Strange problem with Unifi AP-LR and network loop

Hi guys.
For weeks I have been struggling with a strange problem with a Ubiquiti AP-LR.
After a reboot with factory configuration, I have no access via the LAN interface. On the serial console after starting the network, a message similar like this appears:

[ 5053.457782] br-lan: received packet on eth0 with own address as source address (addr:44:d9:e7:74:8a:a3, vlan:0)

OK, got it. Seems to be a network loop. But there is only a single PC
with a fixed IP connected to the LAN interface, no other switch or other network hardware.
Sometimes everything works normally if I restart the network without rebooting. Then I can also connect the LAN interface to my normal network and have access to LUCI and the AP has access to the Internet etc.
I have now found out that the interface or LAN bridge usually works properly if I
stop the network, make some changes in the file /etc/config/network, e.g. change the MAC address or IP address or add 'option stp 1' and then start the network again.
After a complete reboot, the network generally doesn't work, I always have to make a change to /etc/config/network first.
I'm currently poking around in the many init scripts to possibly find a workaround for this strange behavior, but so far without success.
Maybe someone here has a tip for me...
Thanks

You only have a single Ethernet port, so stp is not typically necessary here.

How is the device connected to your pc alone? Do you have a poe injector or a poe switch? If you’re using a switch, is it still connected to the upstream network, or are the only connections your ap and your pc?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Using username "root".
Authenticating with public key "rsa-key-20140901"


BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.0, r23497-6637af95aa
 -----------------------------------------------------
root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.134",
        "hostname": "OpenWrt",
        "system": "Atheros AR7241 rev 1",
        "model": "Ubiquiti UniFi AP LR",
        "board_name": "ubnt,unifi",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0",
                "revision": "r23497-6637af95aa",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.0 r23497-6637af95aa"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdfc:d8b1:03b9::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        option macaddr '44:D9:E7:74:9A:A6'
        list ports 'eth0'
        option stp '1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option macaddr '44:D9:E7:74:9A:A6'
        option ipaddr '192.168.204.2'
        option netmask '255.255.255.0'
        option gateway '192.168.204.1'
        option dns '192.168.204.1'
        option stp '1'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT

root@OpenWrt:~#

... and I'm using an original UBNT 24V PoE injector.

Remove the stp line.

Remove the macaddr line and the stp link s.

Disable the dhcp server if your main router already has a dhcp server running.

Also consider upgrading to 23.05.5.

Reboot after the changes and it should work normally. Don’t forget to enable WiFi (which I’m assuming is the whole point of this device on your network).

Unfortunately, that's exactly what it doesn't do.
I had already activated WiFi. It works perfectly and I can access my normal network through it.
I currently only have version 23.5.0 installed for testing purposes, I previously had 23.5.03 and 23.05.05 installed with the same problem.
And without the entries 'option macaddress ...' and 'option stp ...' the problem doesn't change.
I'll do it again now anyway.

After upgrade to 23.5.05 network is fine. Then reboot.

BusyBox v1.36.1 (2024-09-23 12:34:46 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.5, r24106-10cc5fcd00
 -----------------------------------------------------
root@OpenWrt:/#

... snip ...

[  127.146734] br-lan: received packet on eth0 with own address as source address (addr:44:d9:e7:74:8a:a3, vlan:0)
[  128.186718] br-lan: received packet on eth0 with own address as source address (addr:44:d9:e7:74:8a:a3, vlan:0)
service network stop
[  139.142667] br-lan: port 2(phy0-ap0) entered disabled state
[  139.148522] br-lan: port 1(eth0) entered disabled state
[  139.196690] device eth0 left promiscuous mode
[  139.201326] br-lan: port 1(eth0) entered disabled state
[  139.236997] eth0: link down
[  139.244123] device phy0-ap0 left promiscuous mode
[  139.249163] br-lan: port 2(phy0-ap0) entered disabled state
root@OpenWrt:/#
root@OpenWrt:/# vi /etc/config/network

... snip ... (added option macaddr ...)

root@OpenWrt:/# service network start
root@OpenWrt:/# [  410.983790] br-lan: port 1(eth0) entered blocking state
[  410.989188] br-lan: port 1(eth0) entered disabled state
[  410.994893] device eth0 entered promiscuous mode
[  413.068398] eth0: link up (100Mbps/Full duplex)
[  413.073052] br-lan: port 1(eth0) entered blocking state
[  413.078367] br-lan: port 1(eth0) entered forwarding state
[  413.106622] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[  416.597268] br-lan: port 2(phy0-ap0) entered blocking state
[  416.602917] br-lan: port 2(phy0-ap0) entered disabled state
[  416.609068] device phy0-ap0 entered promiscuous mode
[  416.701228] br-lan: port 2(phy0-ap0) entered blocking state
[  416.706934] br-lan: port 2(phy0-ap0) entered forwarding state
[  416.713240] br-lan: port 2(phy0-ap0) entered disabled state
[  416.738390] device phy0-ap0 left promiscuous mode
[  416.743313] br-lan: port 2(phy0-ap0) entered disabled state
[  416.807226] br-lan: port 2(phy0-ap0) entered blocking state
[  416.812878] br-lan: port 2(phy0-ap0) entered disabled state
[  416.819026] device phy0-ap0 entered promiscuous mode
[  417.407404] IPv6: ADDRCONF(NETDEV_CHANGE): phy0-ap0: link becomes ready
[  417.414494] br-lan: port 2(phy0-ap0) entered blocking state
[  417.420204] br-lan: port 2(phy0-ap0) entered forwarding state

... snip ... (network is fine!)

So everything is good now?

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

No, it isn't. After reboot or after 'network restart' no access via LAN.

let's see the latest config again.

And please provide details about how the AP is connected to your network and how you are testing things.

This is my current configuration. The network works. But after rebooting nothing works again until I edit /etc/config/network...

root@OpenWrt:/# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdfc:d8b1:03b9::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option macaddr '44:D9:E7:74:9A:A6'
        option ipaddr '192.168.204.2'
        option netmask '255.255.255.0'
        option gateway '192.168.204.1'
        option dns '192.168.204.1'

root@OpenWrt:/# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'psk2'
        option key 'paukenfell'
root@OpenWrt:/#

Aside from the MAC address line in the network config, what else are you editing?

1 Like

The AP is currently connected to the switch via the PoE injector, which is also how it accesses the standard gateway, DNS and Internet.
I also have access via serial console if the LAN interface is not working.
Tomorrow I can connect the AP directly to the PC again, without a switch.
But the error occurred in this configuration too.

By the way, I don't actually need the LAN connection for the purpose I want to use the AP for. I just want to connect several more distant IP cameras to the central unit and if I deactivate the LAN interface, it works perfectly.
But I'm interested in the problem and I really want to find out the cause.

Nothing else then removed theMAC address line.

If the error occurs and I edit /etc/config/network, it doesn't matter whether I add or remove lines or change values. The main thing is that the file changes. Then after 'network start' everything works fine without errors.

In the end, this won't be an existential problem if we can't find the error definitively here and now.
Perhaps the problem will resolve itself with a later upgrade.

If this is only happening during the boot-up proccess and not later, then it really isn't an issue you need to worry about.

The question in the end is simple:

  • Is the device operating as expected once fully booted?
    (this means both operating as a bridged AP and accessible for administration via ssh and/or http/https)

Hi.
Today I did a lot of intensive tests with the device. So it doesn't matter whether I connect the LAN connection individually
and directly to the PC or to the local network via the switch, it always behaves the same.
Even if only the power supply is connected and there is no network connection at all. After rebooting, the error message appears
and if I then edit /etc/config/network and restart the network, everything works normally.
But sometimes only after the 2nd or 3rd attempt.

If you ignore the error message...

is everything else working properly?