[Solved] DHCP not working on a specific Wifi

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi everyone,

Even though I've done enough network setup over the years, I'm actually new to OpenWRT. So far, everything was fairly easy to set up due to a number of tutorials I followed. Unfortunately, now I have one specific Wifi on my Archer C7 which does not hand out DHCP leases to clients. All other networks work, though, which makes me wonder...

Anyway, here's my /etc/config/network:


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdc9:9e03:7aa2::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3t 4t 5t'
	option vid '1'
	option description 'lan'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t 1'
	option vid '2'
	option description 'wan'

config device 'guest_dev'
	option type 'bridge'
	option name 'br-guest'
	list ports 'eth1.4'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	list ipaddr '192.168.4.1/24'

config device 'home_dev'
	option type 'bridge'
	option name 'br-home'
	list ports 'eth1.3'

config interface 'home'
	option proto 'static'
	option device 'br-home'
	option ipaddr '10.10.10.10'
	option netmask '255.0.0.0'

config device 'iot_dev'
	option type 'bridge'
	option name 'br-iot'
	list ports 'eth1.5'

config interface 'iot'
	option proto 'static'
	option device 'br-iot'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'

config device 'office_dev'
	option type 'bridge'
	option name 'br-office'
	list ports 'eth1.6'

config interface 'office'
	option proto 'static'
	option device 'br-office'
	option ipaddr '192.168.6.1'
	option netmask '255.255.255.0'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option description 'home'
	option ports '0t 3t 4t 5t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option description 'guest'
	option ports '0t 3t 4t 5t'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '5'
	option description 'iot'
	option ports '0t 3t 4t 5t'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option vid '6'
	option description 'office'
	option ports '0t 3t 4t 5t'

config device
	option name 'eth0'
	option macaddr '18:D6:C7:29:01:A7'

config device
	option name 'eth1'
	option macaddr '18:D6:C7:29:01:A6'

config device
	option name 'phy0-ap0'
	option macaddr '18:D6:C7:29:01:A5'

config device
	option name 'phy1-ap0'
	option macaddr '18:D6:C7:29:01:A5'

config device
	option name 'phy1-ap1'
	option macaddr '18:D6:C7:29:01:A5'

config device
	option name 'phy1-ap2'
	option macaddr '18:D6:C7:29:01:A5'

config device
	option name 'phy1-ap3'
	option macaddr '18:D6:C7:29:01:A5'

config device
	option name 'phy0-ap1'
	option macaddr '18:D6:C7:29:01:A5'

And here's /etc/config/wireless:


config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option channel 'auto'

config wifi-iface 'office5'
	option device 'radio0'
	option network 'office'
	option mode 'ap'
	option ssid 'test_Pfarramt Nebringen 5G'
	option encryption 'sae-mixed'
	option key ''******'
	option ieee80211r '1'
	option ft_over_ds '0'
	option mobility_domain '2929'
	option disabled '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'office'
	option device 'radio1'
	option network 'office'
	option mode 'ap'
	option ssid 'test_Pfarramt Nebringen'
	option encryption 'sae-mixed'
	option key ''******'
	option ieee80211r '1'
	option ft_over_ds '0'
	option mobility_domain '2929'

config wifi-iface 'guest'
	option device 'radio0'
	option mode 'ap'
	option network 'guest'
	option ssid 'test_Pfarramt Nebringen Gast'
	option encryption 'sae-mixed'
	option key ''******'
	option ieee80211r '1'
	option mobility_domain '4444'
	option ft_over_ds '0'
	option isolate '1'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid 'test_Pfarramt Nebringen Gast'
	option encryption 'sae-mixed'
	option key '******'
	option ieee80211r '1'
	option mobility_domain '4444'
	option ft_over_ds '0'
	option network 'guest'
	option isolate '1'

config wifi-iface 'home'
	option device 'radio1'
	option mode 'ap'
	option network 'home'
	option ssid 'test_Pfarrhaeusle'
	option encryption 'sae-mixed'
	option key ''******'
	option ieee80211r '1'
	option mobility_domain '1010'
	option ft_over_ds '0'

config wifi-iface 'home5'
	option device 'radio0'
	option mode 'ap'
	option ssid ''******'
	option encryption 'sae-mixed'
	option key '5Menschen&2Kater'
	option ieee80211r '1'
	option mobility_domain '1010'
	option ft_over_ds '0'
	option network 'home'

config wifi-iface 'iot'
	option device 'radio1'
	option mode 'ap'
	option network 'iot'
	option ssid 'test_Pfarrhaeusle HomeAutomation'
	option encryption 'sae-mixed'
	option key ''******'
	option ieee80211r '1'
	option mobility_domain '2222'
	option ft_over_ds '0'

config wifi-iface 'wifinet7'
	option device 'radio0'
	option mode 'ap'
	option ssid 'test_Pfarramt Nebringen2'
	option encryption 'sae-mixed'
	option key ''******'
	option ieee80211r '1'
	option mobility_domain '2929'
	option ft_over_ds '0'
	option network 'office'

Finally, /etc/config/dhcp


config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '1h'

config dhcp 'home'
	option interface 'home'
	option start '100'
	option limit '150'
	option leasetime '24h'

config dhcp 'iot'
	option interface 'iot'
	option start '100'
	option limit '150'
	option leasetime '24h'

config dhcp 'office'
	option interface 'office'
	option start '100'
	option limit '150'
	option leasetime '24h'

I'm looking forward to hearing your ideas on what might be the problem.

Blessings,
Christoph

2

Start by not using sae-mixed.

1 Like
3

Which SSID is not working properly?

Remove all of the radio related items from the network config file... they do not belong here:

Why are you using a /8 here. While technically fine, it's not best practice.

I recommend disabling all 802.11r related items on all SSIDs. Do you have more than one AP? If so, disable it on all until/unless there is an actual demonstrated need for it. Some client devices do not play well with fast roaming. If you only have one AP, it's not applicable and should also be removed.

Also, don't use sae-mixed encryption. Like 802.11r, some devices choke on this method. Use WAP2 or WPA3, but not mixed mode.

Beyond that, everything else looks fine here, but we need to see your firewall file.

4

Ok. I changed that to psk-mixed.

Unfortunately, that still doesn't give me a DHCP lease on the "test_Pfarramt Nebringen" wifi (connected to the "office") network. It still works on the other networks (where sae-mixed worked as well, I might add).

5

Change from, I hope.

6

Don't use psk-mixed either. Just WPA2 xor WPA3.

7

Wow, you guys are fast!

So, the pointer to /etc/config/firewall was the solution. When I went there to copy the configuration, I realized I had missed the following two blocks:

config rule 'office_dns'
	option name 'Allow-DNS-office'
	option src 'office'
	option dest_port '53'
	option proto 'tcp udp'
	option target 'ACCEPT'

config rule 'office_dhcp'
	option name 'Allow-DHCP-office'
	option src 'office'
	option dest_port '67'
	option proto 'udp'
	option family 'ipv4'
	option target 'ACCEPT'

Now it works fine. With all encryption modes, I might add. Would you enlighten me as to what's the problem with "sae-mixed"?

8

It may work fine for some people, but for others it can be a problem. Some client devices (sta mode) just don't work well with mixed mode. I don't know the underlying reasons, I just know that it is an issue that arises from time to time.

9

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile: