VLAN and WIFI issues with dummy access point

I have two ax6000, one as my main router and gateway (MAIN), and one as a dummy access point (AP). I used these tutorials:

to set up two vlans on MAIN. MAIN is also the DHCP. Then I used the same tutorials to connect the AP back to the MAIN.

Everything on MAIN works as it is supposed to. The wired connections on the AP work as they are supposed to. The WIFI on the AP will connect, but does not hand out IP addresses.

AP /etc/config/network:

 1 config interface 'loopback'
 2         option device 'lo'
 3         option proto 'static'
 4         option ipaddr '127.0.0.1'
 5         option netmask '255.0.0.0'
 6
 7 config globals 'globals'
 8         option ula_prefix 'fdde:73d4:8809::/48'
 9
10 config device
11         option name 'br-lan'
12         option type 'bridge'
13         list ports 'eth0'
14         list ports 'eth1'
15         list ports 'lan1'
16         list ports 'lan2'
17         list ports 'lan3'
18         list ports 'lan4'
19         list ports 'lan5'
20         option ipv6 '0'
21
22 config device
23         option name 'lan1'
24         option macaddr 'c8:7f:54:24:9f:36'
25
26 config device
27         option name 'lan2'
28         option macaddr 'c8:7f:54:24:9f:36'
29
30 config device
31         option name 'lan3'
32         option macaddr 'c8:7f:54:24:9f:36'
33
34 config device
35         option name 'lan4'
36         option macaddr 'c8:7f:54:24:9f:36'
37
38 config device
39         option name 'lan5'
40         option macaddr 'c8:7f:54:24:9f:36'
41
42 config interface 'lan'
43         option device 'br-lan.1'
44         option proto 'static'
45         option ipaddr '172.21.42.2'
46         option netmask '255.255.255.0'
47         option gateway '172.21.42.1'
48         list dns '172.21.42.1'
49         option delegate '0'
50
51 config device
52         option name 'eth1'
53         option macaddr 'c8:7f:54:24:9f:36'
54
55 config bridge-vlan
56         option device 'br-lan'
57         option vlan '1'
58         list ports 'eth0:t*'
59         list ports 'eth1:t*'
60         list ports 'lan1:u*'
61         list ports 'lan2:u*'
62         list ports 'lan3:u*'
63         list ports 'lan4:u*'
64         list ports 'lan5:u*'
65
66 config bridge-vlan
67         option device 'br-lan'
68         option vlan '10'
69         list ports 'eth0:t'
70         list ports 'eth1:t'
71
72 config interface 'guest'
73         option proto 'dhcp'
74         option device 'br-lan.10'
75         option delegate '0'

AP /etc/config/wireless

config wifi-device 'radio0'
 2         option type 'mac80211'
 3         option path 'platform/soc/18000000.wifi'
 4         option channel '11'
 5         option band '2g'
 6         option htmode 'HE40'
 7         option cell_density '0'
 8         option country 'US'
 9         option noscan '1'
10         option beacon_int '101'
11         option disabled '1'
12
13 config wifi-device 'radio1'
14         option type 'mac80211'
15         option path 'platform/soc/18000000.wifi+1'
16         option channel '116'
17         option band '5g'
18         option htmode 'HE160'
19         option country 'US'
20         option cell_density '0'
21         option beacon_int '101'
22         option disabled '1'
23
24 config wifi-iface 'wifinet2'
25         option device 'radio0'
26         option mode 'ap'
27         option ssid 'REDACTED
28         option encryption 'psk2'
29         option key 'REDACTED'
30         option ieee80211r '1'
31         option mobility_domain 'b00b'
32         option ft_over_ds '0'
33         option network 'lan'
34         option dtim_period '3'
35         option ft_psk_generate_local '1'
36         option disabled '1'
37
38 config wifi-iface 'wifinet1'
39         option device 'radio1'
40         option mode 'ap'
41         option ssid 'REDACTED'
42         option encryption 'psk2'
43         option key 'REDACTED'
44         option ieee80211r '1'
45         option mobility_domain 'b00b'
46         option ft_over_ds '0'
47         option network 'lan'
48         option dtim_period '3'
49         option ft_psk_generate_local '1'
50         option disabled '1'
51
52 config wifi-iface 'wifinet3'
53         option device 'radio0'
54         option mode 'ap'
55         option ssid 'REDACTED'
56         option encryption 'psk2'
57         option key 'REDACTED'
58         option ieee80211r '1'
59         option mobility_domain 'b00b'
60         option ft_over_ds '0'
61         option network 'guest'
62         option dtim_period '3'
63         option ft_psk_generate_local '1'
64         option disabled '1'

Any help is appreciated.

ap /etc/config/dhcp

 1
 2 config dnsmasq
 3         option domainneeded '1'
 4         option boguspriv '1'
 5         option filterwin2k '0'
 6         option localise_queries '1'
 7         option rebind_protection '1'
 8         option rebind_localhost '1'
 9         option local '/lan/'
10         option domain 'lan'
11         option expandhosts '1'
12         option nonegcache '0'
13         option cachesize '1000'
14         option authoritative '1'
15         option readethers '1'
16         option leasefile '/tmp/dhcp.leases'
17         option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
18         option nonwildcard '1'
19         option localservice '1'
20         option ednspacket_max '1232'
21         option filter_aaaa '0'
22         option filter_a '0'
23
24 config dhcp 'lan'
25         option interface 'lan'
26         option start '100'
27         option limit '150'
28         option leasetime '12h'
29         option dhcpv4 'server'
30         option ignore '1'
31
32 config odhcpd 'odhcpd'
33         option maindhcp '0'
34         option leasefile '/tmp/hosts/odhcpd'
35         option leasetrigger '/usr/sbin/odhcpd-update'
36         option loglevel '4'

Have you verified that the main router is working properly for both networks? Please post your configs from the main router.

What port on the AP connects back to the main router (please tell us which port on each device, actually)?

Everything works correctly on MAIN.

Port 3 on MAIN is connected to ETH1 port was WAN on AP, but then i removed the WAN interface, and added ETH0 and ETH1 to the LAN bridge.

What gets me is the phisical ports on the AP work as they should, its just the WIFI on the AP that is not working correctly.

Can I add the wifi interfaces to the LAN bridge somehow?

I'll have a few ideas of things to check, but I would like to see the main router's network config file before making any recommendations on the AP.

As for the wireless, it will automatically join the bridge. The SSID configuration stanza includes the option network line for this purpose. The radio devices should never be included in /etc/config/network

MAN /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd36:9e65:fb3a::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'
        option ipv6 '0'

config device
        option name 'lan1'
        option macaddr 'c8:7f:54:24:a8:64'

config device
        option name 'lan2'
        option macaddr 'c8:7f:54:24:a8:64'

config device
        option name 'lan3'
        option macaddr 'c8:7f:54:24:a8:64'

config device
        option name 'lan4'
        option macaddr 'c8:7f:54:24:a8:64'

config device
        option name 'lan5'
        option macaddr 'c8:7f:54:24:a8:64'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '172.21.42.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option ipv6 '0'
        list dns '1.1.1.1'
        list dns '9.9.9.11'

config device
        option name 'eth1'
        option macaddr 'c8:7f:54:24:a8:64'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option peerdns '0'
        list dns '1.1.1.1'
        list dns '9.9.9.9'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1:u*'
        list ports 'lan2:u*'
        list ports 'lan3:t*'
        list ports 'lan5:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan3:t'
        list ports 'lan4:u*'
        list ports 'lan5'

config interface 'guest'
        option proto 'static'
        option device 'br-lan.10'
        option ipaddr '192.168.42.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option defaultroute '0'

config device
        option name 'br-lan.10'
        option type '8021q'
        option ifname 'br-lan'
        option vid '10'
        option ipv6 '0'

config device
        option name 'br-lan.1'
        option type '8021q'
        option ifname 'br-lan'
        option vid '1'
        option ipv6 '0'

On the main router:

On lan3, remove the * so that reads:

        list ports 'lan3:t'

if port lan5 should be untagged, make it explict like this:

        list ports 'lan5:u*'

Is there a reason you have default route set to 0 here?

Delete these stanzas:

Now, on the AP:

Remove the * from pots eth0 and eth1 so that it reads:

58         list ports 'eth0:t'
59         list ports 'eth1:t'

Also, to verify that the VLANs are traversing the trunk properly, let's use lan5 for VLAN 10. Remove it from the VLAN 1 section (line 64), and add it to VLAN 10 like this:

config bridge-vlan
67         option device 'br-lan'
68         option vlan '10'
69         list ports 'eth0:t'
70         list ports 'eth1:t'
           list ports 'eth5:u*'

This will allow you to use port eth5 as a test to make sure the AP has connectivity to the guest network.

Also, make the guest network on the AP unmanaged -- lines 72+ should look like this:

72 config interface 'guest'
73         option proto 'none'
74         option device 'br-lan.10'

It appears that all of your radios/SSIDs are disabled on the AP. Not sure why at that is the case.

But, regarding those SSID configs...
remove all of the 802.11r related items (from both devices) as it can actually cause more problems than it solves. It's not required, and should only be used when there is an actual demonstrated need for it.

The guest SSID should look more like this:

52 config wifi-iface 'wifinet3'
53         option device 'radio0'
54         option mode 'ap'
55         option ssid 'REDACTED'
56         option encryption 'psk2'
57         option key 'REDACTED'
61         option network 'guest'
62         option dtim_period '3'

Restart both devices after making the changes. Use port eth5 on the AP to verify that the trunk is functioning properly.

Steps I took:

  • Removed 802.11r from both devices and all 3 wifi
  • moved the cable on AP from ETH0/1 over to port 3.
  • tagged both sides
  • Also * vlan 1 and now it works.

Thank you for your notes, never would have found it.