Problem with connecting to SSID when dual band guest wifi is enabled

SLA · January 18, 2022, 1:38pm

Hi,

I am trying to enable a Dual-band Guest network using the command mentioned in

uci -q delete network.guest_dev
uci set network.guest_dev="device"
uci set network.guest_dev.type="bridge"
uci set network.guest_dev.name="br-guest"
uci -q delete network.guest
uci set network.guest="interface"
uci set network.guest.proto="static"
uci set network.guest.device="br-guest"
uci set network.guest.ipaddr="192.168.3.1"
uci set network.guest.netmask="255.255.255.0"
uci commit network
/etc/init.d/network restart

WIFI_DEV="$(uci get wireless.@wifi-iface[0].device)"
uci -q delete wireless.guest
uci set wireless.guest="wifi-iface"
uci set wireless.guest.device="${WIFI_DEV}"
uci set wireless.guest.mode="ap"
uci set wireless.guest.network="guest"
uci set wireless.guest.ssid="guest"
uci set wireless.guest.encryption="none"
uci commit wireless
wifi reload

# Configure DHCP
uci -q delete dhcp.guest
uci set dhcp.guest="dhcp"
uci set dhcp.guest.interface="guest"
uci set dhcp.guest.start="100"
uci set dhcp.guest.limit="150"
uci set dhcp.guest.leasetime="1h"
uci commit dhcp
/etc/init.d/dnsmasq restart

Enabled the Dual-band router using the command mentioned in https://openwrt.org/docs/guide-user/network/wifi/guestwifi/extras

# Configure wireless
WIFI_DEV="$(uci get wireless.@wifi-iface[1].device)"
uci -q delete wireless.guest2
uci set wireless.guest2="wifi-iface"
uci set wireless.guest2.device="${WIFI_DEV}"
uci set wireless.guest2.mode="ap"
uci set wireless.guest2.network="guest"
uci set wireless.guest2.ssid="guest2"
uci set wireless.guest2.encryption="none"
uci commit wireless
wifi reload

Both Access points "guest" and "guest2" are enabled. But connecting to these access points is failing
.
I was able to see DHCPDISCOVER request, but there was no response for DHCPDISCOVER on the Router

I was able to connect to Access Point when any one of them is enabled( Enabling 2.4 GHz or Enabling only 5 GHz)

Enabling both 2.4 GHz 5 GHz and connecting to those Access Point is failing.

Please let us know how we can fix this issue.

psherman · January 19, 2022, 4:05am

Let’s take a look at the resulting files.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

SLA · January 19, 2022, 5:01am

Hi,

Please find the below command output,

## cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd8c:6d04:24dd::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth1.2'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config device 'guest_dev'
        option type 'bridge'
        option name 'br-guest'

config interface 'guest'
        option proto 'static'
        option device 'br-guest'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'

### cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
        option htmode 'VHT80'
        option country 'US'
        option legacy_rates '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option macaddr '12:34:65:12:34:56'
        option encryption 'psk2'
        option ssid 'OpenWrt_2'
        option key 'password'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
        option htmode 'HT20'
        option country 'US'
        option legacy_rates '1'
        option disabled '0'
        option channel '11'

config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
        option network 'lan'

config wifi-iface 'guest'
        option device 'radio0'
        option mode 'ap'
        option network 'guest'
        option ssid 'guest'
        option encryption 'none'
        option isolate '1'

config wifi-iface 'guest2'
        option device 'radio1'
        option mode 'ap'
        option network 'guest'
        option ssid 'guest2'
        option encryption 'none'
        option isolate '1'

##cat /etc/config/dhcp
config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        list server '127.0.0.1#5053'
        list server '127.0.0.1#5054'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '1h'

##cat /etc/config/firewall
config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule 'icmp'
        option name 'Allow-Ping'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
        option src '*'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule 'icmp6'
        option name 'Allow-ICMPv6-Input'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option src '*'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule 'guest_fwd'
        option name 'Allow-HTTP/HTTPS-Guest-Forward'
        option src 'guest'
        option dest 'wan'
        list dest_port '80'
        list dest_port '443'
        option proto 'tcp'
        option target 'ACCEPT'

config forwarding
        option dest 'wan'
        option src 'guest2'

config forwarding
        option dest 'guest2'
        option src 'wan'

config zone 'guest'
        option name 'guest'
        option network 'guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config forwarding 'guest_wan'
        option src 'guest'
        option dest 'wan'

config rule 'guest_dns'
        option name 'Allow-DNS-Guest'
        option src 'guest'
        option dest_port '53'
        option proto 'tcp udp'
        option target 'ACCEPT'

config rule 'guest_dhcp'
        option name 'Allow-DHCP-Guest'
        option src 'guest'
        option dest_port '67'
        option proto 'udp'
        option family 'ipv4'
        option target 'ACCEPT'

SLA · January 24, 2022, 2:36pm

Hi,

Any update on this topic?
Please let me know if I need to share any other information which helps to resolve this issue.

Thanks,
Ashik

psherman · January 24, 2022, 6:10pm

Can you describe the specific symptoms when you try to connect? Does the wireless device have difficulty obtaining a DHCP lease? or is it not able to connect to the SSID at all? Or is it simply unable to connect to the internet, but it can obtain a DHCP lease?

Does the problem still happen if you disable one or the other of the guest SSIDs?

There are a few things you should remove from your firewall file, but these are probably not related to the issue:

Remove this:

And this....

And this doesn't do anything since you already allow guest > wan forwarding.

SLA:

config rule 'guest_fwd'
        option name 'Allow-HTTP/HTTPS-Guest-Forward'
        option src 'guest'
        option dest 'wan'
        list dest_port '80'
        list dest_port '443'
        option proto 'tcp'
        option target 'ACCEPT'

SLA · January 25, 2022, 6:22am

Hi,

When both guest wifi(2.4GHz and 5GHz) are enabled, client devices (like mobile, Laptop) were able to connect to SSID, But devices did not get a DHCP lease.

When only one guest wifi(2.4GHz or 5GHz) is enabled, wireless devices were able to connect to Guest SSID and get the DHCP lease. I was able to browse on wireless device.

I am seeing this issue only when both guest wifi is enabled.
I am using Linksys WRT1900ACS running OpenWRT 18.06.08.

jeff47 · April 5, 2022, 11:02pm

Did you figure this out? I'm seeing the same problem.

chkumar · April 6, 2022, 3:57am

no, its still the same.

jeff47 · April 6, 2022, 1:09pm

I think I figured this out using a bridge device, and then having each wireless radio assigned to the bridge.

chkumar · April 6, 2022, 1:21pm

could you please share the configurations or commands that you followed? it would be a lot of help!

jamesmacwhite · December 4, 2022, 12:04pm

The solution is to create a bridge device e.g. br-guest, then create a guest network interface as normal as shown in various guides, but making sure you select the br-guest bridge device as the device, rather than a specific radio interface.

For each wireless SSID, you assign them to the br-guest bridge.

Most of the guides around guest WiFi will just create a guest network interface that links to a single radio, which doesn't allow you to have both bands. Using a bridge means you can have both a 2.4 GHz and 5.0 GHz SSID under the single guest network. For convenience , the SSID can be the same across both if you'd like.