Unable to get internet ( new setup)

Hello people
I have been using open wrt for some time for on my TP C20 V4 as wireless extender and working well for years
( THIS router has its wan port transformer dead and 1st lan port )

But when I try to use it as a router it won't connect to internet

(Same thing happens with my C60 on open wrt)

My isp
Have provided
A Static connection And have given
A IP ADDRESS
A SUBNET
A GATEWAY
A DNS ( same as gateway)

I have configured the VLAN for lan4 as wan
I can ping IP address and gateway and nothing else

Some insight will be helpful
Thanks

170270847156420626951886833595701920×1440 228 KB

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

{
        "kernel": "5.15.134",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7628AN ver:1 eco:2",
        "model": "TP-Link Archer C20 v4",
        "board_name": "tplink,archer-c20-v4",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0",
                "revision": "r23497-6637af95aa",
                "target": "ramips/mt76x8",
                "description": "OpenWrt 23.05.0 r23497-6637af95aa"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9f:16fb:6916::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '8.8.8.8'

config device
        option name 'eth0.2'
        option macaddr '(mac address)'

config interface 'wan'
        option device 'eth0.2'
        option proto 'static'
        option ipaddr '172.18.xxx.xxx'
        option netmask '255.255.255.128'
        option gateway '172.18.xxx.xxx'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 2 3'
        option description 'lan'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 4'
        option description 'wan'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10300000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option start '100'
        option limit '150'
        option leasetime '12h'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target '

You are missing DNS on the wan interface. (it does nothing on the lan interface).

Edit your config file so that it looks like this for the lan

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

and like this for the wan.

config interface 'wan'
        option device 'eth0.2'
        option proto 'static'
        option ipaddr '172.18.xxx.xxx'
        option netmask '255.255.255.128'
        option gateway '172.18.xxx.xxx'
        list dns '8.8.8.8'

Then restart and test again.

It's the same not internet can't ping 8.8.8.8 from ssh or pc

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '8.8.8.8'

config device
        option name 'eth0.2'
        option macaddr 'macaddr'

config interface 'wan'
        option device 'eth0.2'
        option proto 'static'
        option ipaddr '172.18.xxx.xxx'
        option netmask '255.255.255.128'
        option gateway '172.18.xxx.xxx'
        list dns '172.18.xxx.xxx'
        list dns '8.8.8.8'

Are you positive you have the correct information regarding the static IP? You appear to have an RFC1918 address (which is not a public IP)... do you have an ISP router in front of your OpenWrt device?

Because you have an RFC1918, you can actually safely show us the complete WAN configuration.

Also, are you positive that you are supposed to use static (and not DHCP)?

My isp do have an EPON device
I generally don't have to do anything it also did not have any preset configured
When useing TP link own software I just choose Static and set
IP
Subnet
Gateway
And I may choose not to use given DNS as it is same as gateway address
Should I share exact text that I got from isp about Static ?

1702711326467462593339534781571920×2560 367 KB

It is safe to do so since you're not using a public IP.

Dear NIL
Welcome to Alliance Broadband.
Your IP details are below.
IP: 172.18.144.204
Subnet: 255.255.255.128
Default Gateway: 172.18.144.129
DNS 1: 172.18.144.129
DNS 2: 8.8.8.8

Password is removed and is not needed

170271181177367696932303277471951920×2560 506 KB

That looks fine.

Does this MAC address match the label on the bottom of your C20? It is possible that your ISP links the service with the MAC of your router, and if this doesn't match what they have in their system, it might be part of the issue.

Yep that is eth0.2 mac address

At router back I have lan mac which is br-lan

Try changing the MAC defined under eth0.2 to the MAC that you see on the label.

I don't think so as I can switch my C60 to it just by plugin it in wan port
And network is back
Or I can just set static IP to pc directly and plug it it still works

Mac is definitely not bind to any

I'm confused... why not just use the wan port then?

How ?

Both mac are different by end letter C ( lan ) and D ( eth0.2)

It's wan port is dead bro

But this issue is not only limited to c20 my C60 have same issue It won't give internet

The settings as same as it

I have to revert back to TP link firmware because of that

And doing test on my c20

I can open my isp gateway that is used to check bill and monitor etc

But no internet

ah... ok, two different devices.

are both of them runnign OpenWrt? or is the alternate device using the TP-Link firmware?

My C60 is reverted back to TP link firmware ( I only have that to connect internet)

And c20 have new openwrt fresh install just today
And that is what we are working on