-
-
Save braian87b/bba9da3a7ac23c35b7f1eecafecdd47d to your computer and use it in GitHub Desktop.
# ======================================================== | |
# Setup a Dumb AP, Wired backbone for OpenWRT / LEDE | |
# ======================================================== | |
# Set lan logical interface as bridge (to allow bridge multiple physical interfaces) | |
uci set network.lan.type='bridge' | |
# assign WAN physical interface to LAN (will be available as an additional LAN port now) | |
uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)" | |
uci del network.wan.ifname | |
# Remove wan logical interface, since we will not need it. | |
uci del network.wan | |
# Disable Dnsmasq completely (it is important to commit or discard dhcp) | |
uci commit dhcp; echo '' > /etc/config/dhcp | |
/etc/init.d/dnsmasq disable | |
/etc/init.d/dnsmasq stop | |
# Set static network configuration (sample config for 192.168.1.0/24) | |
# 192.168.1.1 is the Main Router | |
uci set network.lan.ipaddr='192.168.1.2' | |
uci set network.lan.dns='192.168.1.1' | |
uci set network.lan.gateway='192.168.1.1' | |
uci set network.lan.netmask='255.255.255.0' | |
uci set network.lan.broadcast='192.168.1.255' | |
# Set DHCP on LAN (not recommended, but useful when Dumb AP is moveable from one building to another) | |
uci del network.lan.broadcast | |
uci del network.lan.dns | |
uci del network.lan.gateway | |
uci del network.lan.ipaddr | |
uci del network.lan.netmask | |
uci set network.lan.proto='dhcp' | |
# To identify better when connected to SSH and when seen on the network | |
uci set system.@system[0].hostname='DumbAP1' | |
uci set network.lan.hostname="`uci get system.@system[0].hostname`" | |
# ======================================================== | |
# Optional, Disable IPv6 | |
# ======================================================== | |
uci del network.lan.ip6assign | |
uci set network.lan.delegate='0' | |
uci del dhcp.lan.dhcpv6 | |
uci del dhcp.lan.ra | |
uci del dhcp.odhcpd | |
/etc/init.d/odhcpd disable | |
/etc/init.d/odhcpd stop | |
# ======================================================== | |
# Commit changes, flush, and restart network | |
# ======================================================== | |
# This way we will get internet on this AP and we must reconnect | |
uci commit | |
sync | |
/etc/init.d/network restart | |
# If all is OK then reboot and test again: | |
reboot | |
# How to setup Wireless Links to avoid Wired backbone using WDS on Atheros for OpenWRT / LEDE | |
https://gist.github.com/braian87b/8a524a8ad74a36407a8f481e9d16a5c9 | |
# How to setup Client Bridged / Client Mode / RelayD and IGMPProxy for OpenWRT / LEDE | |
https://gist.github.com/braian87b/821e9e4f399918510c55619192a31871 |
@neilkidd glad that worked for your wdr3600!, you are welcome!
I landed on this page after I found my printer couldn't be seen from the LAN wired side of my "Dumb AP". After some searching I found this page and turns out I was missing the bit about dnsmasq, turning that off fixed everything, thanks!
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop
Just what I was looking for... except, I'd like to make use of the DumbAP1 as my DHCP server. Should I just comment out the Disable Dnsmasq section? Thanks heaps.
Sorted that - best not to delete it in the first place: but otherwise, copied back the default /etc/config/dhcp plus some tweeks; enabled dnsmasq; disabled firewall - correct me if I'm wrong, but I can't see the point of a firewall in a (not quite so) dumb AP; also deleted wan6 as per deletion of wan
First of all, thank you very much for this tutorial!
I have 3 Archer C7's waiting to be installed (OpenWRT is already installed), but I'm waiting for the contractor to clean the pipes for my wires (the builder poured concrete while the pipes were still open...)
As soon as this is done, I will start configuring them, with this tutorial.
I just have one question... I noticed:
uci set network.lan.broadcast='192.168.0.255'
While the rest of the config points to the 192.168.1.x subnet, the broadcast here is 192.168.0.x
Is this done intentionally or, is this a typo?
First of all, thank you very much for this tutorial (Script) !
I just wanted to ask for help if you can help me with a small problem that i have with my (Wrt1900acs) AP, and that is i have disabled ip6 on my dumb AP but still i can se my home host names in ip6 version in both my dumb AP and in my opnsense router.
i have also disabled ip6 in my router.
i hope that you can help
best regards.
@ShapeShifter499 Glad that this helped you!
@xpseudonym yes.
@D2nnyim yes it was a typo! thank for noticing, I corrected it now.
@AlMoselly I don't know what it could be doing that, please try to debug it using logread
, see if you have more than one router maybe with dhcp enabled, you may have your ISP router with ipv6 dhcp connected to the lan, or may be just that device that have separate config for ipv6.
@braian87b thanks for helping me out with this instruction, I had used it for my 841ND to bridge multi router at my home. The problem is the openwrt act as it is invisible in the network. You cannot ping it at 192.168.x.x as you has already set. I had followed your command above as well as instruction with Luci in the main page of openwrt. The bridge does it job perfectly but I cannot control it anymore. Do you have any solution for that?
What do you mean that you cannot control it anymore? please explain better that... thanks.
What do you mean that you cannot control it anymore? please explain better that... thanks.
It have no ip address in the network, which means you cannot go to luci page or even get ssh connection to the openwrt
This config steps are for configure a Router as DumbAP and connect it to your existing LAN with an existing Main Router using an ethernet cable (wired).
On the Lan interface on the DumbAP you can set a fixed IP (on the same range of your existing network) or configure it as DHCP (to get an ip automatically) if you have it automatic you should scan your network (using nmap or some other ip scanner) or watch the dhcp leases table on your main router.
Please see relevant lines on this again, are 17 to 23, and 25 to 31 you should run just one of those depending on what mode you choose, not both.
Thanks for your response. I just copy it to a bash script and run. I don't even read the comments. My dump bridge now run as good as what it's supposed to be!
Very happy about that!.
I have done this before and thought I knew how to get the router running as an AP, but running diagnostic I still have 100% packet loss. I have disabled firewall, disabled dnsmasq, set static IP and turned off DHCP, but still I have 100% loss. But, the device is connected to my main router and is online. I can connect wirelessly through it and openwrt.org is there. But when I attempt to ping or update software list for adding samba, it fails to connect. Also, I basically did all this 4 days ago using ROOter firmware and pretty quickly had it connected and ping received 100% easy peezy.
@braian87b
Confused here. Trying to apply what seems logical of this recipe over a newer OpenWrt version.
Main router is 192.168.2.1, I want it to have the dhcp server and dns server, and have the same SSIDs defined on dumb and main router to have clients bounce around. This is what this recipe is supposed to be about from my understanding.
So basically taking the pieces and bits that I need, but that results into having client devices trying to connect and not obtain leases from the main router and basically DoS the clients that try to connect to the nearest SSID.... until I power off the dumb ap.
# ========================================================
# Setup a Dumb AP, Wired backbone for OpenWRT / LEDE
# ========================================================
# Set lan logical interface as bridge (to allow bridge multiple physical interfaces)
uci set network.lan.type='bridge'
# assign WAN physical interface to LAN (will be available as an additional LAN port now)
uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)"
uci del network.wan.ifname
# Remove wan logical interface, since we will not need it.
uci del network.wan
# Disable Dnsmasq completely (it is important to commit or discard dhcp)
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop
# Set static network configuration (sample config for 192.168.2.0/24)
# 192.168.2.1 is the Main Router
uci set network.lan.ipaddr='192.168.2.2'
uci set network.lan.dns='192.168.2.1'
uci set network.lan.gateway='192.168.2.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.2.255'
# Set DHCP on LAN (not recommended, but useful when Dumb AP is moveable from one building to another)
#uci del network.lan.broadcast
#uci del network.lan.dns
#uci del network.lan.gateway
#uci del network.lan.ipaddr
#uci del network.lan.netmask
#uci set network.lan.proto='dhcp'
# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='DumbAP1'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"
# ========================================================
# Optional, Disable IPv6
# ========================================================
#uci del network.lan.ip6assign
#uci set network.lan.delegate='0'
#uci del dhcp.lan.dhcpv6
#uci del dhcp.lan.ra
#uci del dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop
# ========================================================
# Commit changes, flush, and restart network
# ========================================================
# This way we will get internet on this AP and we must reconnect
uci commit
sync
/etc/init.d/network restart
# If all is OK then reboot and test again:
#reboot
At this point, I can see ipv6 dumb ap on main AP/router. But nothing else.
Changes from your script (commented out):
- not setting up DHCP on lan (I want main AP to deal with that so that there is no change of leases when clients are roaming around)
- Not disabling IPV6 on dumb AP.
- Tried to connect Dumb AP for internet uplink on WAN port (would have thought WAN port was bridged on LAN bridge?)
Changes from original post: - Relate to Main router/AP network 192.168.2.1-255 as opposed to 192.168.1.1-255.
- Relate to Dumb AP as 192.168.2.2 as opposed to 192.168.1.2
Not done but might be simple fix:
- Connect dumb AP uplink to Lan port.
Other documentation read:
- https://openwrt.org/docs/guide-user/network/wifi/dumbap
- https://openwrt.org/docs/guide-user/network/wifi/bridgedap
Which actually say to have dumb AP uplink connected to LAN port to main router/AP.
Any advice?
if you gonna use is as dumbAP then you have to:
disable dhcp (dnsmasq), connect a LAN port to a LAN port of your main Router or Lan port or your lan Network.
to prevent conflct disable ipv6 also (odhcpd, you can leave if6assign if you need to access to your dumbap config using ipv6 but should not lease ipv6 addresses to the network since probably your main router is already doing that)
you may also clean firewall configuration and disable the firewall too (to save a little bit of cpu/ram).
finally, you can convert you physical wan port into a Lan port (that process varies from hw/device, but is easy, lmk)
everything else that you did is fine. so the only main missing fix is : "Connect dumb AP uplink to Lan port."
# ========================================================
# Setup a Dumb AP, Wired backbone for OpenWRT / LEDE
# ========================================================
# Set lan logical interface as bridge (to allow bridge multiple physical interfaces)
#uci set network.lan.type='bridge'
# assign WAN physical interface to LAN (will be available as an additional LAN port now)
#uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)"
#uci del network.wan.ifname
# Remove wan logical interface, since we will not need it.
#uci del network.wan
# Disable Dnsmasq completely (it is important to commit or discard dhcp)
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop
# Set static network configuration (sample config for 192.168.1.0/24)
# 192.168.1.1 is the Main Router
uci set network.lan.ipaddr='192.168.2.2'
uci set network.lan.dns='192.168.2.1'
uci set network.lan.gateway='192.168.2.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.2.255'
# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='AP-south'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"
# ========================================================
# Optional, Disable IPv6
# ========================================================
uci del network.lan.ip6assign
uci set network.lan.delegate='0'
uci del dhcp.lan.dhcpv6
uci del dhcp.lan.ra
uci del dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop
#Wifi setup on WRT32X, no slow network overlap. Check channels might be problematic
#Not disclosed here
# ========================================================
# Commit changes, flush, and restart network
# ========================================================
# This way we will get internet on this AP and we must reconnect
uci commit
sync
/etc/init.d/network restart
# If all is OK then reboot and test again:
reboot
Made it work. Seems like putting wan to lan was the culprit on the WRT32X. Not sure why since it is supposed to be supported, but yeah, works fine now!
Thanks @braian87b!
Great! @tlaurion
# Set lan logical interface as bridge (to allow bridge multiple physical interfaces)
uci set network.lan.type='bridge'
# assign WAN physical interface to LAN (will be available as an additional LAN port now)
uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)"
uci del network.wan.ifname
# Remove wan logical interface, since we will not need it.
uci del network.wan
Those steps should work, but it will be interesting to know why it doesn't, please if you can post here output of:
uci show network
uci get network.lan.ifname
uci: Entry not found
uci get network.lan
interface
uci show | grep bridge
network.@device[0].type='bridge'
uci show | grep ifname
BusyBox v1.33.1 (2021-06-13 22:02:19 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.0-rc3, r16172-2aba3e9784
Well this seems to explain that! :)
uci show | grep ifname
BusyBox v1.33.1 (2021-06-13 22:02:19 UTC) built-in shell (ash) _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- OpenWrt 21.02.0-rc3, r16172-2aba3e9784
Well this seems to explain that! :)
so how to do this in v21.02 ?
Saw this in the documentation here https://openwrt.org/docs/guide-user/base-system/basic-networking.
This article may contain network configuration that is version dependent post 2021-06
ifname@interface has been moved to device and device sections
while legacy ifname syntax may work on 21.02 or recent master it is recommended that you migrate to device usage
So now looks like this should be uci get network.lan.device
Referred to this question:/etc/init.d/network restart
should be changed to /etc/init.d/network reload
Thanks for the tutorial :
I just need you help in 2 things please "A & B"
(A)Lan configuration:
I'm just confused about this , so basically I should use either static network or DHCP on LAN
is that right ?
So If I choose to go with static network then I should delete this part from the script ?
# Set DHCP on LAN (not recommended, but useful when Dumb AP is moveable from one building to another)
uci del network.lan.broadcast
uci del network.lan.dns
uci del network.lan.gateway
uci del network.lan.ipaddr
uci del network.lan.netmask
uci set network.lan.proto='dhcp'
I'm going to execute this script on a wireless backbone AP and then setup the WIFI on it.
(B)Script to disable IPv6
Can you write a script to completely disable IPv6 from a factory reset OpenWRT 22.03.3 router, a router to be used as a main router connected to ISP, I mean disable everything v6 related such as IPv6, WAN6 (also delete WAN6), RA, DHCPv6 etc ? basically convert the router to be IPv4 only.
Thanks @braian87b
Main Wireless Router : Belkin RT3200 (aka. Linksys E8450) OpenWRT 22.03.3 UBI
DUMB Wireless AP : Linksys E8450 (aka. Belkin RT3200) OpenWRT 22.03.3 UBI
(A) yes, either, since you cannot do the both, unless you create a 2nd bridged interface to the lan, think about it as for any device on your network (phone, computer, etc) you can configure a static IP or use DHCP, static IP is useful if you want to tie an IP to the device no matter on which network... but preferable you can use DHCP and set an static lease for the AP macaddress so the main Router will provide always the same IP to the dumb AP.
(B)
mostly involves the steps above, and also you can do the same on your main router and additionally disable ipv6 on the wan side if you have reliable ipv4 and don't want ISP ipv6
uci del network.wan6
uci del_list firewall.@zone[1].network='wan6'
if you want to go deeper:
https://www.google.com/search?q=openwrt+disable+ipv6
this one seems pretty accurate on all needed: https://3os.org/infrastructure/openwrt/disable-ipv6/
.
Hi @braian87b
Thanks for your help.
Based on your script, and after many tests, I've created the following script, can you please take a quick look?
Please let me know if something wrong in it.
# ========================================================
# Setup a Dumb AP for OpenWRT
# Tested on: Belkin RT3200 (aka. Linksys E8450) 22.03.3
# Script expects factory settings
# ========================================================
# Disable IPv6
# ========================================================
uci delete network.lan.ip6assign
uci set network.lan.delegate='0'
uci delete dhcp.lan.dhcpv6
uci delete dhcp.lan.ra
uci delete dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop
uci delete network.globals.ula_prefix
uci commit
# ========================================================
# Disable Dnsmasq completely and discard dhcp
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop
# ========================================================
# Disable firewall
/etc/init.d/firewall disable
/etc/init.d/firewall stop
mv /etc/config/firewall /etc/config/firewall.unused
# ========================================================
# Remove WAN logical interfaces
uci delete network.wan
uci delete network.wan6
# ========================================================
# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='DumbAP'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"
uci commit system
# ========================================================
# Set static network configuration (sample config for 192.168.1.0/24)
# 192.168.1.1 is the Main Router
# ========================================================
uci set network.lan.ipaddr='192.168.1.2'
uci set network.lan.dns='192.168.1.1'
uci set network.lan.gateway='192.168.1.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.1.255'
uci commit network
echo '====================================================================='
echo 'Reboot your router'
echo 'you can now connect the LAN port of this device to the LAN port'
echo 'of your main router.'
echo '192.168.1.2 is now your Access Point IP Address'
echo '====================================================================='
sync
reboot
Notes:
1- Adding WAN physical interface to LAN did not work in my router!, I had to do it manually in LuCi :(
using "network.lan.ifname" is not working anymore, I think now it is "network.lan.device"
If I type: "uci show network" then this is the result:
root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix=''
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3' 'lan4'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'
2-The only thing that I could not disable is "Enable IPv6" from the configuration of the "bridge device" under "General device options" tab
do you know the command to do that? Or maybe it is not necessary anymore? I've tried Google without any luck! Please check the screenshot attached:
Try not remove /etc/config/firewall
file placeholder, leave it as-is, disabling the service is enough, you will not save space since that starts sitting in rom, but you can empty the file if you want, similarly as with /etc/config/dhcp
if you want it cleaner.
remember that if you are using recent version of openwrt it won't have swconfig
anymore now it uses DSA. so the configuration will be different,
IPv6 you can disable using Luci and see on the pending settings to be commit which changed.
You can always change everything using LuCI and inspect which changes LuCi do and dump those into your script, will be safer if you are not familiar yet with all the configurations.
I greatly appreciate your help and efforts @braian87b
@RustyRouter happy to help.
Hi,
Just wanted to say thanks :)
I used this as the basis for adding a second tp-link wdr3600 in my home network.
Regards