I would like to extend my wi-fi coverage in my house. There are two wireless networks: the first is a private and the second is a guest network. I have an old TP-Link WR841N router, which can be used as a dump AP to repeat Wi-Fi signals. The main router is a TP-Link WR1043ND.
I set up guest network according to this guide, and extended VLANs according to this video.
On the dump AP there is no routing, so I disabled firewall
and dnsmasq
services. It don't give any IP addresses to the clients, because it has been given from the main router.
On the main router, there is two interfaces: the first one is LAN and the second one is GUEST assigned to the corresponding VLANs. Protocol is static address in both interfaces.
On the dump AP, there is also two interfaces, same as on the main router. Protocol is DHCP client in both interfaces.
If I don't use tagged ports (trunking), both networks works perfectly.
However if I use trunking, just LAN network works, because the dump AP can't obtain IP address from the main router on its GUEST interface.
Main router's config files:
root@TL-WR1043ND:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd78:b0***'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option description 'LAN'
option ports '0t 4t 3 2 1'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option description 'WAN'
option ports '6t 5'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option device 'br-guest'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '0t 4t'
option description 'Guest'
option vid '3'
config device
option name 'br-guest'
option type 'bridge'
list ports 'eth1.3'
root@TL-WR1043ND:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config zone
option name 'guest'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'guest'
config rule
option name 'Guest DHCP and DNS'
option src 'guest'
option dest_port '53 67 68'
option target 'ACCEPT'
config forwarding
option src 'guest'
option dest 'wan'
Dump AP's config file:
root@TL-WR841ND:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd20:b***'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'dhcp'
option hostname 'LAN-DumpAP'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 4t 3 2 1'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '0t 4t'
config interface 'guest'
option ifname 'eth0.2'
option proto 'dhcp'
option hostname 'GUEST-DumpAP'
option type 'bridge'
It would be appreciated if someone could tell me what cause the problem.