Zoned dumb AP does not properly get IP addresses from my router

Installing and Using OpenWrt Network and Wireless Configuration
1

I have a RPi4 running routing/firewall with VLANs and connected it to an Archer A6 V3 which is serving as a dumb AP. I configured the A6 as such per the wiki and in doing so set the "LAN" and "GUEST" interfaces to DHCP Client. So the primary router (RPi4) is assigning those two interfaces IP addresses but I do not see both of them in /tmp/dhcp.leases only one of the two.

I have them setup to send a unique hostname to the router but that seems ignored. I also tried assigning them different MAC addresses but that also doesn't have an effect. Any thoughts?

/etc/config/network on AP 
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fddc:3583:2589::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'dhcp'
	option hostname 'ap.lan'
	option macaddr 'CC:32:E5:01:EB:BE'

config interface 'guest'
	option device 'br-lan.3'
	option proto 'dhcp'
	option hostname 'ap.guest'
	option macaddr 'CC:32:E5:01:EB:BD'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'lan3:t'
2

The IP of a dumb AP is only so you can log in, and for it to reach the Internet or private NTP server and set its UTC clock. You only need one IP.

For security reasons you don't want a dumb AP to hold an IP on a guest network-- if it did it would be pointless since you'd then want to firewall guests out of trying to hack the AP. Set this network to "proto none".

1 Like
3

So from dhcp to none for both the LAN and GUEST interfaces? Won't that make the device unreachable? How would one access it over ssh or luci without an IP?

4

No, lan would stay DHCP and change guest to none. You trust the LAN, so it gets access to the AP's OS.

It isn't necessary to set hostname in the interface, if unset it will inherit the global hostname from /etc/config/system.

1 Like
5

@mk24 - I set the GUEST interface to 'unmanaged' and rebooted the AP; LAN was kept to 'dhcp client'. Now, I cannot see the AP on the main router at all. Unsure how to determine its IP.

6

That should work like before. I do see you're trying to run tagged and untagged packets on the same Ethernet port, this is tricky or impossible to make work on some consumer grade devices. It is better to tag everything on "trunk" cables.

If you can't get Ethernet access you could-- on another OpenWrt router-- set up a wifi client of your LAN AP SSID, with a temporary network containing a static IP (outside any of your other subnets) and DHCP server, this should link to the AP and give it an IP address where you can ssh in from the other router.

1 Like