I have a TP-Link Archer C7 V7 acting as a 'dumb AP' with LEDE 17.01.2, r3435-65eec8bd5f. In addition, the ethernet ports are configured as a switch, so that connecting a device to the ethernet ports is equivalent to connecting them to the main router directly (which is how wireless should work as well in this dump AP setup.) The network is also using 802.1X, a.k.a. WPA2 Enterpise.
I am experiencing two weird issues using wireless, that may or may not be related: IPv6 doesn't work, and wireless hosts are isolated from the rest of the network and themselves.
No IPv6
When I connect a device using a wired connection, either to the C7 or to the main router, I am able to obtain IPv6 addresses using IPv6 address autoconfiguration (that is, using ICMPv6 router advertisements.) However, most of the time devices connected using wireless are unable to get IPv6 addresses the same way. I must say most of the time because sometimes, with very low frequency and seemingly at random, devices do get IPv6 addresses.
I must add that, in addition to the 802.1X WPA2 network, I am running an open guest network. In the guest network, devices have no trouble at all getting IPv6 addresses, but if I were to connect to this exact same VLAN using the 802.1X WPA2 network, then the problem re-appears.
Isolated Wireless Stations
I have some mixed feelings about this one, as I consider this a good thing in general. However, I'd like to get to the bottom of this issue to understand why it happens and how to prevent it if I need to. As far as I could tell, this only happens with IPv4. If I assign wireless devices an IPv6 address manually, apparently it works (except case 3. below, which I didn't test.)
To explain this issue, let's say A
is a wireless station, A'
is a second wireless station and B
and B'
are wired devices, all connected to the same VLAN. A*
and B*
mean either of A
or A'
, or B
or B'
, respectively. There are no firewall rules in place anywhere preventing communication between hosts.
The following works (using ping as an example):
-
B*
->B*
-
A*
->B*
The following doesn't work (using ping as an example):
-
A*
->A*
The following works only if ping is started during situation 2. above, but not otherwise (using ping as an example):
- 'B*' -> 'A*'
So, B can only ping A and get a response if it's already being pinged by A. If B pings A at a time when A is not simultaneously pinging B, B won't get a response from A.
Configuration
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '52'
option hwmode '11a'
option path 'pci0000:01/0000:01:00.0'
option htmode 'VHT80'
option country 'US'
config wifi-iface
option device 'radio0'
option mode 'ap'
option encryption 'wpa2+ccmp'
option server 'radius.example.com'
option wds '1'
option dynamic_vlan '2'
option vlan_bridge 'br-vlan'
option vlan_tagged_interface 'eth0'
option disabled '0'
option ssid 'Example'
option key 'test'
config wifi-device 'radio1'
option type 'mac80211'
option channel '1'
option hwmode '11g'
option path 'platform/qca955x_wmac'
option htmode 'HT40'
option country 'US'
config wifi-iface
option device 'radio1'
option mode 'ap'
option encryption 'wpa2+ccmp'
option server 'radius.example.com'
option wds '1'
option dynamic_vlan '2'
option vlan_bridge 'br-vlan'
option vlan_tagged_interface 'eth0'
option ssid 'Example'
option key 'test'
config wifi-device 'radio2'
option type 'mac80211'
option channel '6'
option hwmode '11g'
option path 'platform/ehci-platform.1/usb2/2-1/2-1:1.0'
option htmode 'HT20'
option disabled '0'
config wifi-iface
option device 'radio2'
option mode 'ap'
option encryption 'none'
option ssid 'openwireless.org'
option wds '1'
option network 'vlan4'
option disabled '0'
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd12:3456:79ab::/48'
config interface 'vlan10'
option proto 'dhcp'
option ifname 'eth0.10'
option peerdns '1'
config interface 'vlan610'
option proto 'dhcpv6'
option ifname 'eth0.10'
option peerdns '1'
config interface 'vlan1'
option proto 'none'
option stp '1'
option auto '1'
option ifname 'eth0.1 eth1.1'
option type 'bridge'
config interface 'vlan2'
option proto 'none'
option stp '1'
option auto '1'
option ifname 'eth0.2'
option type 'bridge'
config interface 'vlan3'
option proto 'none'
option stp '1'
option auto '1'
option ifname 'eth0.3 eth1.3'
option type 'bridge'
config interface 'vlan4'
option proto 'none'
option stp '1'
option auto '1'
option ifname 'eth0.4 eth1.4'
option type 'bridge'
config interface 'vlan5'
option proto 'none'
option stp '1'
option auto '1'
option ifname 'eth0.5 eth1.5'
option type 'bridge'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option mirror_source_port '0'
option mirror_monitor_port '0'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 1t 2t 3t 4t 5t 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '1t 6t'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '0t 1t 2t 3t 4t 5t 6t'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '4'
option ports '0t 1t 2t 3t 4t 5t 6t'
config switch_vlan
option device 'switch0'
option vlan '5'
option vid '5'
option ports '0t 1t 2t 3t 4t 5t 6t'
option switch_vlan
option device 'switch0'
option vlan '10'
option vid '10'
option ports '0t 1t 2 6t'