Wired access point bridge WLAN to LAN on Archer C7 not working

I'm having no luck getting WLAN to LAN traffic flowing on a TP-Link Archer C7 v5.

I have a router running as internet gateway/firewall with several VLANs.

I set up one wired access point on a Linksys WRT3200ACM which is working great - wired and wireless traffic.

I then tried to set up a TP-Link Archer C7 v5 to match. At this point the wired traffic is flowing as expected but the wireless isn't working at all.

I can connect wirelessly but I'm not getting assigned an IP and even if I assign one manually, nothing goes through. I can't even ping the router.

Here's my configuration (all 3 routers are on 23.05.4):

# ubus call system board
{
	"kernel": "5.15.162",
	"hostname": "ap-den",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C7 v5",
	"board_name": "tplink,archer-c7-v5",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.4",
		"revision": "r24012-d8dd03c46f",
		"target": "ath79/generic",
		"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
	}
}
# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'REDACTED'

config interface 'lan'
	option device 'eth0.1'
	option proto 'static'
	option ipaddr 'REDACTED'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway 'REDACTED'
	option type 'bridge'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 1 3 4 5'
	option vid '1'


# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '149'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option country 'US'

config wifi-iface 'wifinet10'
	option device 'radio0'
	option mode 'ap'
	option ssid 'REDACTED'
	option encryption 'psk2+ccmp'
	option key 'REDACTED'
	option ieee80211r '1'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option network 'lan'

dnsmasq, firewall, and odhcpd are disabled (services provided by gateway router)

You have mixed in 2 sections in your "lan" definition, reset device and create proper sections via LuCI

In this version, the syntax is slightly different:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option proto 'static'
        option ipaddr 'REDACTED'
        option netmask '255.255.255.0'
        option device 'br-lan'
        ...

@pavelgl When I make that change, the configuration fails and I have to roll back. That's why I came up with the idea of removing the br-lan entirely, which at least got wired vlan working.

@brada4 I did reset the router before this latest venture into VLANs. The reason br-lan is missing is that I deleted it. It may not have been the correct solution but at least I got something working. I figured wireless would be easy to add once I had wired working.

You absolutely need bridge to connect wireless to.

I added back the br-lan and assigned it to eth0.1 and applied - no problem.
Then I went to interfaces and assigned lan to br-lan - I had to revert (or should I have forced it?)
Then I tried assigning lan to br-lan.1 and also had to revert.

I don't know if it makes a difference but this is not a DSA device. The switch configuration is still separate.

eth0.1 is br-lan member and eth0.2 is wan port by default and the switch is configured to map those tagged vlan ID-s on system port to physical ports untagged. You can back up config, reset to defaults, and experiment from there, in worst case you replay backup from 192.168.1.1 and get back to today.

I deleted the wan interface early in the process and added all the VLANs to that port in the switch interface (all tagged).

I'll try starting from scratch again and see if I can bring up just the lan VLAN with wireless first and then try adding additional VLANs instead of starting with the VLANs.

br-lan you mean i hope

All I can say is that I'll try it - I had no luck last time.

If you provide the following info, we can help you get this working as desired:

• What VLAN IDs are on the trunk?
• Ideally, can you provide the name/purpose of each network (lan, guest, iot, etc)?
• Are all networks tagged, or is one untagged? If so, which one?
• Which network should be used to manage the C7?
• What address should the C7 have on your network (or should it use DHCP)?
• What port is used as the uplink to the router or upstream switch?
• How should the other ports be configured?
• Have you verified that all the networks function properly in general (ensuring that the problem is really just about the configuration of this device, rather than something upstream)?
• And finally, post your default /etc/config/network file.

@psherman Thank you so much for offering to help. Every path seems to lead to a rollback.

• What VLAN IDs are on the trunk?
  LAN is 1, Guest is 10, IOT is 20
• Ideally, can you provide the name/purpose of each network (lan, guest, iot, etc)?
  All three networks are isolated from each other. Guest has WAN access, IOT does not.
• Are all networks tagged, or is one untagged? If so, which one?
  All are tagged, LAN is default (at least for now)
• Which network should be used to manage the C7?
  LAN
• What address should the C7 have on your network (or should it use DHCP)?
  10.0.0.253
• What port is used as the uplink to the router or upstream switch?
  wan
• How should the other ports be configured?
  lan1&2 are IOT untagged and lan 3&4 are LAN untagged.
• Have you verified that all the networks function properly in general (ensuring that * the problem is really just about the configuration of this device, rather than something upstream)?
  They seem to. My WRT3200ACM is working fine and it has the same configuration.
• And finally, post your default /etc/config/network file.

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdbc:2e04:8afb::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth0.2'
        option macaddr '84:d8:1b:80:53:4c'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 0t'

This sounds like lan (vlan 1) is untagged. I'll go with that assumption, but if that's not what you meant, please let me know.

First thing we will do is remove logical port 1 (which is the wan port on your device) from VLAN 2:

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t'

We'll add it to VLAN 1 and we'll also remove logical ports 2 and 3 from VLAN 1 to use elsewhere. NOTE: I think that logical ports 2 and 3 will correspond to physical ports 1 and 2, but this could be incorrect -- if so, we can fix that later.

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 4 5 0t'

Now we'll add VLAN 10 for guest:

config switch_vlan
        option device 'switch0'
        option vlan '10'
        option ports '1t 0t'

And VLAN 20 for IoT using logical ports 2 and 3.

config switch_vlan
        option device 'switch0'
        option vlan '10'
        option ports '1t 2 3 0t'

Next, we add bridges for the VLANs:

config device
        option name 'br-guest'
        option type 'bridge'
        list ports 'eth0.10'

config device
        option name 'br-iot'
        option type 'bridge'
        list ports 'eth0.20'

Moving on, edit the lan interface to us the desired address:

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.0.0.253'
        option netmask '255.255.255.0'

And finally, we'll add two unmanaged interfaces for your other two networks

config interface 'guest'
        option device 'br-guest'
        option proto 'none'

config interface 'iot'
        option device 'br-iot'
        option proto 'none'

One other important thing -- be sure to disable the lan DHCP server on the C7.

That should be all. Restart the C7 and test again. If it doesn't work, please post the latest config for review.

I reset again and reconfigured using your directions but I used LUCI - I wanted to see if I'd be able to go through all the steps without it reporting errors and having me revert.

Long story short, it worked without incident.

I'm trying to figure out now what you had me do differently. If I can figure that out, I will report back to document my mistakes.

P.S. Once this was working, I had no trouble adding the wireless config.

Thank you again!!!

Great! Glad it all worked!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!

It looks like the problem was here:

config interface 'guest'
      option proto 'none'
      option device 'eth0.10'
      **option type 'bridge'**

I'm not sure where that bridge option came from but it seems to be what caused the problem after changing eth0.10 to br-guest.

Yes, that will break things.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.