Trying to clean-up Home Network mess, OpenWrt, non-OpenWrt, & hardwired/wifi mix

Long-time lurker due to wanting to flash my Luma "mesh" wifi routers to OpenWRT, I encountered an issue that prevents me from being able to complete the official tutorial, so I am stuck with my Luma hubs as-is for my home WiFi (this is relevant below) and merging those with my OpenWRT router.

For anyone who is interested, the issues I'm encountering flashing on a LUMA:

The luma flashing issue is 2-fold

  1. the old 2017 firmware on some lumas have doesn't allow me to use fw-config to set the bootdelay in u-boot as it gives an error about environment not set yet and I can't figure out how to get past that.
  2. for those Lumas I have with firmware in 2018, I can get to the TFTPBOOT step, but any attempts to engage the file transfer just sit there, EVEN THOUGH I can see the "read" and "write" requests through the network from the host Luma and my machine when I use Wireshark to figure out wtf is going on.

So I have to put this effort on hold... :frowning:

Up until now, I have used the LUMAs as the primary network router as I could somewhat manage the network to my liking using their Wifi capability and the fact each Luma node allows me to put a wired "backhaul" to it if I could fish Cat5e successfully, and also can extend the wired connection from any node to another device if necessary (this is nice because it prevents me from needing a hub/switch at each of those locations). So basically, the primary Luma hub was my front-line router WAN/LAN and it would wireless mesh the other nodes from around the house, but those nodes were also backhauled. I would wire them together using various switches to all my devices, and use Luma's app to manage the Wifi network. The Luma also allows me to have a "Guest" wireless network, which I intended to put all my IOT devices on.

However, now I just put OpenWRT on my old Linksys EA4500 (Viper) (yay!) and disabled WiFi on it so it is the frontline router and I want to increase security and network separation, and I need to use my Luma wifi-hub/nodes as they are for my wireless devices (ie. without being able to manage them with OpenWRT). Here is where the problems come in and my confusion.

  • OpenWRT is handling the DHCP assignments, but not always
    • For example, plug in my printer and it gets assigned an IP from the Luma subnet.
  • Luma is handling DHCP assignments, but not always
    • For example, my wife is connected to Luma's wifi, but her computer shows up in the OpenWRT's DCHP leases table
    • Another example is my laptop, which also shows up in OpenWRT's DHCP table even though its wirelessly connected to Luma nodes.
  • My wireless network has (today) started having internet connectivity issues (ping to WAN is intermittent at times, but to LAN stays solid). My wired network seems just fine.

Some searching yielded discussion about DHCP authoritativeness, but I can't control Luma's dhcp behavior on this....

Here is a picture of my network:

I would like to accomplish the following, if possible:

  1. Have Luma's wirelessly connected clients be on their own sub-net. I would then use its app to manage them and the "Guest" network.
  2. Have any wired device be on its own sub-net (even if its plugged into a "backhauled" Luma node).
  3. Allow wired devices to "see" and interact with wireless devices, but only whitelisted wireless devices could see the wired subnet.

Once I have that worked out, I can feel comfortable adding other functionality to the network like Pihole, a VPN, port-forwarding, etc.

I fully get my setup is non-conventional, but its what I have and limited within my house. :-/ What I am not doing correctly, or properly, because I am having a lot of difficulty wrapping my head around this. I know I need to separate into VLANs, possibly tagged? I also think that the Luma hub and the OpenWRT DHCP servers are currently competing, hence the weird IP behavior.

I tried cleaning it up within OpenWRT myself and essentially brought everything down (including the working-from-home wife). Help stepping me through this?

In home situations there must be only one DHCP server. Running multiple DHCP servers in a network is very complicated. They have to be compatible (usually exactly the same program) to coordinate with each other.

Does the file actually go out on TFTP? If you're seeing TFTP requests made but no replies, this is because the PC firewall is blocking TFTP. Wireshark looks at the interface before the firewall.

Thanks Mike, so even if the DHCPs are on different subnets, this issue still remains? I had figured "walling" off the wireless from the wired would resolve that and let each manage themselves separately. I appreciate the insight.

As for TFTP, I had dropped my PC's firewall entirely (windows 11) when trying to resolve that particular issue, but your comment means I am going to try it again. I surely might have done it improperly. I also want to try using Linux to connect to the Luma via TFTP in case there is something else (driver-related?) going on.

It has to be separate layer 2 networks, enforced with separate physical paths and/or VLANs. DHCP requests are layer 2 broadcasts. Configured IP addresses are not considered at that stage.

If you have two PCs, run a TFTP client on one to confirm you can TFTP from your other PC. Linux of course has a TFTP client by default, Windows also includes a CLI tftp but it is a Windows Feature which may need to be enabled in the Add/remove Programs control panel first.

Okay, gave TFTP a try again. Still nothing even with firewall down. Tried setting various network settings (gateway, ip, etc) to see if that would change anything. So I still need to setup 2 PCs to test, and also try to test from Linux to Luma to narrow this down more.

Interestingly, I was able to gain root access to one of my Lumas. I may be able to disable DHCP via UCI on the main Luma "hub" (I believe 1 gets designated as a hub and controls all the others). Lumas run a customized version of OpenWRT, so with commandline access I actually can modify this. I just need guidance.

Here is the output of a "node"'s uci show:

Luma's default UCI config (The main `HUB` would probably differ some)

acd.config=default acd.config.AutoConfigEnable='0' acd.config.HCSecsBetweenDHCPRequestPackets='2' acd.config.HRSecsBetweenDHCPRequestPackets='3' acd.config.HRSecsBetweenStateContinuityCheck='15' acd.config.HRMaxTriesWaitingForDHCPResponse='3' acd.config.HCMaxTxTriesBeforeGettingIPAddr='10' acd.config.SecsBetweenChecksForCableConnection='5' acd.config.AcdDebugLevel='1' acd.config.DisableHCMode='1' acd.config.DisableWDSSTAInHREMode='0' autossh.luma=autossh autossh.luma.key='/tmp/luma.key' autossh.luma.ssh='-N -T -oExitOnForwardFailure=yes -oServerAliveInterval=60 -oServerAliveCountMax=3 -o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null' autossh.luma.user='luma' autossh.luma.gatetime='0' autossh.luma.monitorport='0' autossh.luma.poll='600' autossh.luma.tunnelport='65001' bluetooth.@bluetoothd[0]=bluetoothd bluetooth.@bluetoothd[0].enabled='1' bluetooth.@hciattach[0]=hciattach bluetooth.@hciattach[0].initspeed='115200' bluetooth.@hciattach[0].tty='ttyS1' bluetooth.@hciattach[0].type='csr' bluetooth.@hciattach[0].speed='115200' bluetooth.@hciattach[0].flow='noflow' bluetooth.@hciattach[0].enabled='0' bluetooth.@rfcomm[0]=rfcomm bluetooth.@rfcomm[0].enabled='0' ddns.myddns=service ddns.myddns.enabled='0' ddns.myddns.interface='wan' ddns.myddns.use_syslog='1' ddns.myddns.service_name='dyndns.org' ddns.myddns.domain='mypersonaldomain.dyndns.org' ddns.myddns.username='myusername' ddns.myddns.password='mypassword' ddns.myddns.use_https='0' ddns.myddns.force_interval='72' ddns.myddns.force_unit='hours' ddns.myddns.check_interval='10' ddns.myddns.check_unit='minutes' ddns.myddns.retry_interval='60' ddns.myddns.retry_unit='seconds' ddns.myddns.ip_source='web' ddns.myddns.ip_url='http://checkip.dyndns.com/' dhcp.dnsmasq=dnsmasq dhcp.dnsmasq.port='53' dhcp.dnsmasq.domainneeded='1' dhcp.dnsmasq.boguspriv='1' dhcp.dnsmasq.filterwin2k='0' dhcp.dnsmasq.localise_queries='1' dhcp.dnsmasq.rebind_protection='0' dhcp.dnsmasq.rebind_localhost='0' dhcp.dnsmasq.local='/lan/' dhcp.dnsmasq.domain='lan' dhcp.dnsmasq.expandhosts='1' dhcp.dnsmasq.nonegcache='0' dhcp.dnsmasq.authoritative='1' dhcp.dnsmasq.readethers='1' dhcp.dnsmasq.leasefile='/tmp/dhcp.leases' dhcp.dnsmasq.resolvfile='/tmp/resolv.conf.auto' dhcp.dnsmasq.dhcphostsfile='/opt/luma/etc/dhcp/static.leases' dhcp.dnsmasq.localservice='1' dhcp.dnsmasq.dbus='1' dhcp.dnsmasq.cachesize='0' dhcp.lan=dhcp dhcp.lan.interface='lan' dhcp.lan.dhcp_option='lan,6,192.168.55.1' dhcp.lan.start='100' dhcp.lan.limit='150' dhcp.lan.leasetime='12h' dhcp.lan.dhcpv6='disabled' dhcp.lan.ra='disabled' dhcp.lan.ignore='0' dhcp.wan=dhcp dhcp.wan.interface='wan' dhcp.wan.ignore='1' dhcp.odhcpd=odhcpd dhcp.odhcpd.maindhcp='0' dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd' dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update' dhcp6c.basic=dhcp6c dhcp6c.basic.enabled='0' dhcp6c.basic.interface='wan' dhcp6c.basic.dns='dnsmasq' dhcp6c.basic.debug='0' dhcp6c.basic.pd='1' dhcp6c.basic.na='0' dhcp6c.basic.rapid_commit='1' dhcp6c.basic.domain_name_servers='1' dhcp6c.basic.domain_name='0' dhcp6c.basic.ntp_servers='0' dhcp6c.basic.sip_server_address='0' dhcp6c.basic.sip_server_domain_name='0' dhcp6c.basic.nis_server_address='0' dhcp6c.basic.nis_domain_name='0' dhcp6c.basic.nisp_server_address='0' dhcp6c.basic.nisp_domain_name='0' dhcp6c.basic.bcmcs_server_address='0' dhcp6c.basic.bcmcs_server_domain_name='0' dhcp6c.basic.script='/usr/bin/dhcp6c-state' dhcp6c.loopback=interface dhcp6c.loopback.enabled='1' dhcp6c.loopback.sla_id='0' dhcp6c.loopback.sla_len='4' dhcp6c.lan=interface dhcp6c.lan.enabled='1' dhcp6c.lan.sla_id='1' dhcp6c.lan.sla_len='4' dhcrelay.ipv4=dhcrelay dhcrelay.ipv4.enabled='0' dhcrelay.ipv4.dhcpserver='192.0.2.10' dhcrelay.ipv6=dhcrelay dhcrelay.ipv6.upper='eth1' dhcrelay.ipv6.lower='eth0.2' 'eth0.3' dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].PasswordAuth='on' dropbear.@dropbear[0].RootPasswordAuth='on' dropbear.@dropbear[0].Port='22' eos.features=flags eos.features.ipset_pause_internet='1' eos.features.private_guest_network='1' eos.luma=eos eos.luma.relx_replace_os_vars='true' eos.luma.dns_addr='127.0.0.1' eos.luma.dns_port='8053' eos.luma.dbus_dnsmasq='1' eos.luma.release_mutable_dir='/var/run/eos' eos.luma.api_host='api-luma-prod.lumaops.com' eos.luma.api_port='4242' eos.luma.www_host='www-luma-prod.lumaops.com' eos.luma.www_port='443' firewall.@defaults[0]=defaults firewall.@defaults[0].syn_flood='1' firewall.@defaults[0].input='ACCEPT' firewall.@defaults[0].output='ACCEPT' firewall.@defaults[0].forward='REJECT' firewall.lan=zone firewall.lan.name='lan' firewall.lan.network='lan' firewall.lan.input='ACCEPT' firewall.lan.output='ACCEPT' firewall.lan.forward='ACCEPT' firewall.@zone[0]=zone firewall.@zone[0].name='wan' firewall.@zone[0].network='wan' 'wan6' firewall.@zone[0].input='REJECT' firewall.@zone[0].output='ACCEPT' firewall.@zone[0].forward='REJECT' firewall.@zone[0].masq='1' firewall.@zone[0].mtu_fix='1' firewall.@forwarding[0]=forwarding firewall.@forwarding[0].src='lan' firewall.@forwarding[0].dest='wan' firewall.@rule[0]=rule firewall.@rule[0].name='Allow-DHCP-Renew' firewall.@rule[0].src='wan' firewall.@rule[0].proto='udp' firewall.@rule[0].dest_port='68' firewall.@rule[0].target='ACCEPT' firewall.@rule[0].family='ipv4' firewall.@rule[1]=rule firewall.@rule[1].name='Allow-Ping' firewall.@rule[1].src='wan' firewall.@rule[1].proto='icmp' firewall.@rule[1].icmp_type='echo-request' firewall.@rule[1].family='ipv4' firewall.@rule[1].target='ACCEPT' firewall.@rule[2]=rule firewall.@rule[2].name='Allow-IGMP' firewall.@rule[2].src='wan' firewall.@rule[2].proto='igmp' firewall.@rule[2].family='ipv4' firewall.@rule[2].target='ACCEPT' firewall.@rule[3]=rule firewall.@rule[3].name='Allow-DHCPv6' firewall.@rule[3].src='wan' firewall.@rule[3].proto='udp' firewall.@rule[3].src_ip='fe80::/10' firewall.@rule[3].src_port='547' firewall.@rule[3].dest_ip='fe80::/10' firewall.@rule[3].dest_port='546' firewall.@rule[3].family='ipv6' firewall.@rule[3].target='ACCEPT' firewall.@rule[4]=rule firewall.@rule[4].name='Allow-MLD' firewall.@rule[4].src='wan' firewall.@rule[4].proto='icmp' firewall.@rule[4].src_ip='fe80::/10' firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0' firewall.@rule[4].family='ipv6' firewall.@rule[4].target='ACCEPT' firewall.@rule[5]=rule firewall.@rule[5].name='Allow-ICMPv6-Input' firewall.@rule[5].src='wan' firewall.@rule[5].proto='icmp' firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement' firewall.@rule[5].limit='1000/sec' firewall.@rule[5].family='ipv6' firewall.@rule[5].target='ACCEPT' firewall.@rule[6]=rule firewall.@rule[6].name='Allow-ICMPv6-Forward' firewall.@rule[6].src='wan' firewall.@rule[6].dest='*' firewall.@rule[6].proto='icmp' firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' firewall.@rule[6].limit='1000/sec' firewall.@rule[6].family='ipv6' firewall.@rule[6].target='ACCEPT' firewall.@include[0]=include firewall.@include[0].path='/etc/firewall.user' firewall.@include[1]=include firewall.@include[1].path='/usr/share/miniupnpd/firewall.include' firewall.@include[1].reload='1' firewall.luma_setup_wan_deny=rule firewall.luma_setup_wan_deny.name='Deny all WAN traffic' firewall.luma_setup_wan_deny.src='lan' firewall.luma_setup_wan_deny.dest='wan' firewall.luma_setup_wan_deny.target='REJECT' firewall.udp_multicast_forwarding=rule firewall.udp_multicast_forwarding.name='UDP-Forwarding-for-IGMP' firewall.udp_multicast_forwarding.src='wan' firewall.udp_multicast_forwarding.proto='udp' firewall.udp_multicast_forwarding.dest='lan' firewall.udp_multicast_forwarding.dest_ip='224.0.0.0/4' firewall.udp_multicast_forwarding.family='ipv4' firewall.udp_multicast_forwarding.target='ACCEPT' firewall.transparent_dns_redirection=redirect firewall.transparent_dns_redirection.name='Transparently-Redirect-Outbound-DNS' firewall.transparent_dns_redirection.src='lan' firewall.transparent_dns_redirection.proto='tcpudp' firewall.transparent_dns_redirection.src_dport='53' firewall.transparent_dns_redirection.dest_ip='192.168.55.1' firewall.transparent_dns_redirection.family='ipv4' firewall.transparent_dns_redirection.target='DNAT' firewall.pause=ipset firewall.pause.name='pause' firewall.pause.storage='hash' firewall.pause.match='ip' firewall.pause.family='ipv4' firewall.pause_update=ipset firewall.pause_update.name='pause_update' firewall.pause_update.storage='hash' firewall.pause_update.match='ip' firewall.pause_update.family='ipv4' firewall.stop_paused_device_traffic=rule firewall.stop_paused_device_traffic.name='Stop-Paused-Device-Traffic' firewall.stop_paused_device_traffic.src='lan' firewall.stop_paused_device_traffic.proto='all' firewall.stop_paused_device_traffic.dest='wan' firewall.stop_paused_device_traffic.ipset='pause' firewall.stop_paused_device_traffic.family='ipv4' firewall.stop_paused_device_traffic.target='REJECT' firewall.@rule[7]=rule firewall.@rule[7].src='wan' firewall.@rule[7].dest='lan' firewall.@rule[7].proto='esp' firewall.@rule[7].target='ACCEPT' firewall.@rule[8]=rule firewall.@rule[8].src='wan' firewall.@rule[8].dest='lan' firewall.@rule[8].dest_port='500' firewall.@rule[8].proto='udp' firewall.@rule[8].target='ACCEPT' firewall.miniupnpd=include firewall.miniupnpd.type='script' firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include' firewall.miniupnpd.family='IPv4' firewall.miniupnpd.reload='1' firewall.qcanssecm=include firewall.qcanssecm.type='script' firewall.qcanssecm.path='/etc/firewall.d/qca-nss-ecm' firewall.qcanssecm.family='any' firewall.qcanssecm.reload='1' fstab.@global[0]=global fstab.@global[0].anon_swap='0' fstab.@global[0].anon_mount='0' fstab.@global[0].auto_swap='1' fstab.@global[0].auto_mount='1' fstab.@global[0].delay_root='5' fstab.@global[0].check_fs='0' hyd.config=config hyd.config.Enable='0' hyd.config.SwitchInterface='auto' hyd.config.SwitchLanVid='1' hyd.config.Control='manual' hyd.config.DisableSteering='0' hyd.hy=hy hyd.hy.PathTransitionMethod='1' hyd.hy.ExtraQueryResponseTime='0' hyd.hy.LoadBalancingSeamless='1' hyd.hy.ConstrainTCPMedium='0' hyd.hy.MaxLBReordTimeout='1500' hyd.Wlan=Wlan hyd.Wlan.WlanCheckFreqInterval='10' hyd.PathChWlan=PathChWlan hyd.PathChWlan.UpdatedStatsInterval_W2='1' hyd.PathChWlan.StatsAgedOutInterval_W2='30' hyd.PathChWlan.MaxMediumUtilization_W2='70' hyd.PathChWlan.MediumChangeThreshold_W2='10' hyd.PathChWlan.LinkChangeThreshold_W2='10' hyd.PathChWlan.MaxMediumUtilizationForLC_W2='70' hyd.PathChWlan.CPULimitedTCPThroughput_W2='0' hyd.PathChWlan.CPULimitedUDPThroughput_W2='0' hyd.PathChWlan.PHYRateThresholdForMU_W2='2000' hyd.PathChWlan.ProbePacketInterval_W2='1' hyd.PathChWlan.ProbePacketSize_W2='64' hyd.PathChWlan.EnableProbe_W2='1' hyd.PathChWlan.AssocDetectionDelay_W2='5' hyd.PathChWlan.UpdatedStatsInterval_W5='1' hyd.PathChWlan.StatsAgedOutInterval_W5='30' hyd.PathChWlan.MaxMediumUtilization_W5='70' hyd.PathChWlan.MediumChangeThreshold_W5='10' hyd.PathChWlan.LinkChangeThreshold_W5='10' hyd.PathChWlan.MaxMediumUtilizationForLC_W5='70' hyd.PathChWlan.CPULimitedTCPThroughput_W5='0' hyd.PathChWlan.CPULimitedUDPThroughput_W5='0' hyd.PathChWlan.PHYRateThresholdForMU_W5='2000' hyd.PathChWlan.ProbePacketInterval_W5='1' hyd.PathChWlan.ProbePacketSize_W5='64' hyd.PathChWlan.EnableProbe_W5='1' hyd.PathChWlan.AssocDetectionDelay_W5='5' hyd.PathChWlan.ScalingFactorHighRate_W5='750' hyd.PathChWlan.ScalingFactorHighRate_W2='200' hyd.PathChWlan.ScalingFactorLow='60' hyd.PathChWlan.ScalingFactorMedium='85' hyd.PathChWlan.ScalingFactorHigh='60' hyd.PathChWlan.ScalingFactorTCP='90' hyd.PathChWlan.UseWHCAlgorithm='1' hyd.PathChWlan.NumUpdatesUntilStatsValid='3' hyd.PathChPlc=PathChPlc hyd.PathChPlc.MaxMediumUtilization='80' hyd.PathChPlc.MediumChangeThreshold='10' hyd.PathChPlc.LinkChangeThreshold='10' hyd.PathChPlc.StatsAgedOutInterval='60' hyd.PathChPlc.UpdateStatsInterval='1' hyd.PathChPlc.EntryExpirationInterval='120' hyd.PathChPlc.MaxMediumUtilizationForLC='80' hyd.PathChPlc.LCThresholdForUnreachable='5' hyd.PathChPlc.LCThresholdForReachable='10' hyd.PathChPlc.HostPLCInterfaceSpeed='0' hyd.Topology=Topology hyd.Topology.ND_UPDATE_INTERVAL='15' hyd.Topology.BD_UPDATE_INTERVAL='3' hyd.Topology.HOLDING_TIME='190' hyd.Topology.TIMER_LOW_BOUND='7' hyd.Topology.TIMER_UPPER_BOUND='11' hyd.Topology.MSGID_DELTA='64' hyd.Topology.HA_AGING_INTERVAL='120' hyd.Topology.ENABLE_TD3='1' hyd.Topology.ENABLE_BD_SPOOFING='1' hyd.Topology.NOTIFICATION_THROTTLING_WINDOW='1' hyd.HSPECEst=HSPECEst hyd.HSPECEst.UpdateHSPECInterval='1' hyd.HSPECEst.NotificationThresholdLimit='10' hyd.HSPECEst.NotificationThresholdPercentage='20' hyd.HSPECEst.AlphaNumerator='3' hyd.HSPECEst.AlphaDenominator='8' hyd.HSPECEst.BufferAllocationThresholdLow='1000' hyd.HSPECEst.BufferAllocationThresholdHigh='1000000' hyd.HSPECEst.MaxTrackedFlows='3' hyd.HSPECEst.ReservedMemory='4' hyd.HSPECEst.LocalFlowRateThreshold='2000000' hyd.HSPECEst.LocalFlowRatioThreshold='5' hyd.PathSelect=PathSelect hyd.PathSelect.UpdateHDInterval='10' hyd.PathSelect.LinkCapacityThreshold='20' hyd.PathSelect.UDPInterfaceOrder='EP52' hyd.PathSelect.NonUDPInterfaceOrder='EP52' hyd.PathSelect.SerialflowIterations='10' hyd.PathSelect.DeltaLCThreshold='10' hyd.LogSettings=LogSettings hyd.LogSettings.EnableLog='0' hyd.LogSettings.LogRestartIntervalSec='10' hyd.LogSettings.LogPCSummaryPeriodSec='0' hyd.LogSettings.LogServerIP='192.168.1.10' hyd.LogSettings.LogServerPort='5555' hyd.LogSettings.EnableLogPCW2='1' hyd.LogSettings.EnableLogPCW5='1' hyd.LogSettings.EnableLogPCP='1' hyd.LogSettings.EnableLogTD='1' hyd.LogSettings.EnableLogHE='1' hyd.LogSettings.EnableLogHETables='1' hyd.LogSettings.EnableLogPS='1' hyd.LogSettings.EnableLogPSTables='1' hyd.LogSettings.LogHEThreshold1='200000' hyd.LogSettings.LogHEThreshold2='10000000' hyd.IEEE1905Settings=IEEE1905Settings hyd.IEEE1905Settings.StrictIEEE1905Mode='0' hyd.IEEE1905Settings.GenerateLLDP='1' hyd.HCPSettings=HCPSettings hyd.HCPSettings.V1Compat='1' hyd.SteerMsg=SteerMsg hyd.SteerMsg.AvgUtilReqTimeout='1' hyd.SteerMsg.LoadBalancingCompleteTimeout='90' hyd.SteerMsg.RspTimeout='2' lbd.config=config lbd.config.Enable='0' lbd.config.PHYBasedPrioritization='0' lbd.IdleSteer=IdleSteer lbd.IdleSteer.RSSISteeringPoint_DG='5' lbd.IdleSteer.RSSISteeringPoint_UG='20' lbd.IdleSteer.NormalInactTimeout='10' lbd.IdleSteer.OverloadInactTimeout='10' lbd.IdleSteer.InactCheckInterval='1' lbd.ActiveSteer=ActiveSteer lbd.ActiveSteer.TxRateXingThreshold_UG='50000' lbd.ActiveSteer.RateRSSIXingThreshold_UG='30' lbd.ActiveSteer.TxRateXingThreshold_DG='6000' lbd.ActiveSteer.RateRSSIXingThreshold_DG='0' lbd.Offload=Offload lbd.Offload.MUAvgPeriod='60' lbd.Offload.MUOverloadThreshold_W2='70' lbd.Offload.MUOverloadThreshold_W5='70' lbd.Offload.MUSafetyThreshold_W2='50' lbd.Offload.MUSafetyThreshold_W5='60' lbd.Offload.OffloadingMinRSSI='20' lbd.StaDB=StaDB lbd.StaDB.IncludeOutOfNetwork='1' lbd.SteerExec=SteerExec lbd.SteerExec.SteeringProhibitTime='300' lbd.SteerExec.BTMSteeringProhibitShortTime='30' lbd.APSteer=APSteer lbd.APSteer.LowRSSIAPSteerThreshold_CAP='20' lbd.APSteer.LowRSSIAPSteerThreshold_RE='45' lbd.APSteer.APSteerToRootMinRSSIIncThreshold='5' lbd.APSteer.APSteerToLeafMinRSSIIncThreshold='10' lbd.APSteer.APSteerToPeerMinRSSIIncThreshold='10' lbd.APSteer.DownlinkRSSIThreshold_W5='-65' lbd.config_Adv=config lbd.config_Adv.AgeLimit='5' lbd.StaDB_Adv=StaDB lbd.StaDB_Adv.AgingSizeThreshold='100' lbd.StaDB_Adv.AgingFrequency='60' lbd.StaDB_Adv.OutOfNetworkMaxAge='300' lbd.StaDB_Adv.InNetworkMaxAge='2592000' lbd.StaDB_Adv.NumRemoteBSSes='4' lbd.StaMonitor_Adv=StaMonitor lbd.StaMonitor_Adv.RSSIMeasureSamples_W2='5' lbd.StaMonitor_Adv.RSSIMeasureSamples_W5='5' lbd.BandMonitor_Adv=BandMonitor lbd.BandMonitor_Adv.ProbeCountThreshold='1' lbd.BandMonitor_Adv.MUCheckInterval_W2='10' lbd.BandMonitor_Adv.MUCheckInterval_W5='10' lbd.BandMonitor_Adv.MUReportPeriod='30' lbd.BandMonitor_Adv.LoadBalancingAllowedMaxPeriod='15' lbd.BandMonitor_Adv.NumRemoteChannels='3' lbd.Estimator_Adv=Estimator_Adv lbd.Estimator_Adv.RSSIDiff_EstW5FromW2='-15' lbd.Estimator_Adv.RSSIDiff_EstW2FromW5='5' lbd.Estimator_Adv.ProbeCountThreshold='3' lbd.Estimator_Adv.StatsSampleInterval='1' lbd.Estimator_Adv.11kProhibitTimeShort='30' lbd.Estimator_Adv.11kProhibitTimeLong='300' lbd.Estimator_Adv.PhyRateScalingForAirtime='50' lbd.Estimator_Adv.EnableContinuousThroughput='0' lbd.Estimator_Adv.BcnrptActiveDuration='50' lbd.Estimator_Adv.BcnrptPassiveDuration='200' lbd.SteerExec_Adv=SteerExec lbd.SteerExec_Adv.TSteering='15' lbd.SteerExec_Adv.InitialAuthRejCoalesceTime='2' lbd.SteerExec_Adv.AuthRejMax='3' lbd.SteerExec_Adv.SteeringUnfriendlyTime='600' lbd.SteerExec_Adv.MaxSteeringUnfriendly='604800' lbd.SteerExec_Adv.TargetLowRSSIThreshold_W2='5' lbd.SteerExec_Adv.TargetLowRSSIThreshold_W5='15' lbd.SteerExec_Adv.BlacklistTime='900' lbd.SteerExec_Adv.BTMResponseTime='10' lbd.SteerExec_Adv.BTMAssociationTime='6' lbd.SteerExec_Adv.BTMAlsoBlacklist='1' lbd.SteerExec_Adv.BTMUnfriendlyTime='600' lbd.SteerExec_Adv.MaxBTMUnfriendly='86400' lbd.SteerExec_Adv.MaxBTMActiveUnfriendly='604800' lbd.SteerExec_Adv.MinRSSIBestEffort='12' lbd.SteerExec_Adv.LowRSSIXingThreshold='10' lbd.SteerAlg_Adv=SteerAlg_Adv lbd.SteerAlg_Adv.MinTxRateIncreaseThreshold='53' lbd.SteerAlg_Adv.MaxSteeringTargetCount='1' lbd.DiagLog=DiagLog lbd.DiagLog.EnableLog='0' lbd.DiagLog.LogServerIP='192.168.1.10' lbd.DiagLog.LogServerPort='7788' lbd.DiagLog.LogLevelWlanIF='2' lbd.DiagLog.LogLevelBandMon='2' lbd.DiagLog.LogLevelStaDB='2' lbd.DiagLog.LogLevelSteerExec='2' lbd.DiagLog.LogLevelStaMon='2' lbd.DiagLog.LogLevelEstimator='2' lbd.DiagLog.LogLevelDiagLog='2' macsec.global=macsec macsec.global.enable='0' mcproxy.config=mcproxy mcproxy.config.protocol='IGMPv3' mcproxy.@pinstance[0]=pinstance mcproxy.@pinstance[0].name='mcproxy1' mcsd.config=config mcsd.config.Enable='1' mcsd.config.SwitchInterface='auto' mcsd.config.SwitchLanVid='1' network.loopback=interface network.loopback.ifname='lo' network.loopback.proto='static' network.loopback.ipaddr='127.0.0.1' network.loopback.netmask='255.0.0.0' network.globals=globals network.globals.ula_prefix='da7:b260:888a::/48' network.lan=interface network.lan.ifname='eth1' network.lan.type='bridge' network.lan.stp='1' network.lan.proto='static' network.lan.ipaddr='192.168.55.1' network.lan.netmask='255.255.255.0' network.lan.ip6assign='60' network.wan=interface network.wan.ifname='eth0' network.wan.proto='dhcp' network.wan6=interface network.wan6.ifname='@wan' network.wan6.proto='dhcpv6' network.@switch[0]=switch network.@switch[0].name='switch0' network.@switch[0].reset='1' network.@switch[0].enable_vlan='1' network.@switch_vlan[0]=switch_vlan network.@switch_vlan[0].device='switch0' network.@switch_vlan[0].vlan='1' network.@switch_vlan[0].ports='0t 1 2 3 4' network.@switch_vlan[1]=switch_vlan network.@switch_vlan[1].device='switch0' network.@switch_vlan[1].vlan='2' network.@switch_vlan[1].ports='0t 5' network.@switch_ext[0]=switch_ext network.@switch_ext[0].device='switch0' network.@switch_ext[0].name='QosPtMode' network.@switch_ext[0].port_id='1' network.@switch_ext[0].mode='dscp' network.@switch_ext[0].status='enable' network.@switch_ext[1]=switch_ext network.@switch_ext[1].device='switch0' network.@switch_ext[1].name='QosPtMode' network.@switch_ext[1].port_id='2' network.@switch_ext[1].mode='dscp' network.@switch_ext[1].status='enable' network.@switch_ext[2]=switch_ext network.@switch_ext[2].device='switch0' network.@switch_ext[2].name='QosPtMode' network.@switch_ext[2].port_id='3' network.@switch_ext[2].mode='dscp' network.@switch_ext[2].status='enable' network.@switch_ext[3]=switch_ext network.@switch_ext[3].device='switch0' network.@switch_ext[3].name='QosPtMode' network.@switch_ext[3].port_id='4' network.@switch_ext[3].mode='dscp' network.@switch_ext[3].status='enable' network.@switch_ext[4]=switch_ext network.@switch_ext[4].device='switch0' network.@switch_ext[4].name='QosPtMode' network.@switch_ext[4].port_id='5' network.@switch_ext[4].mode='dscp' network.@switch_ext[4].status='enable' nss.qca_nss_0=nss_firmware nss.qca_nss_1=nss_firmware nss.@general[0]=general nss.@general[0].enable_rps='1' pppoe.relay=pppoe_relay pppoe.relay.enable='0' pppoe.relay.client='lan' pppoe.relay.server='wan' radvd.@interface[0]=interface radvd.@interface[0].interface='lan' radvd.@interface[0].AdvSendAdvert='1' radvd.@interface[0].AdvManagedFlag='0' radvd.@interface[0].AdvOtherConfigFlag='0' radvd.@interface[0].client='' radvd.@interface[0].ignore='1' radvd.@prefix[0]=prefix radvd.@prefix[0].interface='lan' radvd.@prefix[0].prefix='' radvd.@prefix[0].AdvOnLink='1' radvd.@prefix[0].AdvAutonomous='1' radvd.@prefix[0].AdvRouterAddr='0' radvd.@prefix[0].ignore='1' radvd.@route[0]=route radvd.@route[0].interface='lan' radvd.@route[0].prefix='' radvd.@route[0].ignore='1' radvd.@rdnss[0]=rdnss radvd.@rdnss[0].interface='lan' radvd.@rdnss[0].addr='' radvd.@rdnss[0].ignore='1' radvd.@dnssl[0]=dnssl radvd.@dnssl[0].interface='lan' radvd.@dnssl[0].suffix='' radvd.@dnssl[0].ignore='1' repacd.repacd=config repacd.repacd.Enable='0' repacd.repacd.ManagedNetwork='lan' repacd.repacd.DeviceType='RE' repacd.repacd.Role='NonCAP' repacd.repacd.GatewayConnectedMode='AP' repacd.repacd.ConfigREMode='auto' repacd.repacd.DefaultREMode='qwrap' repacd.repacd.BlockDFSChannels='0' repacd.repacd.EnableSteering='1' repacd.repacd.EnableSON='1' repacd.repacd.ManageMCSD='1' repacd.repacd.LinkCheckDelay='2' repacd.WiFiLink=WiFiLink repacd.WiFiLink.MinAssocCheckAutoMode='5' repacd.WiFiLink.MinAssocCheckPostWPS='5' repacd.WiFiLink.WPSTimeout='180' repacd.WiFiLink.AssociationTimeout='300' repacd.WiFiLink.RSSINumMeasurements='5' repacd.WiFiLink.RSSIThresholdFar='-75' repacd.WiFiLink.RSSIThresholdNear='-60' repacd.WiFiLink.RSSIThresholdMin='-75' repacd.WiFiLink.RSSIThresholdPrefer2GBackhaul='-100' repacd.WiFiLink.2GBackhaulSwitchDownTime='10' repacd.WiFiLink.MaxMeasuringStateAttempts='3' repacd.Reset=LEDState repacd.Reset.Name_1='led_0' repacd.Reset.Trigger_1='none' repacd.Reset.Brightness_1='0' repacd.Reset.Name_2='led_1' repacd.Reset.Trigger_2='none' repacd.Reset.Brightness_2='0' repacd.NotAssociated=LEDState repacd.NotAssociated.Name_1='led_0' repacd.NotAssociated.Trigger_1='timer' repacd.NotAssociated.Brightness_1='1' repacd.NotAssociated.DelayOn_1='500' repacd.NotAssociated.DelayOff_1='500' repacd.NotAssociated.Name_2='led_1' repacd.NotAssociated.Trigger_2='none' repacd.NotAssociated.Brightness_2='0' repacd.AutoConfigInProgress=LEDState repacd.AutoConfigInProgress.Name_1='led_0' repacd.AutoConfigInProgress.Trigger_1='timer' repacd.AutoConfigInProgress.Brightness_1='1' repacd.AutoConfigInProgress.DelayOn_1='250' repacd.AutoConfigInProgress.DelayOff_1='250' repacd.AutoConfigInProgress.Name_2='led_1' repacd.AutoConfigInProgress.Trigger_2='none' repacd.AutoConfigInProgress.Brightness_2='0' repacd.Measuring=LEDState repacd.Measuring.Name_1='led_0' repacd.Measuring.Trigger_1='timer' repacd.Measuring.Brightness_1='1' repacd.Measuring.DelayOn_1='250' repacd.Measuring.DelayOff_1='250' repacd.Measuring.Name_2='led_1' repacd.Measuring.Trigger_2='timer' repacd.Measuring.Brightness_2='1' repacd.Measuring.DelayOn_2='250' repacd.Measuring.DelayOff_2='250' repacd.WPSTimeout=LEDState repacd.WPSTimeout.Name_1='led_0' repacd.WPSTimeout.Trigger_1='timer' repacd.WPSTimeout.Brightness_1='1' repacd.WPSTimeout.DelayOn_1='2000' repacd.WPSTimeout.DelayOff_1='1000' repacd.WPSTimeout.Name_2='led_1' repacd.WPSTimeout.Trigger_2='none' repacd.WPSTimeout.Brightness_2='0' repacd.AssocTimeout=LEDState repacd.AssocTimeout.Name_1='led_0' repacd.AssocTimeout.Trigger_1='timer' repacd.AssocTimeout.Brightness_1='1' repacd.AssocTimeout.DelayOn_1='5000' repacd.AssocTimeout.DelayOff_1='1000' repacd.AssocTimeout.Name_2='led_1' repacd.AssocTimeout.Trigger_2='none' repacd.AssocTimeout.Brightness_2='0' repacd.RE_MoveCloser=LEDState repacd.RE_MoveCloser.Name_1='led_0' repacd.RE_MoveCloser.Trigger_1='none' repacd.RE_MoveCloser.Brightness_1='1' repacd.RE_MoveCloser.Name_2='led_1' repacd.RE_MoveCloser.Trigger_2='none' repacd.RE_MoveCloser.Brightness_2='0' repacd.RE_MoveFarther=LEDState repacd.RE_MoveFarther.Name_1='led_0' repacd.RE_MoveFarther.Trigger_1='none' repacd.RE_MoveFarther.Brightness_1='0' repacd.RE_MoveFarther.Name_2='led_1' repacd.RE_MoveFarther.Trigger_2='none' repacd.RE_MoveFarther.Brightness_2='1' repacd.RE_LocationSuitable=LEDState repacd.RE_LocationSuitable.Name_1='led_0' repacd.RE_LocationSuitable.Trigger_1='none' repacd.RE_LocationSuitable.Brightness_1='1' repacd.RE_LocationSuitable.Name_2='led_1' repacd.RE_LocationSuitable.Trigger_2='none' repacd.RE_LocationSuitable.Brightness_2='1' repacd.InCAPMode=LEDState repacd.InCAPMode.Name_1='led_0' repacd.InCAPMode.Trigger_1='none' repacd.InCAPMode.Brightness_1='1' repacd.InCAPMode.Name_2='led_1' repacd.InCAPMode.Trigger_2='none' repacd.InCAPMode.Brightness_2='1' repacd.CL_LinkSufficient=LEDState repacd.CL_LinkSufficient.Name_1='led_0' repacd.CL_LinkSufficient.Trigger_1='none' repacd.CL_LinkSufficient.Brightness_1='1' repacd.CL_LinkSufficient.Name_2='led_1' repacd.CL_LinkSufficient.Trigger_2='none' repacd.CL_LinkSufficient.Brightness_2='0' repacd.CL_LinkInadequate=LEDState repacd.CL_LinkInadequate.Name_1='led_0' repacd.CL_LinkInadequate.Trigger_1='none' repacd.CL_LinkInadequate.Brightness_1='0' repacd.CL_LinkInadequate.Name_2='led_1' repacd.CL_LinkInadequate.Trigger_2='none' repacd.CL_LinkInadequate.Brightness_2='1' repacd.CL_ActingAsRE=LEDState repacd.CL_ActingAsRE.Name_1='led_0' repacd.CL_ActingAsRE.Trigger_1='none' repacd.CL_ActingAsRE.Brightness_1='1' repacd.CL_ActingAsRE.Name_2='led_1' repacd.CL_ActingAsRE.Trigger_2='none' repacd.CL_ActingAsRE.Brightness_2='1' rstp.global=rstp rstp.global.enable='0' rstp.global.autoMode='1' skb_recycler.@skb[0]=skb skb_recycler.@skb[0].max_skbs='1024' skb_recycler.@skb[0].max_spare_skbs='256' ssid-steering.global=ssid-steering ssid-steering.global.enable='0' ssid-steering.global.private_vaps='ath0' ssid-steering.global.public_vaps='ath1' system.@system[0]=system system.@system[0].hostname='luma' system.@system[0].timezone='UTC' system.ntp=timeserver system.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org' system.ntp.enabled='1' system.ntp.enable_server='0' system.@button[0]=button system.@button[0].button='wps' system.@button[0].action='released' system.@button[0].handler='/opt/luma/bin/factory_reset.sh' system.@button[0].min='5' system.@button[0].max='60' system.@button[1]=button system.@button[1].button='wps' system.@button[1].action='released' system.@button[1].handler='/opt/luma/bin/reboot_luma.sh' system.@button[1].min='0' system.@button[1].max='4' thermal.config=thermal thermal.config.Enabled='1' ubootenv.@ubootenv[0]=ubootenv ubootenv.@ubootenv[0].dev='/dev/mtd5' ubootenv.@ubootenv[0].offset='0x0' ubootenv.@ubootenv[0].envsize='0x00010000' ubootenv.@ubootenv[0].secsize='0x00010000' ubootenv.@ubootenv[0].numsec='1' upnpd.config=upnpd upnpd.config.enable_natpmp='1' upnpd.config.enable_upnp='1' upnpd.config.secure_mode='1' upnpd.config.log_output='0' upnpd.config.download='1024' upnpd.config.upload='512' upnpd.config.external_iface='wan' upnpd.config.internal_iface='lan' upnpd.config.port='5000' upnpd.config.upnp_lease_file='/var/upnp.leases' upnpd.config.uuid='19896e7a-1c2c-441b-a961-777457c158a2' upnpd.@perm_rule[0]=perm_rule upnpd.@perm_rule[0].action='allow' upnpd.@perm_rule[0].ext_ports='1024-65535' upnpd.@perm_rule[0].int_addr='0.0.0.0/0' upnpd.@perm_rule[0].int_ports='1024-65535' upnpd.@perm_rule[0].comment='Allow high ports' upnpd.@perm_rule[1]=perm_rule upnpd.@perm_rule[1].action='deny' upnpd.@perm_rule[1].ext_ports='0-65535' upnpd.@perm_rule[1].int_addr='0.0.0.0/0' upnpd.@perm_rule[1].int_ports='0-65535' upnpd.@perm_rule[1].comment='Default deny' wireless.wifi0=wifi-device wireless.wifi0.type='qcawifi' wireless.wifi0.channel='auto' wireless.wifi0.hwmode='11ng' wireless.wifi0.htmode='HT20' wireless.wifi0.disabled='0' wireless.bgn_ap=wifi-iface wireless.bgn_ap.device='wifi0' wireless.bgn_ap.network='lan' wireless.bgn_ap.mode='ap' wireless.bgn_ap.rrm='1' wireless.bgn_ap.disabled='0' wireless.bgn_ap.encryption='psk2' wireless.bgn_guest_ap=wifi-iface wireless.bgn_guest_ap.device='wifi0' wireless.bgn_guest_ap.network='lan' wireless.bgn_guest_ap.mode='ap' wireless.bgn_guest_ap.encryption='none' wireless.bgn_guest_ap.disabled='1' wireless.bgn_guest_ap.rrm='1' wireless.bgn_guest_ap.ssid='-guest' wireless.wifi1=wifi-device wireless.wifi1.type='qcawifi' wireless.wifi1.channel='100' wireless.wifi1.hwmode='11ac' wireless.wifi1.htmode='VHT80' wireless.wifi1.disabled='1' wireless.ac_ap=wifi-iface wireless.ac_ap.device='wifi1' wireless.ac_ap.network='lan' wireless.ac_ap.mode='ap' wireless.ac_ap.rrm='1' wireless.ac_ap.disabled='0' wireless.ac_ap.encryption='psk2' wireless.ac_guest_ap=wifi-iface wireless.ac_guest_ap.device='wifi1' wireless.ac_guest_ap.network='lan' wireless.ac_guest_ap.mode='ap' wireless.ac_guest_ap.encryption='none' wireless.ac_guest_ap.disabled='1' wireless.ac_guest_ap.rrm='1' wireless.ac_guest_ap.ssid='-guest' wireless.ac_mesh_sta=wifi-iface wireless.ac_mesh_sta.device='wifi1' wireless.ac_mesh_sta.network='lan' wireless.ac_mesh_sta.mode='sta' wireless.ac_mesh_sta.ssid='OpenWrt' wireless.ac_mesh_sta.encryption='none' wireless.ac_mesh_sta.disabled='1' wireless.ac_mesh_ap=wifi-iface wireless.ac_mesh_ap.device='wifi1' wireless.ac_mesh_ap.network='lan' wireless.ac_mesh_ap.mode='ap' wireless.ac_mesh_ap.wds='1' wireless.ac_mesh_ap.hidden='1' wireless.ac_mesh_ap.encryption='psk2' wireless.ac_mesh_ap.disabled='0' wireless.ac_mesh_ap.ssid='luma-mesh-' wsplcd.config=wsplcd wsplcd.config.HyFiSecurity='0' wsplcd.config.RunMode='AUTO' wsplcd.config.DesignatedPBAP='0' wsplcd.config.WPSMethod='WPS_M2' wsplcd.config.ConfigSta='1' wsplcd.config.SearchTimeout='60' wsplcd.config.WPSSessionTimeout='120' wsplcd.config.WPSRetransmitTimeout='5' wsplcd.config.WPSPerMessageTimeout='15' wsplcd.config.PushButtonTimeout='120' wsplcd.config.PBSearchTimeout='10' wsplcd.config.WPAPassphraseType='LONG' wsplcd.config.DebugLevel='ERROR' wsplcd.config.BandSel='1' wsplcd.config.BandChoice='5G' wsplcd.config.RMCollectTimeout='10' wsplcd.config.DeepClone='1' wsplcd.config.ManageVAPInd='1' wsplcd.config.APCloning='0' wsplcd.config.ButtonMode='TWOBUTTON' wsplcd.config.CloneTimeout='180' wsplcd.config.WalkTimeout='120' wsplcd.config.RepeatTimeout='1' wsplcd.config.InternalTimeout='15' wsplcd.config.WaitOtherBandsSecs='20' wsplcd.config.WaitFirstBandSecs='30' wsplcd.config.WriteDebugLogToFile='NONE'

I'm wondering if I set dhcp.lan.ignore = '1' that it would buy me some time to figure out the ideal home setup and resolve the competing DHCP servers currently affecting everything.

Do you know if this is all I need to disable the DHCP server?

It's probably going to undo that change with some auto config script. The original firmware is thoroughly obsolete in any case.

That was my thought also. I updated that setting and the wireless network did not come back online, so its definitely keeping at least that setting. There must be some other config I can play with to turn off the dhcp server. Although I expect I would then need to update the firewall to match the new IPs it would be getting.

The "hub" uci show is a lot more complete. If anything sticks out to you as where I should focus my time please let me know. I am not familiar enough with uci yet.

1st Half of `uci show` output of the main Hub. Much more detailed.

acd.config=default
acd.config.AutoConfigEnable='0'
acd.config.HCSecsBetweenDHCPRequestPackets='2'
acd.config.HRSecsBetweenDHCPRequestPackets='3'
acd.config.HRSecsBetweenStateContinuityCheck='15'
acd.config.HRMaxTriesWaitingForDHCPResponse='3'
acd.config.HCMaxTxTriesBeforeGettingIPAddr='10'
acd.config.SecsBetweenChecksForCableConnection='5'
acd.config.AcdDebugLevel='1'
acd.config.DisableHCMode='1'
acd.config.DisableWDSSTAInHREMode='0'
autossh.luma=autossh
autossh.luma.key='/tmp/luma.key'
autossh.luma.ssh='-N -T -oExitOnForwardFailure=yes -oServerAliveInterval=60 -oServerAliveCountMax=3 -o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null'
autossh.luma.user='luma'
autossh.luma.port='22'
autossh.luma.gatetime='0'
autossh.luma.monitorport='0'
autossh.luma.poll='600'
autossh.luma.tunnelport='65001'
bluetooth.@bluetoothd[0]=bluetoothd
bluetooth.@bluetoothd[0].enabled='1'
bluetooth.@hciattach[0]=hciattach
bluetooth.@hciattach[0].initspeed='115200'
bluetooth.@hciattach[0].tty='ttyS1'
bluetooth.@hciattach[0].type='csr'
bluetooth.@hciattach[0].speed='115200'
bluetooth.@hciattach[0].flow='noflow'
bluetooth.@hciattach[0].enabled='0'
bluetooth.@rfcomm[0]=rfcomm
bluetooth.@rfcomm[0].enabled='0'
ddns.myddns=service
ddns.myddns.enabled='0'
ddns.myddns.interface='wan'
ddns.myddns.use_syslog='1'
ddns.myddns.service_name='dyndns.org'
ddns.myddns.domain='mypersonaldomain.dyndns.org'
ddns.myddns.username='myusername'
ddns.myddns.password='mypassword'
ddns.myddns.use_https='0'
ddns.myddns.force_interval='72'
ddns.myddns.force_unit='hours'
ddns.myddns.check_interval='10'
ddns.myddns.check_unit='minutes'
ddns.myddns.retry_interval='60'
ddns.myddns.retry_unit='seconds'
ddns.myddns.ip_source='web'
ddns.myddns.ip_url='http://checkip.dyndns.com/'
dhcp.dnsmasq=dnsmasq
dhcp.dnsmasq.port='53'
dhcp.dnsmasq.domainneeded='1'
dhcp.dnsmasq.boguspriv='1'
dhcp.dnsmasq.filterwin2k='0'
dhcp.dnsmasq.localise_queries='1'
dhcp.dnsmasq.rebind_protection='0'
dhcp.dnsmasq.rebind_localhost='0'
dhcp.dnsmasq.local='/lan/'
dhcp.dnsmasq.domain='lan'
dhcp.dnsmasq.expandhosts='1'
dhcp.dnsmasq.nonegcache='0'
dhcp.dnsmasq.authoritative='1'
dhcp.dnsmasq.readethers='1'
dhcp.dnsmasq.leasefile='/tmp/dhcp.leases'
dhcp.dnsmasq.resolvfile='/tmp/resolv.conf.auto'
dhcp.dnsmasq.dhcphostsfile='/opt/luma/etc/dhcp/static.leases'
dhcp.dnsmasq.localservice='1'
dhcp.dnsmasq.dbus='1'
dhcp.dnsmasq.cachesize='1500'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcp_option='lan,6,192.168.55.1'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='disabled'
dhcp.lan.ra='disabled'
dhcp.lan.start='21'
dhcp.lan.limit='234'
dhcp.lan.ignore='0'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp-opkg.dnsmasq=dnsmasq
dhcp-opkg.dnsmasq.port='53'
dhcp-opkg.dnsmasq.domainneeded='1'
dhcp-opkg.dnsmasq.boguspriv='1'
dhcp-opkg.dnsmasq.filterwin2k='0'
dhcp-opkg.dnsmasq.localise_queries='1'
dhcp-opkg.dnsmasq.rebind_protection='0'
dhcp-opkg.dnsmasq.rebind_localhost='0'
dhcp-opkg.dnsmasq.local='/lan/'
dhcp-opkg.dnsmasq.domain='lan'
dhcp-opkg.dnsmasq.expandhosts='1'
dhcp-opkg.dnsmasq.nonegcache='0'
dhcp-opkg.dnsmasq.authoritative='1'
dhcp-opkg.dnsmasq.readethers='1'
dhcp-opkg.dnsmasq.leasefile='/tmp/dhcp.leases'
dhcp-opkg.dnsmasq.resolvfile='/tmp/resolv.conf.auto'
dhcp-opkg.dnsmasq.dhcphostsfile='/opt/luma/etc/dhcp/static.leases'
dhcp-opkg.dnsmasq.localservice='1'
dhcp-opkg.dnsmasq.cachesize='1500'
dhcp-opkg.lan=dhcp
dhcp-opkg.lan.interface='lan'
dhcp-opkg.lan.dhcp_option='lan,6,192.168.55.1'
dhcp-opkg.lan.start='100'
dhcp-opkg.lan.limit='150'
dhcp-opkg.lan.leasetime='12h'
dhcp-opkg.lan.dhcpv6='disabled'
dhcp-opkg.lan.ra='disabled'
dhcp-opkg.wan=dhcp
dhcp-opkg.wan.interface='wan'
dhcp-opkg.wan.ignore='1'
dhcp-opkg.odhcpd=odhcpd
dhcp-opkg.odhcpd.maindhcp='0'
dhcp-opkg.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp-opkg.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp6c.basic=dhcp6c
dhcp6c.basic.enabled='0'
dhcp6c.basic.interface='wan'
dhcp6c.basic.dns='dnsmasq'
dhcp6c.basic.debug='0'
dhcp6c.basic.pd='1'
dhcp6c.basic.na='0'
dhcp6c.basic.rapid_commit='1'
dhcp6c.basic.domain_name_servers='1'
dhcp6c.basic.domain_name='0'
dhcp6c.basic.ntp_servers='0'
dhcp6c.basic.sip_server_address='0'
dhcp6c.basic.sip_server_domain_name='0'
dhcp6c.basic.nis_server_address='0'
dhcp6c.basic.nis_domain_name='0'
dhcp6c.basic.nisp_server_address='0'
dhcp6c.basic.nisp_domain_name='0'
dhcp6c.basic.bcmcs_server_address='0'
dhcp6c.basic.bcmcs_server_domain_name='0'
dhcp6c.basic.script='/usr/bin/dhcp6c-state'
dhcp6c.loopback=interface
dhcp6c.loopback.enabled='1'
dhcp6c.loopback.sla_id='0'
dhcp6c.loopback.sla_len='4'
dhcp6c.lan=interface
dhcp6c.lan.enabled='1'
dhcp6c.lan.sla_id='1'
dhcp6c.lan.sla_len='4'
dhcrelay.ipv4=dhcrelay
dhcrelay.ipv4.enabled='0'
dhcrelay.ipv4.dhcpserver='192.0.2.10'
dhcrelay.ipv6=dhcrelay
dhcrelay.ipv6.upper='eth1'
dhcrelay.ipv6.lower='eth0.2' 'eth0.3'
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth='on'
dropbear.@dropbear[0].RootPasswordAuth='on'
dropbear.@dropbear[0].Port='22'
dropbear.@dropbear[0].Interface='lo'
eos.features=flags
eos.features.ipset_pause_internet='1'
eos.features.private_guest_network='1'
eos.luma=eos
eos.luma.relx_replace_os_vars='true'
eos.luma.dns_port='8053'
eos.luma.dbus_dnsmasq='1'
eos.luma.release_mutable_dir='/var/run/eos'
eos.luma.api_host='api-luma-prod.lumaops.com'
eos.luma.www_host='www-luma-prod.lumaops.com'
eos.luma.www_port='443'
eos.luma.network_id='3da7fda1-c873-490f-911e-a49279760eeb'
eos.luma.mode='hub'
eos.luma.name='Office'
eos.luma.placement_x='190.0'
eos.luma.placement_y='42.0'
eos.luma.placement_z='1.0'
eos.luma.node_name='hub@192.168.55.1'
eos.luma.cookie='A89941A7D168FD72428690FFE0672AAF39098CF247738B511B3BA59D015708B1'
eos.luma.api_port='4243'
eos.luma.isp_handle='C05895937'
eos.luma.isp_name='XXXXXXXXXXXXXXXXXXXXXXX'
eos.luma.public_ip='XXXXXXXXXXXXXXXXXXXX'
eos.luma.resolv='/opt/luma/etc/deos/local.resolv.conf'
eos.luma.miniupnpd='0'
eos-opkg.features=flags
eos-opkg.features.ipset_pause_internet='1'
eos-opkg.features.private_guest_network='1'
eos-opkg.luma=eos
eos-opkg.luma.relx_replace_os_vars='true'
eos-opkg.luma.dns_port='8053'
eos-opkg.luma.dbus_dnsmasq='0'
eos-opkg.luma.release_mutable_dir='/var/run/eos'
eos-opkg.luma.resolv='/opt/luma/etc/deos/local.resolv.conf'
eos-opkg.luma.api_host='api-luma-prod.lumaops.com'
eos-opkg.luma.api_port='4243'
eos-opkg.luma.www_host='www-luma-prod.lumaops.com'
eos-opkg.luma.www_port='443'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].syn_flood='0'
firewall.@defaults[0].tcp_syncookies='1'
firewall.lan=zone
firewall.lan.name='lan'
firewall.lan.network='lan'
firewall.lan.input='ACCEPT'
firewall.lan.output='ACCEPT'
firewall.lan.forward='ACCEPT'
firewall.@zone[0]=zone
firewall.@zone[0].name='wan'
firewall.@zone[0].network='wan' 'wan6'
firewall.@zone[0].input='REJECT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='REJECT'
firewall.@zone[0].masq='1'
firewall.@zone[0].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest=''
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@include[1]=include
firewall.@include[1].path='/usr/share/miniupnpd/firewall.include'
firewall.@include[1].reload='1'
firewall.multicast_dns_wan_deny=rule
firewall.multicast_dns_wan_deny.name='Multicast-DNS-WAN-Deny'
firewall.multicast_dns_wan_deny.dest='wan'
firewall.multicast_dns_wan_deny.proto='udp'
firewall.multicast_dns_wan_deny.dest_port='5353'
firewall.multicast_dns_wan_deny.dest_ip='224.0.0.0/8'
firewall.multicast_dns_wan_deny.target='REJECT'
firewall.udp_multicast_forwarding=rule
firewall.udp_multicast_forwarding.name='UDP-Forwarding-for-IGMP'
firewall.udp_multicast_forwarding.src='wan'
firewall.udp_multicast_forwarding.proto='udp'
firewall.udp_multicast_forwarding.dest='lan'
firewall.udp_multicast_forwarding.dest_ip='224.0.0.0/4'
firewall.udp_multicast_forwarding.family='ipv4'
firewall.udp_multicast_forwarding.target='ACCEPT'
firewall.pause=ipset
firewall.pause.name='pause'
firewall.pause.storage='hash'
firewall.pause.match='ip'
firewall.pause.family='ipv4'
firewall.pause_update=ipset
firewall.pause_update.name='pause_update'
firewall.pause_update.storage='hash'
firewall.pause_update.match='ip'
firewall.pause_update.family='ipv4'
firewall.whitelist=ipset
firewall.whitelist.name='whitelist'
firewall.whitelist.storage='hash'
firewall.whitelist.match='dst_ip'
firewall.whitelist.family='ipv4'
firewall.whitelist_update=ipset
firewall.whitelist_update.name='whitelist_update'
firewall.whitelist_update.storage='hash'
firewall.whitelist_update.match='dst_ip'
firewall.whitelist_update.family='ipv4'
firewall.allow_whitelisted_device_traffic=rule
firewall.allow_whitelisted_device_traffic.name='Allow-Whitelisted-Device-Traffic'
firewall.allow_whitelisted_device_traffic.src='lan'
firewall.allow_whitelisted_device_traffic.proto='all'
firewall.allow_whitelisted_device_traffic.dest='wan'
firewall.allow_whitelisted_device_traffic.ipset='whitelist'
firewall.allow_whitelisted_device_traffic.family='ipv4'
firewall.allow_whitelisted_device_traffic.target='ACCEPT'
firewall.stop_paused_device_traffic=rule
firewall.stop_paused_device_traffic.name='Stop-Paused-Device-Traffic'
firewall.stop_paused_device_traffic.src='lan'
firewall.stop_paused_device_traffic.proto='all'
firewall.stop_paused_device_traffic.dest='wan'
firewall.stop_paused_device_traffic.ipset='pause'
firewall.stop_paused_device_traffic.family='ipv4'
firewall.stop_paused_device_traffic.target='REJECT'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.qcanssecm=include
firewall.qcanssecm.type='script'
firewall.qcanssecm.path='/etc/firewall.d/qca-nss-ecm'
firewall.qcanssecm.family='any'
firewall.qcanssecm.reload='1'
firewall.clients=ipset
firewall.clients.name='clients'
firewall.clients.storage='bitmap'
firewall.clients.match='ip'
firewall.clients.iprange='192.168.55.21-192.168.55.254'
firewall.lumas=ipset
firewall.lumas.name='lumas'
firewall.lumas.storage='bitmap'
firewall.lumas.match='ip'
firewall.lumas.iprange='192.168.55.1-192.168.55.20'
firewall.vpn=zone
firewall.vpn.name='vpnfirewall'
firewall.vpn.network='vpn0'
firewall.vpn.input='REJECT'
firewall.vpn.forward='REJECT'
firewall.vpn.output='ACCEPT'
firewall.vpn.masq='1'
firewall.vpn_forwarding_lan_out=forwarding
firewall.vpn_forwarding_lan_out.src='lan'
firewall.vpn_forwarding_lan_out.dest='vpn'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.miniupnpd.family='any'
firewall.miniupnpd.reload='1'
firewall-opkg.@defaults[0]=defaults
firewall-opkg.@defaults[0].tcp_syncookies='1'
firewall-opkg.@defaults[0].input='ACCEPT'
firewall-opkg.@defaults[0].output='ACCEPT'
firewall-opkg.@defaults[0].forward='REJECT'
firewall-opkg.lan=zone
firewall-opkg.lan.name='lan'
firewall-opkg.lan.network='lan'
firewall-opkg.lan.input='ACCEPT'
firewall-opkg.lan.output='ACCEPT'
firewall-opkg.lan.forward='ACCEPT'
firewall-opkg.@zone[0]=zone
firewall-opkg.@zone[0].name='wan'
firewall-opkg.@zone[0].network='wan' 'wan6'
firewall-opkg.@zone[0].input='REJECT'
firewall-opkg.@zone[0].output='ACCEPT'
firewall-opkg.@zone[0].forward='REJECT'
firewall-opkg.@zone[0].masq='1'
firewall-opkg.@zone[0].mtu_fix='1'
firewall-opkg.@forwarding[0]=forwarding
firewall-opkg.@forwarding[0].src='lan'
firewall-opkg.@forwarding[0].dest='wan'
firewall-opkg.@rule[0]=rule
firewall-opkg.@rule[0].name='Allow-DHCP-Renew'
firewall-opkg.@rule[0].src='wan'
firewall-opkg.@rule[0].proto='udp'
firewall-opkg.@rule[0].dest_port='68'
firewall-opkg.@rule[0].target='ACCEPT'
firewall-opkg.@rule[0].family='ipv4'
firewall-opkg.@rule[1]=rule
firewall-opkg.@rule[1].name='Allow-Ping'
firewall-opkg.@rule[1].src='wan'
firewall-opkg.@rule[1].proto='icmp'
firewall-opkg.@rule[1].icmp_type='echo-request'
firewall-opkg.@rule[1].family='ipv4'
firewall-opkg.@rule[1].target='ACCEPT'
firewall-opkg.@rule[2]=rule
firewall-opkg.@rule[2].name='Allow-IGMP'
firewall-opkg.@rule[2].src='wan'
firewall-opkg.@rule[2].proto='igmp'
firewall-opkg.@rule[2].family='ipv4'
firewall-opkg.@rule[2].target='ACCEPT'
firewall-opkg.@rule[3]=rule
firewall-opkg.@rule[3].name='Allow-DHCPv6'
firewall-opkg.@rule[3].src='wan'
firewall-opkg.@rule[3].proto='udp'
firewall-opkg.@rule[3].src_ip='fe80::/10'
firewall-opkg.@rule[3].src_port='547'
firewall-opkg.@rule[3].dest_ip='fe80::/10'
firewall-opkg.@rule[3].dest_port='546'
firewall-opkg.@rule[3].family='ipv6'
firewall-opkg.@rule[3].target='ACCEPT'
firewall-opkg.@rule[4]=rule
firewall-opkg.@rule[4].name='Allow-MLD'
firewall-opkg.@rule[4].src='wan'
firewall-opkg.@rule[4].proto='icmp'
firewall-opkg.@rule[4].src_ip='fe80::/10'
firewall-opkg.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall-opkg.@rule[4].family='ipv6'
firewall-opkg.@rule[4].target='ACCEPT'
firewall-opkg.@rule[5]=rule
firewall-opkg.@rule[5].name='Allow-ICMPv6-Input'
firewall-opkg.@rule[5].src='wan'
firewall-opkg.@rule[5].proto='icmp'
firewall-opkg.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall-opkg.@rule[5].limit='1000/sec'
firewall-opkg.@rule[5].family='ipv6'
firewall-opkg.@rule[5].target='ACCEPT'
firewall-opkg.@rule[6]=rule
firewall-opkg.@rule[6].name='Allow-ICMPv6-Forward'
firewall-opkg.@rule[6].src='wan'
firewall-opkg.@rule[6].dest='
'
firewall-opkg.@rule[6].proto='icmp'
firewall-opkg.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall-opkg.@rule[6].limit='1000/sec'
firewall-opkg.@rule[6].family='ipv6'
firewall-opkg.@rule[6].target='ACCEPT'
firewall-opkg.@include[0]=include
firewall-opkg.@include[0].path='/etc/firewall.user'
firewall-opkg.@include[1]=include
firewall-opkg.@include[1].path='/usr/share/miniupnpd/firewall.include'
firewall-opkg.@include[1].reload='1'
firewall-opkg.multicast_dns_wan_deny=rule
firewall-opkg.multicast_dns_wan_deny.name='Multicat-DNS-WAN-Deny'
firewall-opkg.multicast_dns_wan_deny.dest='wan'
firewall-opkg.multicast_dns_wan_deny.proto='udp'
firewall-opkg.multicast_dns_wan_deny.dest_port='5353'
firewall-opkg.multicast_dns_wan_deny.dest_ip='224.0.0.0/8'
firewall-opkg.multicast_dns_wan_deny.target='REJECT'
firewall-opkg.udp_multicast_forwarding=rule
firewall-opkg.udp_multicast_forwarding.name='UDP-Forwarding-for-IGMP'
firewall-opkg.udp_multicast_forwarding.src='wan'
firewall-opkg.udp_multicast_forwarding.proto='udp'
firewall-opkg.udp_multicast_forwarding.dest='lan'
firewall-opkg.udp_multicast_forwarding.dest_ip='224.0.0.0/4'
firewall-opkg.udp_multicast_forwarding.family='ipv4'
firewall-opkg.udp_multicast_forwarding.target='ACCEPT'
firewall-opkg.pause=ipset
firewall-opkg.pause.name='pause'
firewall-opkg.pause.storage='hash'
firewall-opkg.pause.match='ip'
firewall-opkg.pause.family='ipv4'
firewall-opkg.pause_update=ipset
firewall-opkg.pause_update.name='pause_update'
firewall-opkg.pause_update.storage='hash'
firewall-opkg.pause_update.match='ip'
firewall-opkg.pause_update.family='ipv4'
firewall-opkg.whitelist=ipset
firewall-opkg.whitelist.name='whitelist'
firewall-opkg.whitelist.storage='hash'
firewall-opkg.whitelist.match='dst_ip'
firewall-opkg.whitelist.family='ipv4'
firewall-opkg.whitelist_update=ipset
firewall-opkg.whitelist_update.name='whitelist_update'
firewall-opkg.whitelist_update.storage='hash'
firewall-opkg.whitelist_update.match='dst_ip'
firewall-opkg.whitelist_update.family='ipv4'
firewall-opkg.lumas=ipset
firewall-opkg.lumas.name='lumas'
firewall-opkg.lumas.storage='bitmap'
firewall-opkg.lumas.match='ip'
firewall-opkg.lumas.family='ipv4'
firewall-opkg.lumas.iprange='192.168.55.1-192.168.55.20'
firewall-opkg.clients=ipset
firewall-opkg.clients.name='clients'
firewall-opkg.clients.storage='bitmap'
firewall-opkg.clients.match='ip'
firewall-opkg.clients.family='ipv4'
firewall-opkg.clients.iprange='192.168.55.21-192.168.55.254'
firewall-opkg.allow_whitelisted_device_traffic=rule
firewall-opkg.allow_whitelisted_device_traffic.name='Allow-Whitelisted-Device-Traffic'
firewall-opkg.allow_whitelisted_device_traffic.src='lan'
firewall-opkg.allow_whitelisted_device_traffic.proto='all'
firewall-opkg.allow_whitelisted_device_traffic.dest='wan'
firewall-opkg.allow_whitelisted_device_traffic.ipset='whitelist'
firewall-opkg.allow_whitelisted_device_traffic.family='ipv4'
firewall-opkg.allow_whitelisted_device_traffic.target='ACCEPT'
firewall-opkg.stop_paused_device_traffic=rule
firewall-opkg.stop_paused_device_traffic.name='Stop-Paused-Device-Traffic'
firewall-opkg.stop_paused_device_traffic.src='lan'
firewall-opkg.stop_paused_device_traffic.proto='all'
firewall-opkg.stop_paused_device_traffic.dest='wan'
firewall-opkg.stop_paused_device_traffic.ipset='pause'
firewall-opkg.stop_paused_device_traffic.family='ipv4'
firewall-opkg.stop_paused_device_traffic.target='REJECT'
firewall-opkg.@rule[7]=rule
firewall-opkg.@rule[7].src='wan'
firewall-opkg.@rule[7].dest='lan'
firewall-opkg.@rule[7].proto='esp'
firewall-opkg.@rule[7].target='ACCEPT'
firewall-opkg.@rule[8]=rule
firewall-opkg.@rule[8].src='wan'
firewall-opkg.@rule[8].dest='lan'
firewall-opkg.@rule[8].dest_port='500'
firewall-opkg.@rule[8].proto='udp'
firewall-opkg.@rule[8].target='ACCEPT'
firewall-opkg.qcanssecm=include
firewall-opkg.qcanssecm.type='script'
firewall-opkg.qcanssecm.path='/etc/firewall.d/qca-nss-ecm'
firewall-opkg.qcanssecm.family='any'
firewall-opkg.qcanssecm.reload='1'
fstab.@global[0]=global
fstab.@global[0].anon_swap='0'
fstab.@global[0].anon_mount='0'
fstab.@global[0].auto_swap='1'
fstab.@global[0].auto_mount='1'
fstab.@global[0].delay_root='5'
fstab.@global[0].check_fs='0'
hyd.config=config
hyd.config.Enable='0'
hyd.config.SwitchInterface='auto'
hyd.config.SwitchLanVid='1'
hyd.config.Control='manual'
hyd.config.DisableSteering='0'
hyd.hy=hy
hyd.hy.PathTransitionMethod='1'
hyd.hy.ExtraQueryResponseTime='0'
hyd.hy.LoadBalancingSeamless='1'
hyd.hy.ConstrainTCPMedium='0'
hyd.hy.MaxLBReordTimeout='1500'
hyd.Wlan=Wlan
hyd.Wlan.WlanCheckFreqInterval='10'
hyd.PathChWlan=PathChWlan
hyd.PathChWlan.UpdatedStatsInterval_W2='1'
hyd.PathChWlan.StatsAgedOutInterval_W2='30'
hyd.PathChWlan.MaxMediumUtilization_W2='70'
hyd.PathChWlan.MediumChangeThreshold_W2='10'
hyd.PathChWlan.LinkChangeThreshold_W2='10'
hyd.PathChWlan.MaxMediumUtilizationForLC_W2='70'
hyd.PathChWlan.CPULimitedTCPThroughput_W2='0'
hyd.PathChWlan.CPULimitedUDPThroughput_W2='0'
hyd.PathChWlan.PHYRateThresholdForMU_W2='2000'
hyd.PathChWlan.ProbePacketInterval_W2='1'
hyd.PathChWlan.ProbePacketSize_W2='64'
hyd.PathChWlan.EnableProbe_W2='1'
hyd.PathChWlan.AssocDetectionDelay_W2='5'
hyd.PathChWlan.UpdatedStatsInterval_W5='1'
hyd.PathChWlan.StatsAgedOutInterval_W5='30'
hyd.PathChWlan.MaxMediumUtilization_W5='70'
hyd.PathChWlan.MediumChangeThreshold_W5='10'
hyd.PathChWlan.LinkChangeThreshold_W5='10'
hyd.PathChWlan.MaxMediumUtilizationForLC_W5='70'
hyd.PathChWlan.CPULimitedTCPThroughput_W5='0'
hyd.PathChWlan.CPULimitedUDPThroughput_W5='0'
hyd.PathChWlan.PHYRateThresholdForMU_W5='2000'
hyd.PathChWlan.ProbePacketInterval_W5='1'
hyd.PathChWlan.ProbePacketSize_W5='64'
hyd.PathChWlan.EnableProbe_W5='1'
hyd.PathChWlan.AssocDetectionDelay_W5='5'
hyd.PathChWlan.ScalingFactorHighRate_W5='750'
hyd.PathChWlan.ScalingFactorHighRate_W2='200'
hyd.PathChWlan.ScalingFactorLow='60'
hyd.PathChWlan.ScalingFactorMedium='85'
hyd.PathChWlan.ScalingFactorHigh='60'
hyd.PathChWlan.ScalingFactorTCP='90'
hyd.PathChWlan.UseWHCAlgorithm='1'
hyd.PathChWlan.NumUpdatesUntilStatsValid='3'
hyd.PathChPlc=PathChPlc
hyd.PathChPlc.MaxMediumUtilization='80'
hyd.PathChPlc.MediumChangeThreshold='10'
hyd.PathChPlc.LinkChangeThreshold='10'
hyd.PathChPlc.StatsAgedOutInterval='60'
hyd.PathChPlc.UpdateStatsInterval='1'
hyd.PathChPlc.EntryExpirationInterval='120'
hyd.PathChPlc.MaxMediumUtilizationForLC='80'
hyd.PathChPlc.LCThresholdForUnreachable='5'
hyd.PathChPlc.LCThresholdForReachable='10'
hyd.PathChPlc.HostPLCInterfaceSpeed='0'
hyd.Topology=Topology
hyd.Topology.ND_UPDATE_INTERVAL='15'
hyd.Topology.BD_UPDATE_INTERVAL='3'
hyd.Topology.HOLDING_TIME='190'
hyd.Topology.TIMER_LOW_BOUND='7'
hyd.Topology.TIMER_UPPER_BOUND='11'
hyd.Topology.MSGID_DELTA='64'
hyd.Topology.HA_AGING_INTERVAL='120'
hyd.Topology.ENABLE_TD3='1'
hyd.Topology.ENABLE_BD_SPOOFING='1'
hyd.Topology.NOTIFICATION_THROTTLING_WINDOW='1'
hyd.HSPECEst=HSPECEst
hyd.HSPECEst.UpdateHSPECInterval='1'
hyd.HSPECEst.NotificationThresholdLimit='10'
hyd.HSPECEst.NotificationThresholdPercentage='20'
hyd.HSPECEst.AlphaNumerator='3'
hyd.HSPECEst.AlphaDenominator='8'
hyd.HSPECEst.BufferAllocationThresholdLow='1000'
hyd.HSPECEst.BufferAllocationThresholdHigh='1000000'
hyd.HSPECEst.MaxTrackedFlows='3'
hyd.HSPECEst.ReservedMemory='4'
hyd.HSPECEst.LocalFlowRateThreshold='2000000'
hyd.HSPECEst.LocalFlowRatioThreshold='5'
hyd.PathSelect=PathSelect
hyd.PathSelect.UpdateHDInterval='10'
hyd.PathSelect.LinkCapacityThreshold='20'
hyd.PathSelect.UDPInterfaceOrder='EP52'
hyd.PathSelect.NonUDPInterfaceOrder='EP52'
hyd.PathSelect.SerialflowIterations='10'
hyd.PathSelect.DeltaLCThreshold='10'

2nd Half of `uci show`

hyd.LogSettings=LogSettings
hyd.LogSettings.EnableLog='0'
hyd.LogSettings.LogRestartIntervalSec='10'
hyd.LogSettings.LogPCSummaryPeriodSec='0'
hyd.LogSettings.LogServerIP='192.168.1.10'
hyd.LogSettings.LogServerPort='5555'
hyd.LogSettings.EnableLogPCW2='1'
hyd.LogSettings.EnableLogPCW5='1'
hyd.LogSettings.EnableLogPCP='1'
hyd.LogSettings.EnableLogTD='1'
hyd.LogSettings.EnableLogHE='1'
hyd.LogSettings.EnableLogHETables='1'
hyd.LogSettings.EnableLogPS='1'
hyd.LogSettings.EnableLogPSTables='1'
hyd.LogSettings.LogHEThreshold1='200000'
hyd.LogSettings.LogHEThreshold2='10000000'
hyd.IEEE1905Settings=IEEE1905Settings
hyd.IEEE1905Settings.StrictIEEE1905Mode='0'
hyd.IEEE1905Settings.GenerateLLDP='1'
hyd.HCPSettings=HCPSettings
hyd.HCPSettings.V1Compat='1'
hyd.SteerMsg=SteerMsg
hyd.SteerMsg.AvgUtilReqTimeout='1'
hyd.SteerMsg.LoadBalancingCompleteTimeout='90'
hyd.SteerMsg.RspTimeout='2'
lbd.config=config
lbd.config.Enable='0'
lbd.config.PHYBasedPrioritization='0'
lbd.IdleSteer=IdleSteer
lbd.IdleSteer.RSSISteeringPoint_DG='5'
lbd.IdleSteer.RSSISteeringPoint_UG='20'
lbd.IdleSteer.NormalInactTimeout='10'
lbd.IdleSteer.OverloadInactTimeout='10'
lbd.IdleSteer.InactCheckInterval='1'
lbd.ActiveSteer=ActiveSteer
lbd.ActiveSteer.TxRateXingThreshold_UG='50000'
lbd.ActiveSteer.RateRSSIXingThreshold_UG='30'
lbd.ActiveSteer.TxRateXingThreshold_DG='6000'
lbd.ActiveSteer.RateRSSIXingThreshold_DG='0'
lbd.Offload=Offload
lbd.Offload.MUAvgPeriod='60'
lbd.Offload.MUOverloadThreshold_W2='70'
lbd.Offload.MUOverloadThreshold_W5='70'
lbd.Offload.MUSafetyThreshold_W2='50'
lbd.Offload.MUSafetyThreshold_W5='60'
lbd.Offload.OffloadingMinRSSI='20'
lbd.StaDB=StaDB
lbd.StaDB.IncludeOutOfNetwork='1'
lbd.SteerExec=SteerExec
lbd.SteerExec.SteeringProhibitTime='300'
lbd.SteerExec.BTMSteeringProhibitShortTime='30'
lbd.APSteer=APSteer
lbd.APSteer.LowRSSIAPSteerThreshold_CAP='20'
lbd.APSteer.LowRSSIAPSteerThreshold_RE='45'
lbd.APSteer.APSteerToRootMinRSSIIncThreshold='5'
lbd.APSteer.APSteerToLeafMinRSSIIncThreshold='10'
lbd.APSteer.APSteerToPeerMinRSSIIncThreshold='10'
lbd.APSteer.DownlinkRSSIThreshold_W5='-65'
lbd.config_Adv=config
lbd.config_Adv.AgeLimit='5'
lbd.StaDB_Adv=StaDB
lbd.StaDB_Adv.AgingSizeThreshold='100'
lbd.StaDB_Adv.AgingFrequency='60'
lbd.StaDB_Adv.OutOfNetworkMaxAge='300'
lbd.StaDB_Adv.InNetworkMaxAge='2592000'
lbd.StaDB_Adv.NumRemoteBSSes='4'
lbd.StaMonitor_Adv=StaMonitor
lbd.StaMonitor_Adv.RSSIMeasureSamples_W2='5'
lbd.StaMonitor_Adv.RSSIMeasureSamples_W5='5'
lbd.BandMonitor_Adv=BandMonitor
lbd.BandMonitor_Adv.ProbeCountThreshold='1'
lbd.BandMonitor_Adv.MUCheckInterval_W2='10'
lbd.BandMonitor_Adv.MUCheckInterval_W5='10'
lbd.BandMonitor_Adv.MUReportPeriod='30'
lbd.BandMonitor_Adv.LoadBalancingAllowedMaxPeriod='15'
lbd.BandMonitor_Adv.NumRemoteChannels='3'
lbd.Estimator_Adv=Estimator_Adv
lbd.Estimator_Adv.RSSIDiff_EstW5FromW2='-15'
lbd.Estimator_Adv.RSSIDiff_EstW2FromW5='5'
lbd.Estimator_Adv.ProbeCountThreshold='3'
lbd.Estimator_Adv.StatsSampleInterval='1'
lbd.Estimator_Adv.11kProhibitTimeShort='30'
lbd.Estimator_Adv.11kProhibitTimeLong='300'
lbd.Estimator_Adv.PhyRateScalingForAirtime='50'
lbd.Estimator_Adv.EnableContinuousThroughput='0'
lbd.Estimator_Adv.BcnrptActiveDuration='50'
lbd.Estimator_Adv.BcnrptPassiveDuration='200'
lbd.SteerExec_Adv=SteerExec
lbd.SteerExec_Adv.TSteering='15'
lbd.SteerExec_Adv.InitialAuthRejCoalesceTime='2'
lbd.SteerExec_Adv.AuthRejMax='3'
lbd.SteerExec_Adv.SteeringUnfriendlyTime='600'
lbd.SteerExec_Adv.MaxSteeringUnfriendly='604800'
lbd.SteerExec_Adv.TargetLowRSSIThreshold_W2='5'
lbd.SteerExec_Adv.TargetLowRSSIThreshold_W5='15'
lbd.SteerExec_Adv.BlacklistTime='900'
lbd.SteerExec_Adv.BTMResponseTime='10'
lbd.SteerExec_Adv.BTMAssociationTime='6'
lbd.SteerExec_Adv.BTMAlsoBlacklist='1'
lbd.SteerExec_Adv.BTMUnfriendlyTime='600'
lbd.SteerExec_Adv.MaxBTMUnfriendly='86400'
lbd.SteerExec_Adv.MaxBTMActiveUnfriendly='604800'
lbd.SteerExec_Adv.MinRSSIBestEffort='12'
lbd.SteerExec_Adv.LowRSSIXingThreshold='10'
lbd.SteerAlg_Adv=SteerAlg_Adv
lbd.SteerAlg_Adv.MinTxRateIncreaseThreshold='53'
lbd.SteerAlg_Adv.MaxSteeringTargetCount='1'
lbd.DiagLog=DiagLog
lbd.DiagLog.EnableLog='0'
lbd.DiagLog.LogServerIP='192.168.1.10'
lbd.DiagLog.LogServerPort='7788'
lbd.DiagLog.LogLevelWlanIF='2'
lbd.DiagLog.LogLevelBandMon='2'
lbd.DiagLog.LogLevelStaDB='2'
lbd.DiagLog.LogLevelSteerExec='2'
lbd.DiagLog.LogLevelStaMon='2'
lbd.DiagLog.LogLevelEstimator='2'
lbd.DiagLog.LogLevelDiagLog='2'
macsec.global=macsec
macsec.global.enable='0'
mcproxy.config=mcproxy
mcproxy.config.protocol='IGMPv3'
mcproxy.@ pinstance[0]=pinstance
mcproxy.@ pinstance[0].name='mcproxy1'
mcsd.config=config
mcsd.config.Enable='1'
mcsd.config.SwitchInterface='auto'
mcsd.config.SwitchLanVid='1'
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='da7:b260:888a::/48'
network.lan=interface
network.lan.ifname='eth1'
network.lan.type='bridge'
network.lan.stp='1'
network.lan.proto='static'
network.lan.ipaddr='192.168.55.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.igmp_snooping='1'
network.lan.dns='1.1.1.1 8.8.8.8'
network.wan=interface
network.wan.ifname='eth0'
network.wan.proto='dhcp'
network.@ switch[0]=switch
network.@ switch[0].name='switch0'
network.@ switch[0].reset='1'
network.@ switch[0].enable_vlan='1'
network.@ switch_vlan[0]=switch_vlan
network.@ switch_vlan[0].device='switch0'
network.@ switch_vlan[0].vlan='1'
network.@ switch_vlan[0].ports='0t 1 2 3 4'
network.@ switch_vlan[1]=switch_vlan
network.@ switch_vlan[1].device='switch0'
network.@ switch_vlan[1].vlan='2'
network.@ switch_vlan[1].ports='0t 5'
network.@ switch_ext[0]=switch_ext
network.@ switch_ext[0].device='switch0'
network.@ switch_ext[0].name='QosPtMode'
network.@ switch_ext[0].port_id='1'
network.@ switch_ext[0].mode='dscp'
network.@ switch_ext[0].status='enable'
network.@ switch_ext[1]=switch_ext
network.@ switch_ext[1].device='switch0'
network.@ switch_ext[1].name='QosPtMode'
network.@ switch_ext[1].port_id='2'
network.@ switch_ext[1].mode='dscp'
network.@ switch_ext[1].status='enable'
network.@ switch_ext[2]=switch_ext
network.@ switch_ext[2].device='switch0'
network.@ switch_ext[2].name='QosPtMode'
network.@ switch_ext[2].port_id='3'
network.@ switch_ext[2].mode='dscp'
network.@ switch_ext[2].status='enable'
network.@ switch_ext[3]=switch_ext
network.@ switch_ext[3].device='switch0'
network.@ switch_ext[3].name='QosPtMode'
network.@ switch_ext[3].port_id='4'
network.@ switch_ext[3].mode='dscp'
network.@ switch_ext[3].status='enable'
network.@ switch_ext[4]=switch_ext
network.@ switch_ext[4].device='switch0'
network.@ switch_ext[4].name='QosPtMode'
network.@ switch_ext[4].port_id='5'
network.@ switch_ext[4].mode='dscp'
network.@ switch_ext[4].status='enable'
network.vpn0=interface
network.vpn0.ifname='tun0'
network.vpn0.proto='none'
nss.qca_nss_0=nss_firmware
nss.qca_nss_1=nss_firmware
nss.@general[0]=general
nss.@general[0].enable_rps='1'
openvpn.myvpn=openvpn
openvpn.myvpn.enabled='1'
openvpn.myvpn.config='/etc/openvpn/openvpn.conf'
pppoe.relay=pppoe_relay
pppoe.relay.enable='0'
pppoe.relay.client='lan'
pppoe.relay.server='wan'
radvd.@interface[0]=interface
radvd.@interface[0].interface='lan'
radvd.@interface[0].AdvSendAdvert='1'
radvd.@interface[0].AdvManagedFlag='0'
radvd.@interface[0].AdvOtherConfigFlag='0'
radvd.@interface[0].client=''
radvd.@interface[0].ignore='1'
radvd.@prefix[0]=prefix
radvd.@prefix[0].interface='lan'
radvd.@prefix[0].prefix=''
radvd.@prefix[0].AdvOnLink='1'
radvd.@prefix[0].AdvAutonomous='1'
radvd.@prefix[0].AdvRouterAddr='0'
radvd.@prefix[0].ignore='1'
radvd.@route[0]=route
radvd.@route[0].interface='lan'
radvd.@route[0].prefix=''
radvd.@route[0].ignore='1'
radvd.@rdnss[0]=rdnss
radvd.@rdnss[0].interface='lan'
radvd.@rdnss[0].addr=''
radvd.@rdnss[0].ignore='1'
radvd.@dnssl[0]=dnssl
radvd.@dnssl[0].interface='lan'
radvd.@dnssl[0].suffix=''
radvd.@dnssl[0].ignore='1'
repacd.repacd=config
repacd.repacd.Enable='0'
repacd.repacd.ManagedNetwork='lan'
repacd.repacd.DeviceType='RE'
repacd.repacd.Role='NonCAP'
repacd.repacd.GatewayConnectedMode='AP'
repacd.repacd.ConfigREMode='auto'
repacd.repacd.DefaultREMode='qwrap'
repacd.repacd.BlockDFSChannels='0'
repacd.repacd.EnableSteering='1'
repacd.repacd.EnableSON='1'
repacd.repacd.ManageMCSD='1'
repacd.repacd.LinkCheckDelay='2'
repacd.WiFiLink=WiFiLink
repacd.WiFiLink.MinAssocCheckAutoMode='5'
repacd.WiFiLink.MinAssocCheckPostWPS='5'
repacd.WiFiLink.WPSTimeout='180'
repacd.WiFiLink.AssociationTimeout='300'
repacd.WiFiLink.RSSINumMeasurements='5'
repacd.WiFiLink.RSSIThresholdFar='-75'
repacd.WiFiLink.RSSIThresholdNear='-60'
repacd.WiFiLink.RSSIThresholdMin='-75'
repacd.WiFiLink.RSSIThresholdPrefer2GBackhaul='-100'
repacd.WiFiLink.2GBackhaulSwitchDownTime='10'
repacd.WiFiLink.MaxMeasuringStateAttempts='3'
repacd.Reset=LEDState
repacd.Reset.Name_1='led_0'
repacd.Reset.Trigger_1='none'
repacd.Reset.Brightness_1='0'
repacd.Reset.Name_2='led_1'
repacd.Reset.Trigger_2='none'
repacd.Reset.Brightness_2='0'
repacd.NotAssociated=LEDState
repacd.NotAssociated.Name_1='led_0'
repacd.NotAssociated.Trigger_1='timer'
repacd.NotAssociated.Brightness_1='1'
repacd.NotAssociated.DelayOn_1='500'
repacd.NotAssociated.DelayOff_1='500'
repacd.NotAssociated.Name_2='led_1'
repacd.NotAssociated.Trigger_2='none'
repacd.NotAssociated.Brightness_2='0'
repacd.AutoConfigInProgress=LEDState
repacd.AutoConfigInProgress.Name_1='led_0'
repacd.AutoConfigInProgress.Trigger_1='timer'
repacd.AutoConfigInProgress.Brightness_1='1'
repacd.AutoConfigInProgress.DelayOn_1='250'
repacd.AutoConfigInProgress.DelayOff_1='250'
repacd.AutoConfigInProgress.Name_2='led_1'
repacd.AutoConfigInProgress.Trigger_2='none'
repacd.AutoConfigInProgress.Brightness_2='0'
repacd.Measuring=LEDState
repacd.Measuring.Name_1='led_0'
repacd.Measuring.Trigger_1='timer'
repacd.Measuring.Brightness_1='1'
repacd.Measuring.DelayOn_1='250'
repacd.Measuring.DelayOff_1='250'
repacd.Measuring.Name_2='led_1'
repacd.Measuring.Trigger_2='timer'
repacd.Measuring.Brightness_2='1'
repacd.Measuring.DelayOn_2='250'
repacd.Measuring.DelayOff_2='250'
repacd.WPSTimeout=LEDState
repacd.WPSTimeout.Name_1='led_0'
repacd.WPSTimeout.Trigger_1='timer'
repacd.WPSTimeout.Brightness_1='1'
repacd.WPSTimeout.DelayOn_1='2000'
repacd.WPSTimeout.DelayOff_1='1000'
repacd.WPSTimeout.Name_2='led_1'
repacd.WPSTimeout.Trigger_2='none'
repacd.WPSTimeout.Brightness_2='0'
repacd.AssocTimeout=LEDState
repacd.AssocTimeout.Name_1='led_0'
repacd.AssocTimeout.Trigger_1='timer'
repacd.AssocTimeout.Brightness_1='1'
repacd.AssocTimeout.DelayOn_1='5000'
repacd.AssocTimeout.DelayOff_1='1000'
repacd.AssocTimeout.Name_2='led_1'
repacd.AssocTimeout.Trigger_2='none'
repacd.AssocTimeout.Brightness_2='0'
repacd.RE_MoveCloser=LEDState
repacd.RE_MoveCloser.Name_1='led_0'
repacd.RE_MoveCloser.Trigger_1='none'
repacd.RE_MoveCloser.Brightness_1='1'
repacd.RE_MoveCloser.Name_2='led_1'
repacd.RE_MoveCloser.Trigger_2='none'
repacd.RE_MoveCloser.Brightness_2='0'
repacd.RE_MoveFarther=LEDState
repacd.RE_MoveFarther.Name_1='led_0'
repacd.RE_MoveFarther.Trigger_1='none'
repacd.RE_MoveFarther.Brightness_1='0'
repacd.RE_MoveFarther.Name_2='led_1'
repacd.RE_MoveFarther.Trigger_2='none'
repacd.RE_MoveFarther.Brightness_2='1'
repacd.RE_LocationSuitable=LEDState
repacd.RE_LocationSuitable.Name_1='led_0'
repacd.RE_LocationSuitable.Trigger_1='none'
repacd.RE_LocationSuitable.Brightness_1='1'
repacd.RE_LocationSuitable.Name_2='led_1'
repacd.RE_LocationSuitable.Trigger_2='none'
repacd.RE_LocationSuitable.Brightness_2='1'
repacd.InCAPMode=LEDState
repacd.InCAPMode.Name_1='led_0'
repacd.InCAPMode.Trigger_1='none'
repacd.InCAPMode.Brightness_1='1'
repacd.InCAPMode.Name_2='led_1'
repacd.InCAPMode.Trigger_2='none'
repacd.InCAPMode.Brightness_2='1'
repacd.CL_LinkSufficient=LEDState
repacd.CL_LinkSufficient.Name_1='led_0'
repacd.CL_LinkSufficient.Trigger_1='none'
repacd.CL_LinkSufficient.Brightness_1='1'
repacd.CL_LinkSufficient.Name_2='led_1'
repacd.CL_LinkSufficient.Trigger_2='none'
repacd.CL_LinkSufficient.Brightness_2='0'
repacd.CL_LinkInadequate=LEDState
repacd.CL_LinkInadequate.Name_1='led_0'
repacd.CL_LinkInadequate.Trigger_1='none'
repacd.CL_LinkInadequate.Brightness_1='0'
repacd.CL_LinkInadequate.Name_2='led_1'
repacd.CL_LinkInadequate.Trigger_2='none'
repacd.CL_LinkInadequate.Brightness_2='1'
repacd.CL_ActingAsRE=LEDState
repacd.CL_ActingAsRE.Name_1='led_0'
repacd.CL_ActingAsRE.Trigger_1='none'
repacd.CL_ActingAsRE.Brightness_1='1'
repacd.CL_ActingAsRE.Name_2='led_1'
repacd.CL_ActingAsRE.Trigger_2='none'
repacd.CL_ActingAsRE.Brightness_2='1'
rstp.global=rstp
rstp.global.enable='0'
rstp.global.autoMode='1'
skb_recycler.@skb[0]=skb
skb_recycler.@skb[0].max_skbs='1024'
skb_recycler.@skb[0].max_spare_skbs='256'
ssid-steering.global=ssid-steering
ssid-steering.global.enable='0'
ssid-steering.global.private_vaps='ath0'
ssid-steering.global.public_vaps='ath1'
system.@system[0]=system
system.@system[0].hostname='luma'
system.@system[0].timezone='UTC'
system.ntp=timeserver
system.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org'
system.ntp.enabled='1'
system.ntp.enable_server='0'
system.@ button[0]=button
system.@ button[0].button='wps'
system.@ button[0].action='released'
system.@ button[0].handler='/opt/luma/bin/factory_reset.sh'
system.@ button[0].min='5'
system.@ button[0].max='60'
system.@ button[1]=button
system.@ button[1].button='wps'
system.@ button[1].action='released'
system.@ button[1].handler='/opt/luma/bin/reboot_luma.sh'
system.@ button[1].min='0'
system.@ button[1].max='4'
system-opkg.@ system[0]=system
system-opkg.@ system[0].hostname='OpenWrt'
system-opkg.@ system[0].timezone='UTC'
system-opkg.@ system[0].log_size='64'
system-opkg.ntp=timeserver
system-opkg.ntp.server='0.openwrt.pool.ntp.org' '1.openwrt.pool.ntp.org' '2.openwrt.pool.ntp.org' '3.openwrt.pool.ntp.org'
system-opkg.ntp.enable_server='0'
thermal.config=thermal
thermal.config.Enabled='1'
ubootenv.@ ubootenv[0]=ubootenv
ubootenv.@ ubootenv[0].dev='/dev/mtd5'
ubootenv.@ ubootenv[0].offset='0x0'
ubootenv.@ ubootenv[0].envsize='0x00010000'
ubootenv.@ ubootenv[0].secsize='0x00010000'
ubootenv.@ ubootenv[0].numsec='1'
upnpd.config=upnpd
upnpd.config.enable_natpmp='1'
upnpd.config.enable_upnp='1'
upnpd.config.secure_mode='1'
upnpd.config.log_output='0'
upnpd.config.download='1024'
upnpd.config.upload='512'
upnpd.config.external_iface='wan'
upnpd.config.internal_iface='lan'
upnpd.config.port='5000'
upnpd.config.upnp_lease_file='/var/upnp.leases'
upnpd.config.uuid='c85a935e-407a-4990-b08a-6743b2b366ee'
upnpd.@ perm_rule[0]=perm_rule
upnpd.@ perm_rule[0].action='allow'
upnpd.@ perm_rule[0].ext_ports='1024-65535'
upnpd.@ perm_rule[0].int_addr='0.0.0.0/0'
upnpd.@ perm_rule[0].int_ports='1024-65535'
upnpd.@ perm_rule[0].comment='Allow high ports'
upnpd.@ perm_rule[1]=perm_rule
upnpd.@ perm_rule[1].action='deny'
upnpd.@ perm_rule[1].ext_ports='0-65535'
upnpd.@ perm_rule[1].int_addr='0.0.0.0/0'
upnpd.@ perm_rule[1].int_ports='0-65535'
upnpd.@ perm_rule[1].comment='Default deny'
upnpd-opkg.config=upnpd
upnpd-opkg.config.enable_natpmp='1'
upnpd-opkg.config.enable_upnp='1'
upnpd-opkg.config.secure_mode='1'
upnpd-opkg.config.log_output='0'
upnpd-opkg.config.download='1024'
upnpd-opkg.config.upload='512'
upnpd-opkg.config.internal_iface='lan'
upnpd-opkg.config.port='5000'
upnpd-opkg.config.upnp_lease_file='/var/upnp.leases'
upnpd-opkg.@ perm_rule[0]=perm_rule
upnpd-opkg.@ perm_rule[0].action='allow'
upnpd-opkg.@ perm_rule[0].ext_ports='1024-65535'
upnpd-opkg.@ perm_rule[0].int_addr='0.0.0.0/0'
upnpd-opkg.@ perm_rule[0].int_ports='1024-65535'
upnpd-opkg.@ perm_rule[0].comment='Allow high ports'
upnpd-opkg.@ perm_rule[1]=perm_rule
upnpd-opkg.@ perm_rule[1].action='deny'
upnpd-opkg.@ perm_rule[1].ext_ports='0-65535'
upnpd-opkg.@ perm_rule[1].int_addr='0.0.0.0/0'
upnpd-opkg.@ perm_rule[1].int_ports='0-65535'
upnpd-opkg.@ perm_rule[1].comment='Default deny'
whitelist.luma=whitelist
whitelist.luma.host='www-luma-prod.lumaops.com' 'api-luma-prod.lumaops.com' 'www-luma-stage.lumaops.com' 'api-luma-stage.lumaops.com' 'www-luma-dev.lumaops.com' 'api-luma-dev.lumaops.com' 'www-luma-test.lumaops.com' 'api-luma-test.lumaops.com' 'luma-salt-master.lumaops.com' 'watchdog.lumaops.com' 'account.getluma.com' 'ota.lumaops.com'
wireless.wifi0=wifi-device
wireless.wifi0.type='qcawifi'
wireless.wifi0.hwmode='11ng'
wireless.wifi0.disabled='0'
wireless.wifi0.channel='auto'
wireless.wifi0.htmode='HT40'
wireless.bgn_ap=wifi-iface
wireless.bgn_ap.device='wifi0'
wireless.bgn_ap.network='lan'
wireless.bgn_ap.mode='ap'
wireless.bgn_ap.rrm='1'
wireless.bgn_ap.disabled='0'
wireless.bgn_ap.encryption='psk2'
wireless.bgn_ap.key='XXXXXXXXXXXXXXXXXXXX'
wireless.bgn_ap.ssid='XXXXXXXXXXXXXXXXXXXXXXX'
wireless.bgn_guest_ap=wifi-iface
wireless.bgn_guest_ap.device='wifi0'
wireless.bgn_guest_ap.network='lan'
wireless.bgn_guest_ap.mode='ap'
wireless.bgn_guest_ap.rrm='1'
wireless.bgn_guest_ap.encryption='psk2'
wireless.bgn_guest_ap.ssid='DevicesNetwork'
wireless.bgn_guest_ap.disabled='0'
wireless.bgn_guest_ap.key='8832uj1k+9zh'
wireless.bgn_mesh_sta=wifi-iface
wireless.bgn_mesh_sta.device='wifi0'
wireless.bgn_mesh_sta.network='lan'
wireless.bgn_mesh_sta.mode='sta'
wireless.bgn_mesh_sta.encryption='psk2'
wireless.bgn_mesh_sta.ssid='OpenWrt'
wireless.bgn_mesh_sta.wds='1'
wireless.bgn_mesh_sta.disabled='1'
wireless.bgn_mesh_ap=wifi-iface
wireless.bgn_mesh_ap.device='wifi0'
wireless.bgn_mesh_ap.network='lan'
wireless.bgn_mesh_ap.mode='ap'
wireless.bgn_mesh_ap.wds='1'
wireless.bgn_mesh_ap.hidden='1'
wireless.bgn_mesh_ap.disabled='0'
wireless.bgn_mesh_ap.encryption='psk2'
wireless.bgn_mesh_ap.ssid='luma-mesh1-xRkCYY'
wireless.bgn_mesh_ap.key='3869B01DF71D705559DD89C996182D8EF533D998692C3F37C3469908E8B7C244'
wireless.wifi1=wifi-device
wireless.wifi1.type='qcawifi'
wireless.wifi1.hwmode='11ac'
wireless.wifi1.htmode='VHT80'
wireless.wifi1.disabled='0'
wireless.wifi1.channel='auto'
wireless.ac_ap=wifi-iface
wireless.ac_ap.device='wifi1'
wireless.ac_ap.network='lan'
wireless.ac_ap.mode='ap'
wireless.ac_ap.rrm='1'
wireless.ac_ap.disabled='0'
wireless.ac_ap.encryption='psk2'
wireless.ac_ap.key='XXXXXXXXXXXXXXXXXXXXX'
wireless.ac_ap.ssid='XXXXXXXXXXXXXXXXXXXXXXX'
wireless.ac_guest_ap=wifi-iface
wireless.ac_guest_ap.device='wifi1'
wireless.ac_guest_ap.network='lan'
wireless.ac_guest_ap.mode='ap'
wireless.ac_guest_ap.rrm='1'
wireless.ac_guest_ap.encryption='psk2'
wireless.ac_guest_ap.ssid='DevicesNetwork'
wireless.ac_guest_ap.disabled='0'
wireless.ac_guest_ap.key='8832uj1k+9zh'
wireless.ac_mesh_sta=wifi-iface
wireless.ac_mesh_sta.device='wifi1'
wireless.ac_mesh_sta.network='lan'
wireless.ac_mesh_sta.mode='sta'
wireless.ac_mesh_sta.ssid='OpenWrt'
wireless.ac_mesh_sta.encryption='none'
wireless.ac_mesh_sta.disabled='1'
wireless.ac_mesh_ap=wifi-iface
wireless.ac_mesh_ap.device='wifi1'
wireless.ac_mesh_ap.network='lan'
wireless.ac_mesh_ap.mode='ap'
wireless.ac_mesh_ap.wds='1'
wireless.ac_mesh_ap.ssid='luma-mesh1-xRkCYY'
wireless.ac_mesh_ap.hidden='1'
wireless.ac_mesh_ap.encryption='psk2'
wireless.ac_mesh_ap.key='3869B01DF71D705559DD89C996182D8EF533D998692C3F37C3469908E8B7C244'
wireless.ac_mesh_ap.disabled='0'
wireless.qcawifi=qcawifi
wireless.qcawifi.atf_mode='1'
wsplcd.config=wsplcd
wsplcd.config.HyFiSecurity='0'
wsplcd.config.RunMode='AUTO'
wsplcd.config.DesignatedPBAP='0'
wsplcd.config.WPSMethod='WPS_M2'
wsplcd.config.ConfigSta='1'
wsplcd.config.SearchTimeout='60'
wsplcd.config.WPSSessionTimeout='120'
wsplcd.config.WPSRetransmitTimeout='5'
wsplcd.config.WPSPerMessageTimeout='15'
wsplcd.config.PushButtonTimeout='120'
wsplcd.config.PBSearchTimeout='10'
wsplcd.config.WPAPassphraseType='LONG'
wsplcd.config.DebugLevel='ERROR'
wsplcd.config.BandSel='1'
wsplcd.config.BandChoice='5G'
wsplcd.config.RMCollectTimeout='10'
wsplcd.config.DeepClone='1'
wsplcd.config.ManageVAPInd='1'
wsplcd.config.APCloning='0'
wsplcd.config.ButtonMode='TWOBUTTON'
wsplcd.config.CloneTimeout='180'
wsplcd.config.WalkTimeout='120'
wsplcd.config.RepeatTimeout='1'
wsplcd.config.InternalTimeout='15'
wsplcd.config.WaitOtherBandsSecs='20'
wsplcd.config.WaitFirstBandSecs='30'
wsplcd.config.WriteDebugLogToFile='NONE'

Made some significant progress. Got the Lumas flashed and running OpenWRT 21 (after spending way to long figuring out TFP issues). I am now trying to re-deploy my home network in small steps as I work through and understand all the aspects involved that I am not very experienced with, namely VLANs. Things are looking up and I think I am making good progress, but I am encountering an issue I can't figure out. I don't want to proceed to the next progressive step in building things out unless I understand what is going on here and where I am messing up.

The first step I took was keeping my legacy (unmanaged switches) home network functioning over tagged ports (1 and 4 with PVIDs set) through my main LAN which I created the primary vLAN (br-lan.10). This worked well as my understanding (95% sure) is that I am sending tagged packets out (which doesn't matter bc they are discarded by the legacy switches) and I am tagging everything coming in via the PVID 10. Basically, my router thinks everything inbound on 1&4 are coming in tagged on vLAN 10 and it routes accordingly (...right?). As a result of that going well, I enabled several wireless networks attached to their own vLANs on my main router following along with OneMarcFifty's explanatory videos.

My second step was to start testing building out new infrastructure that I can migrate my home devices to progressively. To begin doing this and learning more, I added an AP (one of the Lumas running OpenWRT 21) to my router's #3 port as part of vLAN 10.But as soon as I change the ports on the Router and the AP from Untagged to Tagged, I no longer can connect to the new AP's LuCI interface.

My understanding is that my router's vLAN I am currently connected to and using (br-lan.10) should have no problem adding the AP to the same vLAN over Tagged ports. This is an OpenWRT device to an OpenWRT device with nothing in between.

What am I missing about this concept that seemed simple until I tried to implement it?

Here is a map of my current setup and what stops working when I change tagging.

Router's configs: network, dhcp, firewall, and wireless
/etc/config/network
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fda0:1e00:4587::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        option ipv6 '0'
        list ports 'ethernet1'
        list ports 'ethernet2'
        list ports 'ethernet3'
        list ports 'ethernet4'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'br-lan.10'

config device
        option name 'internet'
        option macaddr 'c8:d7:19:31:bd:52'

config interface 'wan'
        option device 'internet'
        option proto 'dhcp'

config interface 'wan6'
        option device 'internet'
        option proto 'dhcpv6'

config interface 'Devices'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option type 'bridge'
        option device 'br-lan.20'

config interface 'GUEST'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option type 'bridge'
        option device 'br-lan.30'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'ethernet1:t*'
        list ports 'ethernet3'
        list ports 'ethernet4:t*'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'ethernet3:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'ethernet3:t'
/etc/config/dhcp
config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'Luma'
        option interface 'Luma'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

config dhcp 'LUMALAN'
        option interface 'LUMALAN'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

config host
        option name '192.168.1.219'
        option dns '1'
        option mac '64:00:6A:83:2C:66'
        option ip '192.168.1.219'

config dhcp 'luma'
        option interface 'luma'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

config dhcp 'Devices'
        option interface 'Devices'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

config dhcp 'GUEST'
        option interface 'GUEST'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'
/etc/config/firewall
config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config zone
        option name 'DevicesZone'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'Devices'

config zone
        option name 'GuestZone'
        option output 'ACCEPT'
        option forward 'REJECT'
        option input 'REJECT'
        list network 'GUEST'

config forwarding
        option src 'lan'
        option dest 'DevicesZone'

config forwarding
        option src 'GuestZone'
        option dest 'wan'

config rule
        option name 'Guest DHCP and DNS'
        option src 'GuestZone'
        option dest_port '53 67 68'
        option target 'ACCEPT'

config forwarding
        option src 'DevicesZone'
        option dest 'wan'
/etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:01.0/0000:01:00.0'
        option htmode 'HT20'
        option cell_density '0'
        option channel '8'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'HOME'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '1a2b'
        option ft_psk_generate_local '1'
        option ft_over_ds '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:02.0/0000:02:00.0'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'HOME'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '1a2b'
        option ft_psk_generate_local '1'
        option ft_over_ds '0'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'DevicesNetwork'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '1a2b'
        option ft_psk_generate_local '1'
        option ft_over_ds '0'
        option network 'Devices'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid 'GUEST'
        option encryption 'psk2'
        option ieee80211r '1'
        option mobility_domain '1a2b'
        option ft_psk_generate_local '1'
        option network 'GUEST'
        option key 'xxxx'
        option ft_over_ds '0'
AP's configs: network, dhcp, firewall, and wireless
/etc/config/network
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd7d:50c7:f997::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth1'

config interface 'lan'
        option device 'br-lan.10'
        option proto 'static'
        option ipaddr '192.168.1.2'
        option netmask '255.255.255.0'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'eth0'
        list ports 'eth1:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'eth0:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '30'
        list ports 'eth0:t'

config interface 'DEVICES'
        option device 'br-lan.20'
        option proto 'none'
        option type 'bridge'

config interface 'Guest'
        option device 'br-lan.30'
        option proto 'none'
        option type 'bridge'

/etc/config/dhcp
config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'
        list ra_flags 'none'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

/etc/config/firewall
config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'

/etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/a000000.wifi'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option channel '8'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'HOME'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '1a2b'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/a800000.wifi'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'HOME'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '1a2b'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'DevicesNetwork'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option mobility_domain '1b2c'
        option network 'DEVICES'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid 'GUEST'
        option encryption 'psk2'
        option key 'xxx'
        option ieee80211r '1'
        option mobility_domain '1c2d'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option network 'Guest'