Obtain IP address from DHCP for Guest WIFI via an external Dumb AP

Hi,

I have two routers running OpenWRT. A primary WIFI router, configured with two SSIDs (trusted and guest). The IP of the router for the trusted (br-lan) network interface is 192.168.1.1. The IP for the guest network interface is 192.168.5.1

The second router is setup as a dump AP with DHCP, DNS and Firewall disabled and connected directly (RJ45) to the primary router. On the secondary router I have again created two SSID's as on the primary router for the trusted and guest networks (192.168.1.2 and 192.168.5.2 respectively). The SSID's on the AP are appended with an 'x' to save any confusion i.e. trustedx and guestx.

If I connect my laptop with a physical cable to the dumb AP or through WIFI to the trustedx WIFI SSID I can obtain an IP address from the primary router's DHCP service, and everything works fine.

If I connect to the guestx WIFI SSID on the dumb ap then I cannot obtain an IP address from the primary router's DHCP service.

I thought it might be an issue with the firewall on the primary router blocking clients from the 192.168.5.0/24 network from connecting to the DHCP service (UDP/67) on the primary router coming from the AP but I've added a rule for that and it still does not work.

Please help
Phil

Did you setup a trunk port on each of your routers? On the dumb AP device, you need to setup a bridge so you can tie the guest network to the guest SSID... the guest network itself should be defined as proto none (unmanaged) on the dumb AP.

Let's see your configs on each of your routers (please make it clear which router is which)... just starting with 2 files for now:

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless

Thanks - Here are the configurations

Primary Router

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd17:c397:e0be::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth0.2'
        option macaddr ''
        option ipv6 '0'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'
        option hostname '*'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3 4 5'
        option vid '1'
        option description 'LAN'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1'
        option vid '2'
        option description 'WAN'

config device
        option name 'eth0'
        option ipv6 '0'

config device
        option name 'eth0.1'
        option type '8021q'
        option ifname 'eth0'
        option vid '1'
        option ipv6 '0'

config interface 'guestwifi'
        option proto 'static'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option country 'GB'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'TRUSTED'
        option encryption 'sae-mixed'
        option key 'passphrase'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'GB'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'TRUSTED'
        option encryption 'sae-mixed'
        option key 'passphrase'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'GUEST'
        option encryption 'sae-mixed'
        option key 'internet for free'
        option network 'guestwifi'

root@OpenWrt:~#

Dumb AP

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0b:764d:33b7::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ip6assign '60'
        list ipaddr '192.168.1.2/24'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3 4 5 1'
        option vid '1'

config device
        option name 'eth0'
        option ipv6 '0'

config device
        option name 'eth0.1'
        option type '8021q'
        option ifname 'eth0'
        option vid '1'
        option ipv6 '0'

config interface 'guestwifi'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.5.2'

config device
        option name 'wlan0-1'
        option ipv6 '0'

config device
        option name 'wlan0'
        option ipv6 '0'

config device
        option name 'wlan1'
        option ipv6 '0'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'GB'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'TRUSTED-X'
        option key 'passphrase'
        option encryption 'sae-mixed'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '36'
        option band '5g'
        option htmode 'HT20'
        option cell_density '0'
        option disabled '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option key 'passphrase'
        option ssid 'TRUSTED-X'
        option encryption 'sae-mixed'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'GUEST-X'
        option encryption 'sae-mixed'
        option key 'passphrase'
        option network 'guestwifi'

You don't currently have a trunk port to convey the two networks across the cable... only one network (your main trusted one) has the ability to be connected.

Add the following things (and edit the guest network config) as shown to the network configuration on your main router. I don't know which physical port is associated with logical port 5, so you may need to experiment a bit.

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth0.5'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t 2 3 4 5t'
        option vid '5'
        option description 'LAN'

config device
        option name 'eth0.5'
        option type '8021q'
        option ifname 'eth0'
        option vid '5'
        option ipv6 '0'

config interface 'guestwifi'
        option device 'br-guest'
        option proto 'static'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'

on the dumb AP, remove all of these:

then create a bridge and VLAN for the guest network like you did for the main router. In this case, I've used the logical ethernet port 1, but that may or may not be what is currently physically in use. Note that the guest network will have proto none on this device.

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth0.5'
        option ipv6 '0'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option ports '0t 1t'
        option vid '5'

config interface 'guestwifi'
        option device 'br-guest'
        option proto 'none'
1 Like

Thank you very much for the amazingly quick response.

I usually configure in LUCI for simplicity, but I will see what I can do and give an update.