On my D-Link DIR-860L b1 as AP which is behind the another router, both 5G and 2.4G WiFi works normally, until I'd like to add a guest SSID to 2.4G channel.
The problem is, when I use either single SSID on 2.4G there's no issue at all, while when enabled both SSIDs on 2.4G, ether one of the 2.4G SSID or the SSID on 5G will have trouble getting ip addresses from dhcp.
It's possibly just a symptom of wrong configurations, but I don't know the exact culprit. This configuration also could cause either 2.4G or 5G not up at all after reboot.
wireless:
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT40'
option cell_density '0'
option channel '157'
option country 'US'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option network 'guest0'
option encryption 'wpa2+ccmp'
option auth_server '192.168.1.3'
option auth_port '1812'
option auth_secret 'xxxxxx'
option acct_server '192.168.1.3'
option acct_port '1813'
option acct_secret 'xxxxxx'
option ssid 'NETGEAR06-5G-ENT'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'HT20'
option cell_density '0'
option country 'US'
option channel '11'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option encryption 'psk2+ccmp'
option key 'xxxxxx'
option ssid 'NETGEAR06'
option network 'guest2'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'NETGEAR06-ENT'
option encryption 'wpa2+ccmp'
option auth_server '192.168.1.3'
option auth_port '1812'
option auth_secret 'xxxxxx'
option acct_server '192.168.1.3'
option acct_port '1813'
option network 'guest1'
option acct_secret 'xxxxxx'
network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd61:77d2:xxxx::/48'
config device
option name 'br-lan'
option type 'bridge'
option macaddr '54:xx:xx:xx:xx:90'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
option gateway '192.168.1.2'
config device
option name 'wan'
option macaddr '54:xx:xx:xx:xx:93'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config device
option name 'lan1'
config interface 'lan_gateway'
option proto 'dhcp'
option device 'lan1'
config interface 'guest0'
option device 'wlan0'
option proto 'static'
option ipaddr '172.16.0.1'
option netmask '255.255.255.0'
option gateway '192.168.1.2'
config interface 'guest1'
option device 'wlan1'
option proto 'static'
option ipaddr '172.16.1.1'
option netmask '255.255.255.0'
option gateway '192.168.1.2'
config interface 'guest2'
option device 'wlan1-1'
option proto 'static'
option ipaddr '172.16.2.1'
option netmask '255.255.255.0'
option gateway '192.168.1.2'
dhcp:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,192.168.1.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest0'
option interface 'guest0'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.1.1'
config dhcp 'guest1'
option interface 'guest1'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.1.1'
config dhcp 'guest2'
option interface 'guest2'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.1.1'
firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config zone
option name 'lan_int'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'lan_gateway'
config zone
option name 'guest0'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list device 'wlan0'
list network 'guest0'
config zone
option name 'guest1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list device 'wlan1'
list network 'guest1'
config zone
option name 'guest2'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list device 'wlan1-1'
list network 'guest2'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'guest0'
option dest 'lan_int'
config forwarding
option src 'guest1'
option dest 'lan_int'
config forwarding
option src 'guest2'
option dest 'lan_int'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config rule
option name 'Allow Guest1 DHCP'
option direction 'in'
option device 'wlan1'
option family 'ipv4'
list proto 'udp'
option src 'guest1'
option dest_port '67-68'
option target 'ACCEPT'
option src_port '67-68'
config rule
option name 'Allow Guest0 DHCP'
option direction 'in'
option device 'wlan0'
option family 'ipv4'
list proto 'udp'
option src 'guest0'
option src_port '67-68'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'Allow Guest2 DHCP'
option direction 'in'
option device 'wlan1-1'
option family 'ipv4'
list proto 'udp'
option src 'guest2'
option src_port '67-68'
option dest_port '67-68'
option target 'ACCEPT'
config nat
option name 'Allow Access Samba'
list proto 'tcp'
list proto 'udp'
option src_port '1024-65535'
option dest_ip '192.168.1.3'
option dest_port '445'
option target 'SNAT'
option snat_ip '192.168.1.2'
option src 'lan_int'
option device 'lan1'