
option ip '192.168.1.139'
option mac 'xxx'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option drop_invalid '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wifi'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'wifi'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'LAMBO xxx'
option src 'wan'
option src_dport 'xxx'
option dest_ip '192.168.1.100'
option dest_port 'xxx'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'LAMBO xxx'
option src 'wan'
option src_dport 'xxx'
option dest_ip '192.168.1.100'
option dest_port 'xxx'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'LAMBO xxx'
option src 'wan'
option src_dport 'xxx'
option dest_ip '192.168.1.100'
option dest_port 'xxx'
config forwarding
option src 'wifi'
option dest 'wan'
As I said I initially wanted to separate WiFi and ethernet. But right now the WiFi zone has no ports attached to it and is doing nothing. I just didn't delete it.
Right now it's 192.168.1.xxx. I tried using a separate port which I attached to the "WiFi" zone. Then it was 192.168.2.xxx. but same result: all devices except the MacBook work fine.
If you want to do this, you'd connect eth2 directly to your AP. However, this won't solve the problem you're havnig with your Macbook -- that is almost certainly related to the current configuration of the AP (running its vendor firmware).
Alternatively, you can use VLANs for this, but you would need to have a managed switch -- the unmanaged one will not be appropraite here.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have: