Setting Router IP to "port 22: Permission denied"

I have a TP-Link Archer C7 v2 router with OpenWrt 19.07.5 r11257-5090152ae3. I'm attempting to change the LAN subnet from the default to, because the latter is easier to type and more pleasing to my eye:

uci set network.lan.ipaddr=''
uci commit network
reboot now

However, doing so, the router ceases to allow me in via SSH:

$ ssh root@
ssh: connect to host port 22: Permission denied

Additionally, some other network connections also don't work, but it's hard to diagnose them because I can't access the router. I suspect many ports get blocked too, at least HTTP gets. However, the routers still answers to ping:

$ ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=0.319 ms
64 bytes from icmp_seq=1 ttl=64 time=0.341 ms

With '' instead of '' everything seems to work. A sensible person would just use that setting, but this thing piques my curiosity. After reviewing a bunch of sources, should be a valid IP address. (I think that historically, the so-called "subnet zero" was avoided, but as the netmask here is set to, both '' and '' are in subnet zero, and the latter works.) Is my understanding of IP lacking something, or is there some idiosyncrasies in the software stack of OpenWrt that causes to be ill-supported? Or is it a hardware issue? Any insight would be appreciated.

Your LAN address can be -- that should work.

The problem is that is actually the network address and not a valid host address when working with a /24 subnet (subnet mask


Just for your information, your OpenWrt router is running a DNS server, so technically you don't need to type any IP address as the router is reachable under his hostname :wink:

1 Like

@psherman Interesting, is there some RFC or some other source that explains this thoroughly? Is the first address (all-zeros after the network prefix) of a network always reserved for this use? Is the address ever used in actual communication, besides being used in config files etc?

What happens to IP packets that are sent to this address?

@faser Yes, I know. Thanks!

Just lookup subnetting or use a subnet calculator. It will show you the network address, valid host addresses, and broadcast address. For example, see the image below...

I had never tried to ping the network address previously, but just did and got a whole bunch of responses (almost all of them were marked as duplicates) -- it seems that every device on the network may reply. I don't think that it is ever used in communication as it is ambiguous -- no host should ever hold that address, and there is a broadcast address (.255 in the case of a /24 network) for when broadcasts are needed. It is used in some (but not all) config files, depending on the OS, of course.


First and last address of a subnet are reserved, like said.

Brief summary:

The rule originates from RFC923

the address zero is to be interpreted as meaning "this", as in "this network". The address of all ones are to be interpreted as meaning "all", as in "all hosts".


Thanks for the links! This is exactly what I was after. (For some reason, I wouldn't find these explanations myself at first, possibly because I don't know the proper terminology.) I'll mark this as the "solution".

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.