This document describes how to create an Access Point (AP) that extends a network that already has a router, access control, and DHCP in place. People can connect over wireless or Ethernet to the new AP and then to the existing network. In this configuration, the AP is not routing packets, it does not provide DHCP or other functions. The result is a bridged LAN (no internal subnets) that will work fine for home and small networks.
Note: The AP wireless can be configured to control access as Open/WPA/WPA2/etc. MAC-based access control is controlled by the main router.
Note: 'Static DHCP' is not covered here: this procedure creates an AP that provides wired/wireless access and won't interfere with Static DHCP.
Note: This recipe is similar to the “Bridged AP” recipe at Bridged AP. These pages should probably be merged.
Of course you can achieve this with using the web interface:
Once you have configured your wireless network with LUCI you can start configuring your dumb AP.
The changes below assume an OpenWrt default configuration, the relevant files are:
/etc/config/network and change the
On switchless devices, simply bridge all ethernet interfaces together, remove the existing WAN interface - if any.
config interface lan option type 'bridge' option ifname 'eth0 eth1' # Bridges lan and wan option proto 'dhcp' # Change as appropriate
On devices with a separate WAN interface, bridge the LAN VLAN together with the WAN interface, remove the existing WAN interface - if any.
config interface lan option type 'bridge' option ifname 'eth0.1 eth1' # Bridges vlan 1 and wan option proto 'dhcp' # Change as appropriat
Switch configuration on WR1043ND (barrier breaker):
config switch_vlan option device 'switch0' option vlan '1' option ports '0 1 2 3 4 5t' # 1. add 0 in here #config switch_vlan # 2. comment out or delete the whole vlan 2 section # option device 'switch0' # option vlan '2' # option ports '0 5t'
On devices where WAN and LAN are separated by switch config, reconfigure the LAN VLAN to cover all ports, remove the existing WAN interface and its related VLAN - if any.
config switch_vlan eth0_1 option vlan '1' option ports '0 1 2 3 4 5t' # Might vary depending on the device config interface lan option type 'bridge' option ifname 'eth0.1' option proto 'dhcp' # Change as appropriate
/etc/config/wireless, and don't worry about most of it, things that might need changes are commented.
config 'wifi-device' 'radio0' option type 'mac80211' option channel '11' option macaddr '12:e4:4a:b3:83:1a' option htmode 'HT20' list ht_capab 'SHORT-GI-20' list ht_capab 'SHORT-GI-40' list ht_capab 'TX-STBC' list ht_capab 'RX-STBC1' list ht_capab 'DSSS_CCK-40' config 'wifi-iface' option device 'radio0' option network 'lan' # Set to the name of the bridged interface option mode 'ap' option ssid 'ap_myaccesspoint' option encryption 'psk2' # Change as appropriate option key 'ap_password'
If you still need dnsmasq running for something else (e.g. TFTP server) you can do:
uci set dhcp.lan.ignore=1 uci commit dhcp /etc/init.d/dnsmasq restart
If not disable dnsmasq service:
/etc/init.d/dnsmasq disable /etc/init.d/dnsmasq stop
Disable odhcpd with uci:
uci set dhcp.lan.dhcpv6=disabled uci set dhcp.lan.ra=disabled uci commit
Or disable service:
/etc/init.d/odhcpd disable /etc/init.d/odhcpd stop
/etc/init.d/firewall disable /etc/init.d/firewall stop
Reloading the network config should be enough, it should automatically restart if necessary.
If you would like your AP to receive IPv6 as a host only and not for routing you have to tell dhcp6c not to request prefix deligation. If you do not do this the AP will reject basic IPv6 addresses. If you want to still be able to use ipv6 on the Router itself change the wan6 to lan6 and @wan to @lan
config interface 'lan6' option proto 'dhcpv6' option ifname '@lan' option reqprefix no
DLNA and UPnP clients and printer or SMB discovery protocols on LANs tend to work by using multicast packets. For example PS3, xbox, TVs and stereos use DLNA to detect, communicate with and stream audio/video over the network. By default on bridged interfaces on OpenWrt (at least tested in 18.x series) multicast snooping is turned off. This means all network interfaces connected to a bridge (such as a WiFi SSID and ethernet VLAN) will receive multicast packets as if they were broadcast packets.
On WiFi the slowest modulation available is used for multicast packets (so that everyone can hear them). If you have “enabled legacy 802.11b rates” on your WiFi (Advanced settings checkbox in LuCI under the WiFi settings, or
option legacy_rates '1' in /etc/config/wireless file) then 1Mbps is the rate that will be used. This can completely use up the WiFi airtime with even fairly light multicast streaming.
There are two possible fixes for this, one is to enable multicast snooping:
option igmp_snooping '1' under the appropriate /etc/config/network settings for the bridge. This will cause the bridge to forward only on bridge ports that have requested to receive the particular multicast group. On the other hand, if someone on WiFi requests the group, it will still flood the multicast there, and some people have reported problems with certain devices such as android phones and with ipv6 when igmp_snooping is enabled (requires further debugging to identify if there is really a problem or not). By disabling legacy 802.11b rates (
option legacy_rates '0') you can at least force the use of 6Mbps or more on the WiFi multicast packets, and this opens up more airtime for other uses.