Two Jobs - LAN + Dumb AP Together

Hi there,

I am attempting to set up an OpenWRT device to do two jobs simultaneously.

I have started with a fresh install at factory settings and based further setup from there.

Ultimately I would like to achieve the following:

  • 2 separate networks on one device
  • 1 shared WAN port, 2 LAN ports per network, 1 WiFi SSID per network
  • Network 1 should be a dumb AP + switch. The network coming in on the WAN port should be bridged directly to 2 of the 4 LAN ports on the device, and 1 WiFi SSID
  • Network 2 should be a NATted network, where the 2 remaining LAN ports and the 1 remaining WiFi SSID should be assigned IP addresses by the device's DHCP server and NATted to the network coming in on the WAN port. This would end up being a double NAT, because the network coming in on the WAN port is a 192.168.0.0/24

For additional clarity, the resulting setup would be as such:

  • WiFi network 1 + LAN 1 and 2 - directly bridged to the WAN network 192.168.0.0/24 so connecting devices will be assigned DHCP addresses from the router the WAN port is connected to
  • WiFi network 2 + LAN 3 and 4 - NATted to the WAN, assigning DHCP addresses in the 192.168.1.0/24 range

I have attempted this setup myself by expanding on the stock LAN setup by:

This setup only half works unfortunately. The new LAN2 network works actually perfectly fine, I am getting IP addresses in the 192.168.0.0/24 range fine and I can access the internet. The NATted LAN (network 1) which is the unmodified LAN from the stock config however does not work for internet access, only for accessing the router interface. As you can see, the WAN interface no longer has an IP address assigned to it either, so I suspect thats the reason why I am not getting a connection to the downstream network, however I don't know why it does not.

Cherry on top is I tried to reproduce this exact setup on a second device and neither networks worked. Is this just an unsupported configuration or am I messing it up somewhere?

Thanks!

That is because you detached it from all physical interfaces. You should connect br-wan to wan and get rid of lan2.

A br-wan will work with attach APs or other Ethernet ports attached to it. These will be switched and/or bridged at layer 2 and the connected users handled entirely by the upstream router. The extra ports in the bridge on the wan side are "dumb" as far as OpenWrt is concerned.

The WAN interface is set to DHCPv4, and the wan port on the switch is part of both this interface and part of the br-wan bridge which is assigned to the Unmanaged LAN2 interface. Are you saying the second Unmanaged LAN2 interface is conflicting with the WAN interface, as pictured?

Yes I edited my reply. Get rid of lan2, you don't need it. Make the wan network's physical device br-wan. Change the network in the wifi AP configuration to wan, it will be attached to br-wan.

This worked, thank you! I see how this is much simpler than the setup I had. This does however mean this is an unsupported/incompatible configuration though, which is annoying because I would assume theres no way to detect and warn someone about this in LuCI.

OpenWrt and LuCI isn't based on canned "recipes" for specific use cases-- it generally lets you configure things however you want, even though there's a good chance it won't make a usable network.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.