Router as switch

tommiedepommie · February 18, 2022, 10:50am

Hello all,

I noticed some strange behaviour in my network.
My ADSL modem is connected to my Netgear R-7800 openwrt router on the wan side. One lan connection goes to my 24 port Gigabit switch which is used to connect my wired network.
In my office I have an older Openwrt router connected only on the lan side.
The wifi networks are configured with the same SSID/security/channel number.
When I connect my phone to the R-7800, wireless, all works fine.
When I connect my phone in my office to the wifi, I can’t access some devices who are connected by wire on my 24 port switch.
Am I forgetting something ?

Thank you in advance,

Tom

eduperez · February 18, 2022, 2:26pm

Yes you forgot to include the configuration files from the dumb AP...

tommiedepommie · February 18, 2022, 2:47pm

I only gave the dumb ap a fixed ipaddress and disabled dhcp on it.

IanC · February 18, 2022, 5:54pm

Is there a firewall / NAT till active somewhere?

psherman · February 18, 2022, 6:32pm

Not necessarily your issue, but channel should not be the same. Make sure that each AP uses different channels.

^^^^ this. Troubleshooting these things is all about the details. We can't really help if we don't have the full story.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

tommiedepommie · February 19, 2022, 8:00am

Is there an explanation for?
Config files below including firewall but as stated before, I'm not using the WAN port.

Thank you very much.

/etc/config/network

config switch 'eth0'
	option name 'eth0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'eth0'
	option vlan '1'
	option ports '1 2 3 4 8t'

config switch_vlan
	option device 'eth0'
	option vlan '2'
	option ports '0 8t'

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf1:7934:2a00::/48'

config interface 'lan'
	option ifname 'eth0.1'
	option force_link '1'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.8.4'
	option gateway '192.168.8.1'

config interface 'wan'
	option ifname 'eth0.2'
	option _orig_ifname 'eth0.2'
	option _orig_bridge 'false'
	option proto 'none'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'bcma0:1'
	option txpower '20'
	option country '00'

config wifi-iface
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Openwrt'
	option encryption 'psk-mixed'
	option key 'XXXXXXXXXXXXXXXX'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
/etc/config/firewall

config defaults
	option syn_flood	1
	option input		ACCEPT
	option output		ACCEPT
	option forward		REJECT
# Uncomment this line to disable ipv6 rules
#	option disable_ipv6	1

config zone
	option name		lan
	list   network		'lan'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT

config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1

config forwarding
	option src		lan
	option dest		wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4

# Allow IPv4 ping
config rule
	option name		Allow-Ping
	option src		wan
	option proto		icmp
	option icmp_type	echo-request
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
	option name		Allow-DHCPv6
	option src		wan
	option proto		udp
	option src_ip		fe80::/10
	option src_port		547
	option dest_ip		fe80::/10
	option dest_port	546
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-MLD
	option src		wan
	option proto		icmp
	option src_ip		fe80::/10
	list icmp_type		'130/0'
	list icmp_type		'131/0'
	list icmp_type		'132/0'
	list icmp_type		'143/0'
	option family		ipv6
	option target		ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

psherman · February 19, 2022, 4:23pm

An explanation as to why the channels should not be the same? Yes... Basically 2 major reasons:

when multiple APs that are in relatively close proximity are using the same channel, they cause interference with each other. It is effectively raising the noise on that channel and therefore lowering the signal to noise ratio. It is kind of like when multiple people talk to you at the same time and each of those conversations requires you to actually process accurately everything that is said.
a client device will have difficulty figuring out which AP is better at any given moment (for roaming purposes) if it can't clearly distinguish the signals. When the APs use the same channels, it is really hard to differentiate one from the other and to properly calculate the signal performance since there is all the extra noise on the channel.

I like this video as an primer for setting up high performance wifi throughout a space. Although it deals with Unifi, the concepts apply to all wifi radios in principle.

psherman · February 19, 2022, 4:30pm

I am assuming that you have provided the config for the dumb AP in the office.

First make sure you use a different channel -- on the 2G band, that would mean channel 1 or 6.

I don't know if this is the problem, but I'd recommend just trying standard WPA2 and not the mixed mode... some devices have issues with WPA3 and mixed mode.

tommiedepommie · February 20, 2022, 3:58pm

Thank you for the explanation and yes ofcourse, I provided the settings of the second router.
I'll change that setting and get back to you.

Greetings Tom

Now I'm going to watch the video you provided.

tommiedepommie · February 26, 2022, 1:34pm

Hello all,

sorry for my late reaction but I had to check if my problem was solved.
I had to reset the second router completely because it was inaccesable after some modifications.
As @psherman suggested, I changed the channel frequencies and security.
I do not know if the latest modifications were the solution or the complete reboot but my problem seems solved.
Thsnk you all for helping and have a great weekend.

greetings Tom

system · March 8, 2022, 1:34pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.