Hi all,
I’m trying to understand what I’m missing but have been staring at examples, Wiki articles and replayed the onemarcfifty video’s multiple times.
I have a x86 router with four network interfaces running OpenWRT 24.10.2. One network interface is connected to the Internet, the other three are in a bridge. I currently have four dumb AP’s running OpenWRT 24.10.2 with a swconfig setup (R7800). I plan on replacing those with newer devices and start using DSA. I have recently bought one newer device and am trying to get that to work as dumb AP with two additional vlans and wifi networks (WR3000).
The issue I have is that when I try to connect to the MAIN_LAN wifi on the WR3000, I don’t get an ip address assigned from the router. But when I connect to the GUEST wifi on the WR3000, it just works. It has something to do with the DSA vs swconfig setup and tagging, untagging and primary vlan, I think.
Both the R7800 and the WR3000 are directly connected to the x86 router. The other R7800’s in the rest of the house are connected via the switch of this particular R7800 of which I added the config files below. Those other R7800 are identical in setup in regards to vlans, bridges and wireless networks.
Here are details of my x86 router. This devices has no wireless interfaces:
ubus call system board
root@Router:/etc/config# ubus call system board
{
"kernel": "6.6.93",
"hostname": "Router",
"system": "Intel(R) Celeron(R) N5105 @ 2.00GHz",
"model": "Default string Default string",
"board_name": "default-string-default-string",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "24.10.2",
"revision": "r28739-d9340319c6",
"target": "x86/64",
"description": "OpenWrt 24.10.2 r28739-d9340319c6",
"builddate": "1750711236"
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0d:3eba:21ef::/48'
option packet_steering '1'
config device 'device1'
option name 'br-lan'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
option type 'bridge'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.254'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
list dns '9.9.9.9'
list dns '149.112.112.112'
list dns '2620:fe::fe'
list dns '2620:fe::9'
option peerdns '0'
option device 'eth0.6'
option proto 'pppoe'
option username 'REDACTED'
option password 'REDACTED'
option mtu '1500'
option ipv6 'auto'
config device 'device2'
option ifname 'br-lan'
option name 'br-lan.3'
option type '8021q'
option vid '3'
config device 'device3'
option ifname 'eth0'
option name 'eth0.4'
option type '8021q'
option vid '4'
option mtu '1500'
config device 'device4'
option ifname 'br-lan'
option name 'br-lan.5'
option type '8021q'
option vid '5'
config device 'guest_dev'
option type 'bridge'
option name 'br-guest'
list ports 'br-lan.3'
config device 'iot_dev'
option type 'bridge'
option name 'br-iot'
list ports 'br-lan.5'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '10.1.1.1'
option netmask '255.255.255.0'
config interface 'iot'
option proto 'static'
option device 'br-iot'
option ipaddr '172.30.1.1'
option netmask '255.255.255.0'
config interface 'IPTV_WAN'
option proto 'dhcp'
option device 'eth0.4'
option peerdns '0'
option delegate '0'
option defaultroute '0'
option vendorid 'IPTV_RG'
option classlessroute '1'
config route 'route1'
option gateway '10.138.64.1'
option interface 'IPTV_WAN'
option target '213.75.112.0/21'
config device 'device5'
option ifname 'br-lan'
option name 'br-lan.7'
option type '8021q'
option vid '7'
config interface 'stbitv'
option proto 'static'
option device 'br-stbitv'
option ipaddr '172.22.1.1'
option netmask '255.255.255.0'
config device 'stbitv_dev'
option type 'bridge'
option name 'br-stbitv'
list ports 'br-lan.7'
option igmp_snooping '1'
config device 'device6'
option mtu '1508'
option name 'eth0'
config device
option name 'eth0.6'
option type '8021q'
option ifname 'eth0'
option vid '6'
option mtu '1508'
option mtu6 '1508'
/etc/config/dhcp
config dnsmasq 'dnsmasq1'
option authoritative '1'
option domain 'thuis'
option domainneeded '1'
option ednspacket_max '1232'
option expandhosts '1'
option leasefile '/tmp/dhcp.leases'
option local '/thuis/'
option localise_queries '1'
option localservice '1'
option noresolv '1'
option port '15353'
option readethers '1'
option rebind_protection '0'
list server '192.168.1.254'
config dhcp 'lan'
option interface 'lan'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dns 'fd0d:3eba:21ef::1'
option start '80'
option limit '120'
list dhcp_option '6,192.168.1.254'
list dhcp_option '15,thuis'
list dhcp_option '119,thuis'
option leasetime '24h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
/etc/config/firewall
config defaults 'defaults'
option forward 'REJECT'
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
config zone 'zone1'
option forward 'ACCEPT'
option input 'ACCEPT'
option name 'lan'
option output 'ACCEPT'
list network 'lan'
list network 'vpn'
config zone 'zone2'
option forward 'REJECT'
option input 'REJECT'
option masq '1'
option name 'wan'
option output 'ACCEPT'
list network 'wan'
config forwarding 'forwarding1'
option dest 'wan'
option src 'lan'
config rule 'rule1'
option dest_port '68'
option family 'ipv4'
option name 'Allow-DHCP-Renew'
option proto 'udp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule2'
option family 'ipv4'
option icmp_type 'echo-request'
option name 'Allow-Ping'
option proto 'icmp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule3'
option family 'ipv4'
option name 'Allow-IGMP'
option proto 'igmp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule4'
option dest_port '546'
option family 'ipv6'
option name 'Allow-DHCPv6'
option proto 'udp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule5'
option family 'ipv6'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option name 'Allow-MLD'
option proto 'icmp'
option src 'wan'
option src_ip 'fe80::/10'
option target 'ACCEPT'
config rule 'rule6'
option family 'ipv6'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option name 'Allow-ICMPv6-Input'
option proto 'icmp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule7'
option dest '*'
option family 'ipv6'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option name 'Allow-ICMPv6-Forward'
option proto 'icmp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule8'
option dest 'lan'
option name 'Allow-IPSec-ESP'
option proto 'esp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule9'
option dest 'lan'
option dest_port '500'
option name 'Allow-ISAKMP'
option proto 'udp'
option src 'wan'
option target 'ACCEPT'
config redirect 'redirect1'
option dest 'lan'
option dest_ip '192.168.x.x'
option dest_port '80'
option name 'HTTPv4'
list proto 'tcp'
option src 'wan'
option src_dport '80'
option target 'DNAT'
config redirect 'redirect2'
option dest 'lan'
option dest_ip '192.168.x.x'
option dest_port '443'
option name 'HTTPSv4'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option target 'DNAT'
config redirect 'redirect3'
option dest 'lan'
option dest_ip '192.168.x.x'
option dest_port '22'
option name 'SSHv4'
list proto 'tcp'
option src 'wan'
option src_dport '22'
option target 'DNAT'
config rule 'rule10'
option dest 'lan'
list dest_ip 'REDACTED'
option dest_port '80'
option family 'ipv6'
option name 'HTTPv6'
option proto 'tcp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule11'
option dest 'lan'
list dest_ip 'REDACTED'
option dest_port '443'
option family 'ipv6'
option name 'HTTPSv6'
option proto 'tcp'
option src 'wan'
option target 'ACCEPT'
config rule 'rule12'
option dest 'lan'
list dest_ip 'REDACTED'
option dest_port '22'
option family 'ipv6'
option name 'SSHv6'
option proto 'tcp'
option src 'wan'
option target 'ACCEPT'
config zone 'zone3'
option forward 'REJECT'
option input 'REJECT'
option name 'guest'
option output 'ACCEPT'
list network 'guest'
config zone 'zone4'
option forward 'REJECT'
option input 'ACCEPT'
option name 'iot'
option output 'ACCEPT'
list network 'iot'
config rule 'rule14'
option dest_port '53 67 68'
option name 'guest DHCP and DNS'
option proto 'tcp udp'
option src 'guest'
option target 'ACCEPT'
config rule 'rule15'
option dest_port '53 67 68'
option name 'iot DHCP and DNS'
option proto 'tcp udp'
option src 'iot'
option target 'ACCEPT'
config forwarding 'forwarding2'
option dest 'wan'
option src 'guest'
config forwarding 'forwarding3'
option dest 'wan'
option src 'iot'
config zone 'zone5'
option forward 'REJECT'
option input 'ACCEPT'
option masq '1'
option name 'IPTV_WAN'
option output 'ACCEPT'
list network 'IPTV_WAN'
config forwarding 'forwarding4'
option dest 'IPTV_WAN'
option src 'lan'
config rule 'rule16'
option dest 'stbitv'
list dest_ip '224.0.0.0/4'
option family 'ipv4'
option name 'Allow-IGMP-Proxy'
option proto 'udp'
option src 'IPTV_WAN'
option target 'ACCEPT'
config zone 'zone6'
option forward 'REJECT'
option input 'ACCEPT'
option name 'stbitv'
option output 'ACCEPT'
list network 'stbitv'
config rule 'rule17'
option dest_port '53 67 68'
option name 'stbitv DHCP and DNS'
option proto 'tcp udp'
option src 'stbitv'
option target 'ACCEPT'
config forwarding 'forwarding5'
option dest 'wan'
option src 'stbitv'
config forwarding 'forwarding6'
option dest 'iot'
option src 'lan'
config forwarding 'forwarding7'
option dest 'stbitv'
option src 'lan'
config forwarding 'forwarding8'
option dest 'IPTV_WAN'
option src 'stbitv'
config forwarding 'forwarding9'
option dest 'lan'
option src 'stbitv'
Here are details of an older dumb AP (R7800). I have in total four of these around the house. Three of those only have the 5GHz radio’s active, this one is also running the 2.4GHz radio for IoT/MQTT devices.
ubus call system board
{
"kernel": "6.6.100",
"hostname": "ap-groundfloor",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear Nighthawk X4S R7800",
"board_name": "netgear,r7800",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"firmware_url": "https://downloads.openwrt.org/",
"revision": "r30720-3109fe36c1",
"target": "ipq806x/generic",
"description": "OpenWrt SNAPSHOT r30720-3109fe36c1",
"builddate": "1754326350"
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
list ipaddr '127.0.0.1/8'
config globals 'globals'
option ula_prefix 'fdfd:4d69:ad2f::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
option igmp_snooping '1'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list ipaddr '192.168.1.253/24'
option gateway '192.168.1.254'
list dns '192.168.1.254'
option delegate '0'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option auto '0'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
option auto '0'
option reqaddress 'try'
option reqprefix 'auto'
option norelease '1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1t 2t 3t 4 6t'
option vid '1'
option description 'Main network'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '1t 2t 3t 4t 6t'
option vid '3'
option description 'guest-network'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '4'
option description 'iptv-network'
config switch_vlan
option device 'switch0'
option vlan '5'
option ports '1t 2t 3t 4t 6t'
option vid '5'
option description 'iot-network'
config switch_vlan
option device 'switch0'
option vlan '6'
option vid '6'
option description 'wan-network'
config interface 'guest'
option proto 'none'
option device 'br-guest'
config interface 'iot'
option proto 'none'
option device 'br-iot'
config device
option type 'bridge'
option name 'br-guest'
list ports 'eth1.3'
option igmp_snooping '1'
config device
option type 'bridge'
option name 'br-iot'
list ports 'eth1.5'
option igmp_snooping '1'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option band '2g'
option channel '6'
option htmode 'HT20'
option cell_density '0'
option country 'US'
option log_level '1'
option txpower '30'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'iot'
option mode 'ap'
option ssid 'IoT'
option encryption 'psk2+ccmp'
option dtim_period '3'
option key 'REDACTED'
option disassoc_low_ack '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option channel '36'
option htmode 'VHT80'
option cell_density '0'
option country 'US'
option log_level '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'MAIN_LAN'
option encryption 'psk2+ccmp'
option dtim_period '3'
option key 'REDACTED'
option ieee80211r '1'
option reassociation_deadline '65535'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211k '1'
option time_advertisement '2'
option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
option wnm_sleep_mode '1'
option bss_transition '1'
option log_level '1'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'MQTT'
option encryption 'psk2+ccmp'
option hidden '1'
option dtim_period '3'
option key 'REDACTED'
option network 'lan'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'GUEST'
option encryption 'psk2+ccmp'
option isolate '1'
option dtim_period '3'
option key 'REDACTED'
option network 'guest'
I have the above setup running for a few years now, very solid, very happy with it.
I plan on replacing those R7800’s (Qualcomm) with MediaTek devices (WR3000?) in the near future. Here are it’s details:
ubus call system board
{
"kernel": "6.6.104",
"hostname": "ap-cudy",
"system": "ARMv8 Processor rev 4",
"model": "Cudy WR3000H v1",
"board_name": "cudy,wr3000h-v1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.3",
"revision": "r28872-daca7c049b",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.3 r28872-daca7c049b",
"builddate": "1758316778"
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdfd:3eba:8239::/48'
option packet_steering '1'
config device 'device_lan'
option name 'br-lan'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'wan'
option type 'bridge'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.1.254'
list dns '192.168.1.254'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
list ports 'wan:t*'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'wan:t'
config bridge-vlan
option device 'br-lan'
option vlan '5'
list ports 'wan:t'
config interface 'guest'
option proto 'none'
option device 'br-lan.3'
config device
option type 'bridge'
option name 'br-guest'
list ports 'br-lan.3'
option igmp_snooping '1'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option channel '1'
option htmode 'HE20'
option cell_density '0'
option disabled '1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option channel '161'
option htmode 'HE80'
option cell_density '0'
option log_level '1'
option country 'US'
config wifi-iface 'wifinet0'
option device 'radio1'
option mode 'ap'
option ssid 'GUEST'
option encryption 'sae'
option network 'guest'
option dtim_period '3'
option key 'REDACTED'
option ieee80211r '1'
option reassociation_deadline '65535'
option ft_over_ds '0'
option ieee80211k '1'
option time_advertisement '2'
option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
option wnm_sleep_mode '1'
option bss_transition '1'
option ocv '0'
option log_level '1'
config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option network 'lan'
option disabled '1'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'MAIN_LAN'
option encryption 'sae'
option dtim_period '3'
option key 'REDACTED'
option ieee80211r '1'
option reassociation_deadline '65535'
option ft_over_ds '0'
option ieee80211k '1'
option time_advertisement '2'
option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
option wnm_sleep_mode '1'
option bss_transition '1'
option ocv '0'
option network 'lan'
option log_level '1'
option disabled '1'
What part am I missing? I’m starting to get the idea I need to do more than just the WR3000, like also overhaul the network configuration of my x86 router. But will I be able to support both swconfig and DSA setups for older and newer dumb AP’s?
