No wifi internet on 21.02 Dumb AP lan and guest swconfig Archer C7v5

xtianstone · March 20, 2022, 2:19am

I have an Archer C7v5 set up as a dumb AP using vlan swconfig, I can connect to the router externally, and the router pulls an IP from the DHCP server for each interface. However, the wifi shows no internet on either LAN (eth0.1) or GUEST (eth0.99). I have disabled dnsmasq, firewall, and odhcpd. I removed the wan interface and am using it as a regular LAN switch port. For the swconfig, I am leaving the LAN untagged on the upstream connection and tagging the GUEST network.

Here is the network config

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd5:e91a:f82d::/48'

config interface 'lan'
	option device 'eth0.1'
	option proto 'static'
	option ipaddr '10.0.1.5'
	option netmask '255.255.255.0'
	option gateway '10.0.1.1'
	list dns '10.0.1.1'

config device
	option name 'eth0.2'
	option macaddr 'd8:07:b6:f9:2c:e9'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 1 2 3 4'

config interface 'GUEST'
	option proto 'dhcp'
	option device 'eth0.99'
	option dns '10.0.3.1'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '99'
	option ports '0t 1t 5'

And here is the wireless network

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option cell_density '0'
	option country 'US'
	option htmode 'VHT20'
	option channel '56'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2'
	option key 'somepassword'
	option ieee80211r '1'
	option ft_psk_generate_local '1'
	option dtim_period '3'
	option mobility_domain '0810'
	option ft_over_ds '0'
	option ssid 'The Little Prince'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'platform/ahb/18100000.wmac'
	option htmode 'HT20'
	option channel '1'
	option country 'US'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'Fox'
	option encryption 'psk2'
	option key 'somepassword'
	option ieee80211r '1'
	option ft_psk_generate_local '1'
	option dtim_period '3'
	option mobility_domain '0395'
	option ft_over_ds '0'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option encryption 'psk2'
	option dtim_period '3'
	option key 'somepassword'
	option ieee80211r '1'
	option mobility_domain '9999'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'GUEST'
	option ssid 'Guest'

Finally, here is the dhcp config

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'
	list dhcp_option '6,10.0.1.1'
	list dhcp_option '3,10.0.1.1'
	option dynamicdhcp '0'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'GUEST'
	option interface 'GUEST'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ignore '1'
	list ra_flags 'none'

I originally had both interfaced pulling a dynamic IP (correctly), and then in trying to get this working I moved lan to a static IP address and have been doing my best to figure out why the three wireless networks (Little Prince and Fox on LAN, and Guest on GUEST) do not pull ip addresses, and even if I assign them a manual IP address there is no internet access.

My thought is that I do not need the firewall enabled as I am using the switch config to bridge the ports, I do not need dnsmasq or odhcp for the same reason... they are pulling the IP from the upstream device (which is also using vlans, sending LAN untagged and GUEST tagged). I am not concerned about the cable since both interfaces have been able to get an IP from the upstream DHCP server, and I can ping, trace, and do DNS lookups from LUCI on the router. Any thoughts on what I am missing? Do I need to use firewall afterall or create an additional bridge beyond the switch?

I appreciate any insight on this. I know I am missing something fundamental and easy here, I am just not seeing it. I am missing some bridge between the Little Prince and Fox wifi and LAN somewhere is my only guess.

psherman · March 20, 2022, 5:26am

Your networks need to be part of bridges in order to enable the wifi.

Further, if this is a dumb AP, it does not need an address on the guest network.

Make your networks look like this:

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.0.1.5'
	option netmask '255.255.255.0'
	option gateway '10.0.1.1'
	list dns '10.0.1.1'

config device
	option name 'br-guest'
	option type 'bridge'
	list ports 'eth0.99'

config interface 'GUEST'
	option proto 'none'
	option device 'br-guest'

This should fix things as long at the upstream is working properly.... that is too say that the lan is untagged on your trunk and guest is tagged VLAN 99, that the networks are properly functioning on the main router and that any intermediate switches are configured properly.

xtianstone · March 21, 2022, 1:33am

That did it 100%. I'll mark it as the solution.

I take it a bridge is required to connect the vlan to any wifi connection? The switch makes the vlan, but you still need a bridge to connect to another device. I was used to the bridge to connect things in the old LUCI, but in the new one when you selected the network in wireless settings, it bridged things for you.

psherman · March 21, 2022, 1:53am

Simply stated, the bridge is required to enable wired and wireless to use the same network. I wouldn't say that the switch 'makes' the VLAN, but the switch is responsible for handling the VLANs -- manging the tags and keeping the traffic from each network separated from the others (at L2, the data link layer; the firewall is responsible for permitting/restricting inter-VLAN connectivity at L3).

system · March 31, 2022, 1:53am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.