Skip to content

Instantly share code, notes, and snippets.

@braian87b
Last active October 23, 2024 23:13
Show Gist options
  • Save braian87b/bba9da3a7ac23c35b7f1eecafecdd47d to your computer and use it in GitHub Desktop.
Save braian87b/bba9da3a7ac23c35b7f1eecafecdd47d to your computer and use it in GitHub Desktop.
How to setup a Dumb AP, Wired backbone for OpenWRT / LEDE
@hatran3e
Copy link

hatran3e commented Dec 3, 2019

@braian87b thanks for helping me out with this instruction, I had used it for my 841ND to bridge multi router at my home. The problem is the openwrt act as it is invisible in the network. You cannot ping it at 192.168.x.x as you has already set. I had followed your command above as well as instruction with Luci in the main page of openwrt. The bridge does it job perfectly but I cannot control it anymore. Do you have any solution for that?

@braian87b
Copy link
Author

What do you mean that you cannot control it anymore? please explain better that... thanks.

@hatran3e
Copy link

hatran3e commented Dec 4, 2019

What do you mean that you cannot control it anymore? please explain better that... thanks.

It have no ip address in the network, which means you cannot go to luci page or even get ssh connection to the openwrt

@braian87b
Copy link
Author

This config steps are for configure a Router as DumbAP and connect it to your existing LAN with an existing Main Router using an ethernet cable (wired).

On the Lan interface on the DumbAP you can set a fixed IP (on the same range of your existing network) or configure it as DHCP (to get an ip automatically) if you have it automatic you should scan your network (using nmap or some other ip scanner) or watch the dhcp leases table on your main router.

Please see relevant lines on this again, are 17 to 23, and 25 to 31 you should run just one of those depending on what mode you choose, not both.

@hatran3e
Copy link

hatran3e commented Dec 5, 2019

Thanks for your response. I just copy it to a bash script and run. I don't even read the comments. My dump bridge now run as good as what it's supposed to be!

@braian87b
Copy link
Author

Very happy about that!.

@knowmansoul
Copy link

I have done this before and thought I knew how to get the router running as an AP, but running diagnostic I still have 100% packet loss. I have disabled firewall, disabled dnsmasq, set static IP and turned off DHCP, but still I have 100% loss. But, the device is connected to my main router and is online. I can connect wirelessly through it and openwrt.org is there. But when I attempt to ping or update software list for adding samba, it fails to connect. Also, I basically did all this 4 days ago using ROOter firmware and pretty quickly had it connected and ping received 100% easy peezy.

@tlaurion
Copy link

tlaurion commented Jul 12, 2021

@braian87b
Confused here. Trying to apply what seems logical of this recipe over a newer OpenWrt version.
Main router is 192.168.2.1, I want it to have the dhcp server and dns server, and have the same SSIDs defined on dumb and main router to have clients bounce around. This is what this recipe is supposed to be about from my understanding.

So basically taking the pieces and bits that I need, but that results into having client devices trying to connect and not obtain leases from the main router and basically DoS the clients that try to connect to the nearest SSID.... until I power off the dumb ap.


# ========================================================
# Setup a Dumb AP, Wired backbone for OpenWRT / LEDE
# ========================================================
# Set lan logical interface as bridge (to allow bridge multiple physical interfaces)
uci set network.lan.type='bridge'
# assign WAN physical interface to LAN (will be available as an additional LAN port now)
uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)"
uci del network.wan.ifname
# Remove wan logical interface, since we will not need it.
uci del network.wan

# Disable Dnsmasq completely (it is important to commit or discard dhcp)
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

# Set static network configuration (sample config for 192.168.2.0/24)
# 192.168.2.1 is the Main Router
uci set network.lan.ipaddr='192.168.2.2'
uci set network.lan.dns='192.168.2.1'
uci set network.lan.gateway='192.168.2.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.2.255'

# Set DHCP on LAN (not recommended, but useful when Dumb AP is moveable from one building to another)
#uci del network.lan.broadcast
#uci del network.lan.dns
#uci del network.lan.gateway
#uci del network.lan.ipaddr
#uci del network.lan.netmask
#uci set network.lan.proto='dhcp'

# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='DumbAP1'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"

# ========================================================
# Optional, Disable IPv6
# ========================================================
#uci del network.lan.ip6assign
#uci set network.lan.delegate='0'
#uci del dhcp.lan.dhcpv6
#uci del dhcp.lan.ra
#uci del dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop

# ========================================================
# Commit changes, flush, and restart network
# ========================================================
# This way we will get internet on this AP and we must reconnect
uci commit
sync
/etc/init.d/network restart
# If all is OK then reboot and test again:
#reboot

At this point, I can see ipv6 dumb ap on main AP/router. But nothing else.
Changes from your script (commented out):

  • not setting up DHCP on lan (I want main AP to deal with that so that there is no change of leases when clients are roaming around)
  • Not disabling IPV6 on dumb AP.
  • Tried to connect Dumb AP for internet uplink on WAN port (would have thought WAN port was bridged on LAN bridge?)
    Changes from original post:
  • Relate to Main router/AP network 192.168.2.1-255 as opposed to 192.168.1.1-255.
  • Relate to Dumb AP as 192.168.2.2 as opposed to 192.168.1.2

Not done but might be simple fix:

  • Connect dumb AP uplink to Lan port.

Other documentation read:

Any advice?

@braian87b
Copy link
Author

if you gonna use is as dumbAP then you have to:
disable dhcp (dnsmasq), connect a LAN port to a LAN port of your main Router or Lan port or your lan Network.
to prevent conflct disable ipv6 also (odhcpd, you can leave if6assign if you need to access to your dumbap config using ipv6 but should not lease ipv6 addresses to the network since probably your main router is already doing that)
you may also clean firewall configuration and disable the firewall too (to save a little bit of cpu/ram).

finally, you can convert you physical wan port into a Lan port (that process varies from hw/device, but is easy, lmk)

@braian87b
Copy link
Author

everything else that you did is fine. so the only main missing fix is : "Connect dumb AP uplink to Lan port."

@tlaurion
Copy link

# ========================================================
# Setup a Dumb AP, Wired backbone for OpenWRT / LEDE
# ========================================================
# Set lan logical interface as bridge (to allow bridge multiple physical interfaces)
#uci set network.lan.type='bridge'
# assign WAN physical interface to LAN (will be available as an additional LAN port now)
#uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)"
#uci del network.wan.ifname
# Remove wan logical interface, since we will not need it.
#uci del network.wan

# Disable Dnsmasq completely (it is important to commit or discard dhcp)
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

# Set static network configuration (sample config for 192.168.1.0/24)
# 192.168.1.1 is the Main Router
uci set network.lan.ipaddr='192.168.2.2'
uci set network.lan.dns='192.168.2.1'
uci set network.lan.gateway='192.168.2.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.2.255'

# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='AP-south'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"

# ========================================================
# Optional, Disable IPv6
# ========================================================
uci del network.lan.ip6assign
uci set network.lan.delegate='0'
uci del dhcp.lan.dhcpv6
uci del dhcp.lan.ra
uci del dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop

#Wifi setup on WRT32X, no slow network overlap. Check channels might be problematic
#Not disclosed here

# ========================================================
# Commit changes, flush, and restart network
# ========================================================
# This way we will get internet on this AP and we must reconnect
uci commit
sync
/etc/init.d/network restart
# If all is OK then reboot and test again:
reboot

Made it work. Seems like putting wan to lan was the culprit on the WRT32X. Not sure why since it is supposed to be supported, but yeah, works fine now!

Thanks @braian87b!

@braian87b
Copy link
Author

braian87b commented Jul 14, 2021

Great! @tlaurion

# Set lan logical interface as bridge (to allow bridge multiple physical interfaces)
uci set network.lan.type='bridge'
# assign WAN physical interface to LAN (will be available as an additional LAN port now)
uci set network.lan.ifname="$(uci get network.lan.ifname) $(uci get network.wan.ifname)"
uci del network.wan.ifname
# Remove wan logical interface, since we will not need it.
uci del network.wan

Those steps should work, but it will be interesting to know why it doesn't, please if you can post here output of:

uci show network

@tlaurion
Copy link

tlaurion commented Jul 20, 2021

@braian87b

uci get network.lan.ifname
uci: Entry not found
uci get network.lan
interface

uci show | grep bridge
network.@device[0].type='bridge'

uci show | grep ifname


BusyBox v1.33.1 (2021-06-13 22:02:19 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 21.02.0-rc3, r16172-2aba3e9784

Well this seems to explain that! :)

@sajati
Copy link

sajati commented Sep 20, 2021

uci show | grep ifname


BusyBox v1.33.1 (2021-06-13 22:02:19 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 21.02.0-rc3, r16172-2aba3e9784

Well this seems to explain that! :)

so how to do this in v21.02 ?

@rgatti
Copy link

rgatti commented Sep 26, 2021

Saw this in the documentation here https://openwrt.org/docs/guide-user/base-system/basic-networking.

This article may contain network configuration that is version dependent post 2021-06

ifname@interface has been moved to device and device sections
while legacy ifname syntax may work on 21.02 or recent master it is recommended that you migrate to device usage

So now looks like this should be uci get network.lan.device

@Domepo
Copy link

Domepo commented Apr 7, 2022

Referred to this question:

/etc/init.d/network restart should be changed to /etc/init.d/network reload

@RustyRouter
Copy link

Thanks for the tutorial :
I just need you help in 2 things please "A & B"

(A)Lan configuration:

I'm just confused about this , so basically I should use either static network or DHCP on LAN
is that right ?
So If I choose to go with static network then I should delete this part from the script ?

# Set DHCP on LAN (not recommended, but useful when Dumb AP is moveable from one building to another)
uci del network.lan.broadcast
uci del network.lan.dns
uci del network.lan.gateway
uci del network.lan.ipaddr
uci del network.lan.netmask
uci set network.lan.proto='dhcp'

I'm going to execute this script on a wireless backbone AP and then setup the WIFI on it.

(B)Script to disable IPv6

Can you write a script to completely disable IPv6 from a factory reset OpenWRT 22.03.3 router, a router to be used as a main router connected to ISP, I mean disable everything v6 related such as IPv6, WAN6 (also delete WAN6), RA, DHCPv6 etc ? basically convert the router to be IPv4 only.

Thanks @braian87b

Main Wireless Router : Belkin RT3200 (aka. Linksys E8450) OpenWRT 22.03.3 UBI
DUMB Wireless AP : Linksys E8450 (aka. Belkin RT3200) OpenWRT 22.03.3 UBI

@braian87b
Copy link
Author

@RustyRouter

(A) yes, either, since you cannot do the both, unless you create a 2nd bridged interface to the lan, think about it as for any device on your network (phone, computer, etc) you can configure a static IP or use DHCP, static IP is useful if you want to tie an IP to the device no matter on which network... but preferable you can use DHCP and set an static lease for the AP macaddress so the main Router will provide always the same IP to the dumb AP.

(B)
mostly involves the steps above, and also you can do the same on your main router and additionally disable ipv6 on the wan side if you have reliable ipv4 and don't want ISP ipv6

uci del network.wan6
uci del_list firewall.@zone[1].network='wan6'

if you want to go deeper:
https://www.google.com/search?q=openwrt+disable+ipv6
this one seems pretty accurate on all needed: https://3os.org/infrastructure/openwrt/disable-ipv6/

.

@RustyRouter
Copy link

RustyRouter commented Mar 4, 2023

Hi @braian87b

Thanks for your help.

Based on your script, and after many tests, I've created the following script, can you please take a quick look?
Please let me know if something wrong in it.

# ========================================================
# Setup a Dumb AP for OpenWRT
# Tested on: Belkin RT3200 (aka. Linksys E8450) 22.03.3
# Script expects factory settings
# ========================================================
# Disable IPv6
# ========================================================
uci delete network.lan.ip6assign
uci set network.lan.delegate='0'
uci delete dhcp.lan.dhcpv6
uci delete dhcp.lan.ra
uci delete dhcp.odhcpd
/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop
uci delete network.globals.ula_prefix
uci commit

# ========================================================
# Disable Dnsmasq completely and discard dhcp
uci commit dhcp; echo '' > /etc/config/dhcp
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

# ========================================================
# Disable firewall
/etc/init.d/firewall disable
/etc/init.d/firewall stop
mv /etc/config/firewall /etc/config/firewall.unused

# ========================================================
# Remove WAN logical interfaces
uci delete network.wan
uci delete network.wan6

# ========================================================
# To identify better when connected to SSH and when seen on the network
uci set system.@system[0].hostname='DumbAP'
uci set network.lan.hostname="`uci get system.@system[0].hostname`"
uci commit system

# ========================================================
# Set static network configuration (sample config for 192.168.1.0/24)
# 192.168.1.1 is the Main Router
# ========================================================
uci set network.lan.ipaddr='192.168.1.2'
uci set network.lan.dns='192.168.1.1'
uci set network.lan.gateway='192.168.1.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.broadcast='192.168.1.255'
uci commit network


echo '====================================================================='
echo 'Reboot your router'
echo 'you can now connect the LAN port of this device to the LAN port'
echo 'of your main router.'
echo '192.168.1.2 is now your Access Point IP Address'
echo '====================================================================='
sync
reboot

Notes:
1- Adding WAN physical interface to LAN did not work in my router!, I had to do it manually in LuCi :(
using "network.lan.ifname" is not working anymore, I think now it is "network.lan.device"
If I type: "uci show network" then this is the result:

root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix=''
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3' 'lan4'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'

2-The only thing that I could not disable is "Enable IPv6" from the configuration of the "bridge device" under "General device options" tab
do you know the command to do that? Or maybe it is not necessary anymore? I've tried Google without any luck! Please check the screenshot attached:
IPv6

@braian87b
Copy link
Author

braian87b commented Mar 5, 2023

Try not remove /etc/config/firewall file placeholder, leave it as-is, disabling the service is enough, you will not save space since that starts sitting in rom, but you can empty the file if you want, similarly as with /etc/config/dhcp if you want it cleaner.
remember that if you are using recent version of openwrt it won't have swconfig anymore now it uses DSA. so the configuration will be different,
IPv6 you can disable using Luci and see on the pending settings to be commit which changed.
You can always change everything using LuCI and inspect which changes LuCi do and dump those into your script, will be safer if you are not familiar yet with all the configurations.

@RustyRouter
Copy link

I greatly appreciate your help and efforts @braian87b

@braian87b
Copy link
Author

@RustyRouter happy to help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment