Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:network:wifi:dumbap [2021/07/24 05:49] – [Wireless Access Point / Dumb Access Point / Dumb AP] someothertimedocs:guide-user:network:wifi:dumbap [2024/02/01 19:55] – [Wireless Access Point (aka "Dumb" Access Point)] intro should be concise palebloodsky
Line 1: Line 1:
-====== Wireless Access Point Dumb Access Point / Dumb AP ======+====== Wireless Access Point (aka "DumbAccess Point======
  
-{{section>meta:infobox:howto_links#config-network-device&noheader&nofooter&noeditbutton}}+This page describes how to configure your device as a //wireless access point (AP)//, sometimes called a //"dumb AP"// connected to an existing network with a single main router. The term //dumb// is used since the AP will not provide administrative duties such as routing, firewall, DHCP, or DNS, as these will be performed by the main router or other device
 + 
 +One common reason for this is to add additional wireless coverage to an existing network, maybe on a different floor or to cover a wireless dead spot. This setup is sufficient for small home or office network, but for larger networks a more sophisticated approach is often used.
  
 <WRAP box> <WRAP box>
-**Summary:** This document describes how to create Dumb Access Point (Dumb AP +Summary of configuration for Wireless AP: 
-that extends a network that already has a "main router"+  - The wireless AP is connected LAN-to-LAN to the main router by some means e.g. ethernet cable, 802.11s mesh, etc.  
-It's called "Dumb Access Point" because it does not provide routing or DHCP. +  - The wireless AP bridges its SSID wireless interface onto its LAN bridge interface. Wireless traffic on the wireless AP goes to its bridge LAN interface, then to the main router. 
-Here are the basics of setting up any router (not just OpenWrt) to be Dumb AP:+  - The wireless AP bridge LAN may have either static or DHCP address on the same subnet as the main router bridge LAN interface
 +  - The wireless AP gateway IP address is set to the address of the main router, either in the configuration or by DHCP. 
 +  - The wireless AP does not provide DHCP service, DNS resolution, or firewall. 
 +</WRAP>
  
-  * Connect the Dumb AP **LAN** port to the main router's **LAN** port via Ethernet. (Yes **LAN-to-LAN** - the WAN port of the Dumb AP will not be used.) +{{section>meta:infobox:howto_links#config-network-device&noheader&nofooter&noeditbutton}}
-  * Configure the Dumb AP's **LAN** port to have a static address on the main router's LAN address range. For example, if the main router LAN is 192.168.1.1, set the Dumb AP's LAN port to be 192.168.1.2 +
-  * Set the DNS server and gateway to the main router's address (192.168.1.1 in this example) +
-  * Turn off the firewall and DHCP&DNS server (dnsmasq) in the Dumb AP.  +
-  * Configure the wireless SSID, password, etc. on the Dumb AP as desired +
-  * Reboot the Dumb AP+
  
-The result is a bridged LAN (no internal subnets) that will work fine for home and small networks.  +===== External Videos for Reference =====
-People can connect to the Dumb AP over Ethernet or Wi-Fi (using the configured SSID/password) and use to the existing network.+
  
-//Note: The term "Dumb Access Point" appears to have originated in the Raspberry Pi worldFrom the perspective of a generic network engineerthe correct term would be "Wireless Access Point"To quote linksys.com "An access point connects to a wired router, switch, or hub via an Ethernet cable [or some other means], and projects a Wi-Fi signal to a designated area"router with a wireless interface would be called "Wireless Router".// +Several videos are available on the topic which may be useful for background information.\\ 
-</WRAP>+Bare in mind they are somewhat outdated and generally do not take into account everything. 
 + 
 +Using OpenWrt v21 with DSA example: 
 + 
 +{{youtube>qeuZqRqH-ug?}} 
 + 
 +Two videos which are outdated but explain firewall and APs: 
 + 
 +{{youtube>UvniZs8q3eU?}} 
 +{{youtube>4t_S2oWsBpE?}} 
 + 
 +WiFi roaming is much improved in newer mobile devices so configuring Fast Roaming, aka 802.11r, may not be required.\\ 
 +This video can be misleading as 802.11r has nothing to do with mesh networking. 
 +{{youtube>kMgs2XFClaM?}} 
 + 
 +===== Configuration via LuCI ===== 
 + 
 +These instructions refer to the interface found in OpenWrt 23.05. The interface of v21 upwards differs in significant ways from earlier versions of OpenWrt which we try to account for... but no guarantees. 
 + 
 +This setup requires two routers, a computer with an Ethernet port, and an Ethernet cable.  We refer to the routers as the //main router// and the //wireless AP// and we assume default settings on both.  The main router should already be properly configured and connected to the Internet. 
 + 
 +Disconnect the wireless AP from your network.\\ 
 +Use an Ethernet cable to connect your computer to one of the LAN ports (not the //Internet/////WAN// port) of the wireless AP.\\ 
 +If you use notebookturn off WiFi while configuring your AP to only have one IP connection, a wired one, to your "to be" configured wireless AP.\\ 
 +From a browser, navigate to LuCI by going to http://192.168.1.1. Login. Change the admin password if necessary.\\ 
 +   
 +{{:media:docs:howto:dumbap_1_interface_overview.jpg?750|}}   
 +  
 +Go to //Network -> Interfaces// and click on the **Edit** button of the LAN interface.  Ensure you are on the //General Settings// tab. 
 + 
 +{{:media:docs:howto:dumbap_2_interface_changed.jpg?750|}} 
 +  
 +It is best to configure the wireless AP to use DHCP to obtain an address from the main router,\\ 
 +but this guide will show how to do it the alternative way - by configuring static IP address.\\ 
 + 
 +Give the wireless AP an IP address "next to" your main router.\\ 
 +By defaultthe main router will have an address of 192.168.1.1so use 192.168.1.2. (or something like that.) \\ 
 +The address should be on the same subnet as your main router but out of the DHCP range used when assigning addresses to connected devices.\\ 
 +By default, that means the wireless AP router IP should be between 192.168.1.2 and 192.168.1.100.\\ 
 +If you're adding multiple wireless APsyou could use 192.168.1.3, 192.168.1.4, etc.\\ 
 +Save and apply the new IP address. 
 +   
 +{{:media:docs:howto:dumbap_3_connectivity.jpg?750|}} 
 +     
 +A warning screen will apear because you changed the routers IP to 192.168.1.2. Press "Apply and keep settings". 
 +      
 +Navigate back to the address you assigned in the previous step (say, http://192.168.1.2).\\ 
 +Make sure your browser uses the new IP address you assigned in the previous step. \\ 
 +Why?  Because in the next step, the gateway needs to be changed to point to the main router, and LuCI will not allow you to change the gateway to 192.168.1.1 while the wireless AP router is using that IP address.\\ 
 +If things are not working as expected, unplug the network cable from your computer for 10 seconds and plug in again. The currently still active DHCP Server on your wirless AP will then reasign valid IP to you. \\  
 + 
 +Login in your router and go back to //Network -> Interfaces//, **Edit** the //LAN interface//, //General Settings// tab.\\ 
 + 
 +{{:media:docs:howto:dumbap_4_gateway.jpg?750|}} 
 +   
 +Change the IPv4 gateway to point to your main router, 192.168.1.1 by default.  This sets the wireless AP router to use the main router for Internet access.\\ 
 +   
 +{{:media:docs:howto:dumbap_5_dns.jpg?750|}} 
 +   
 +Use the main router (192.168.1.1) for DNS.  Same page but the //Advanced Settings// tab.  Enter the IP of your main router in the //Use custom DNS servers// field and click //+//. 
 +   
 +{{:media:docs:howto:dumbAP_6_DHCP.jpg?750|}} 
 +   
 +Use the main router for DHCP (and disable DHCP for the Wireless AP) Same page again, now the //DHCP Server// tab.  Ensure the //Ignore interface// checkbox is checked.\\ 
 +   
 +{{:media:docs:howto:dumbAP_7_DHCP_ip6.jpg?750|}} 
 +   
 +Disable IPv6 DHCP.  Same page, //DHCP Server// tab again, but click on the //IPv6 Settings// sub-tab.  Set the //RA-Service//, //DHCPv6-Service//, and //NDP-Proxy// dropdowns to //disabled//.\\   
 +**In versions of OpenWrt older than 21.02.0:**  Under "Physical Settings" tab, ensure "Bridge interfaces" is ticked, and ensure BOTH of your interfaces (eth0, wlan0) are selected, in order to allow traffic between wireless and wired connections.\\ 
 +Press "Save"  
 +   
 +{{:media:docs:howto:dumbAP_8_DHCP_sanda.jpg?750|}} 
 +   
 +On the "Interface" screen, press "Save & Apply".\\ 
 +Most important steps are done, your wireless AP works!\\
  
-===== Configuration via OpenWrt Web Interface LUCI =====+Review next steps for some fine tuning, enable WLAN or even add a Guest Network:\\
  
-Of course you can achieve this with using the web interface:\\ +If you plan to add a "GUEST" network on your wireless AP (see this guide[[:docs:guide-user:network:wifi:guestwifi:guestwifi_dumbap]]), \\ 
-Once you have configured your wireless network with LUCI you can start configuring your dumb AP.\\ +**do not** do the next steps regarding turning off services labeled //firewall//, //dnsmasq// and //odhcpd// because your GUEST network will need these.\\ 
-  - Disconnect the (soon-to-be) Dumb AP from your networkand connect your computer to it with an Ethernet cable\\ +Deleting the WAN / WAN6 interfaces is compatible with having a GUEST network on your wireless AP. 
-  - Use the web interface to go to Network -> Interfaces and select the LAN interface.\\ +   
-  - Enter an IP address "next to" your main router on the field "IPv4 address". (If your main router has IP 192.168.1.1enter 192.168.1.2). Set DNS and gateway to point into your main router to enable internet access for the dumb AP itself \\ + To save resources on the wireless AP routerdisable unneeded services.  Navigate to //System -> Startup//.  Disable the services labeled //firewall//, //dnsmasq// and //odhcpd// (Perhaps ironicallyclick **Enable** to toggle.)  //Note even though these services are now disabled, after you flash a new image to the device they will be re-enabled.//  For a more permanent fix see [[#Disable Daemons Persistently]].\\ 
-  Then switch to "DHCP Server" tab (or scroll down in older versions, 18.06 and earlier, of Luci) and select the checkbox "Ignore interface: Disable DHCP for this interface."\\ + Optionallyremove or disable the //WAN// and //WAN6// interfaces.  On the //Network -> Interfaces// page**Edit** the //WAN// and //WAN6// interfaces to uncheck the //Bring up on boot// checkbox.  Or just delete the interfaces   \\ 
-  Click "IPv6 Settings" tab and set everything to "disabled".\\ + - //Note that by default OpenWrt does not enable wireless access.//  So, from a default installation, at the very least you will need to review the wireless SSIDs, enable wireless security, and then enable the wireless networks from the //Network -> Wireless// page
-  - Under "Physical Settings" tab, ensure "Bridge interfaces" is ticked, and ensure BOTH of your interfaces (eth0, wlan0) are selected, in order to allow traffic between wireless and wired connections.\\ +Click the //Save and Apply// button.\\
-  - In the top menu go to System -> Startup, and disable firewall, dnsmasq and odhcpd in the list of startup scripts.\\  +
-  - Click the Save and Apply button. Hard-Restart your router if you're not able to connect anymore.\\ +
-  Go to http://192.168.1.2 (or whatever address you specified) and check if the settings for the LAN interface are the same.\\ +
-  - Use an Ethernet to connect one of the LAN ports on your main router to one of the LAN/switch ports of your "new" dumb AP. (There's no need to connect the WAN port of the Dumb AP.) +
-  - You are done.\\+
  
 +Use an Ethernet cable to connect one of the LAN ports on your main router to one of the LAN ports (**not** the //WAN/////Internet// port) of the wireless AP router.
 +You may need to reboot or power cycle either or both routers, the device connecting your main router to the Internet, and potentially any connected devices.  In many cases this will not be necessary.
 +Done!\\
  
 ===== Configuration via OpenWrt command line tools ===== ===== Configuration via OpenWrt command line tools =====
Line 72: Line 143:
 </code> </code>
  
-Switch configuration on WR1043ND (barrier breaker):+Switch configuration on WR1043ND (barrier breaker).
  
 <code> <code>
Line 100: Line 171:
         option ifname   'eth0.1'               option ifname   'eth0.1'      
         option proto    'dhcp'         # Change as appropriate         option proto    'dhcp'         # Change as appropriate
 +</code>
 +
 +=== Switch and dedicated WAN devices post 21.01 ===
 +The syntax is slightly different for these devices. You will notice that there is a config device which lists the ethernet port(s) assigned to an interface (in this case the br-lan). It will also list the assigned port under the "list ports" clause. The gotcha here is that you must add a separate line for each "list ports" added to a device. If you try to add them to one "list ports" entry space or comma separated it will not work properly. Finally you can remove/comment out any WAN interface settings identical to the above entries.
 +<code>config device
 + option name 'br-lan'
 + option type 'bridge'
 + list ports 'eth0'
 + list ports 'eth1'
 +
 +config interface 'lan'
 + option device 'br-lan'
 + option proto 'static'
 + option netmask '255.255.255.0'
 + option ipaddr '192.168.1.1'
 </code> </code>
  
Line 154: Line 240:
 <code>/etc/init.d/firewall disable <code>/etc/init.d/firewall disable
 /etc/init.d/firewall stop</code> /etc/init.d/firewall stop</code>
 +
 +==== Step 6: Disable wpa_supplicant (if no STA WiFi interfaces) ====
 +
 +<code>rm /usr/sbin/wpa_supplicant</code>
  
 ===== Apply changes ===== ===== Apply changes =====
  
-Reloading the network config should be enough, it should automatically restart if necessary.+Reloading the network config should be enough, it should automatically restart if necessary. Or just reboot.
  
 <code>/etc/init.d/network reload</code> <code>/etc/init.d/network reload</code>
Line 173: Line 263:
 </code> </code>
  
-===== Multicast Forwarding =====+===== Disable Daemons Persistently ===== 
 +Note that although the start-up of daemons such as firewall, dnsmasq, wpa_supplicant and optionally odhcpd have been set to disabled, when a new image is flashed to the device, they will be re-enabled.  To work-around this, simply add the following to ''/etc/rc.local'' on the device: 
 +<code> 
 +# these services do not run on dumb APs 
 +for i in firewall dnsmasq odhcpd; do 
 +  if /etc/init.d/"$i" enabled; then 
 +    /etc/init.d/"$i" disable 
 +    /etc/init.d/"$i" stop 
 +  fi 
 +done 
 + 
 +rm /usr/sbin/wpa_supplicant 
 +</code> 
 + 
 +===== Populate Hostnames in Associated Stations ===== 
 +Dumb APs will not have the data to display hostnames of the associated devices.  Only MAC addresses are known to it.  Users wanting to see the corresponding hostnames in the Associated Stations display in LuCI can manually populate ''/etc/ethers'' on the dumb AP: 
 + 
 +On the router, one can extract this data with the following one-liner: 
 +<code> 
 +< dhcp.leases | awk '{print $2" "$4}' 
 +</code> 
 + 
 +See the following discussion threads for additional approaches: 
 +  * Using fping to populate ethers file: https://forum.openwrt.org/t/associated-stations-list-in-ap-how-to-show-host-names/63475/
 +  * An improved fping approach: https://forum.openwrt.org/t/second-device-not-getting-dns-entries-from-first-device-to-show-in-associated-stations/57005/14 
 +  * Propagating dhcp.leases to secondary (dumb) access points: https://forum.openwrt.org/t/associated-stations-making-hostnames-visible-across-multiple-aps/92593 
 + 
 + 
 +===== Multicast =====
  
-DLNA and UPnP clients and printer or SMB discovery protocols on LANs tend to work by using multicast packets. For example PS3xboxTVs and stereos use DLNA to detect, communicate with and stream audio/video over the network. By default on bridged interfaces on OpenWrt (at least tested in 18.x series) multicast snooping is turned off. This means all network interfaces connected to a bridge (such as a WiFi SSID and ethernet VLAN) will receive multicast packets as if they were broadcast packets.+DLNA and UPnP clientsand printer or SMB discovery protocols tend to work by using multicast packets. For example PlayStationXbox, and TVs use DLNA to detect, communicate with and stream audio/video over the network. By default on bridged interfaces on OpenWrt multicast snooping is turned off. This means all network interfaces connected to a bridge (such as a WiFi SSID and ethernet VLAN) will receive multicast packets as if they were broadcast packets.
  
 On WiFi the //slowest// modulation available is used for multicast packets (so that everyone can hear them). If you have "enabled legacy 802.11b rates" on your WiFi (Advanced settings checkbox in LuCI under the WiFi settings, or ''option legacy_rates '1''' in /etc/config/wireless file) then 1Mbps is the rate that will be used. This can completely use up the WiFi airtime with even fairly light multicast streaming.  On WiFi the //slowest// modulation available is used for multicast packets (so that everyone can hear them). If you have "enabled legacy 802.11b rates" on your WiFi (Advanced settings checkbox in LuCI under the WiFi settings, or ''option legacy_rates '1''' in /etc/config/wireless file) then 1Mbps is the rate that will be used. This can completely use up the WiFi airtime with even fairly light multicast streaming. 
Line 183: Line 301:
 ==== Notes: ==== ==== Notes: ====
  
-  * //The Dumb AP wireless can be configured to control access as Open/WPA/WPA2/etc. MAC-based access control is controlled by the main router.//+  * //Dumb AP wireless can be configured to control access as Open/WPA/WPA2/etc. MAC-based access control is controlled by the main router.//
   * //'Static DHCP' is not covered here: this procedure creates an AP that provides wired/wireless access and won't interfere with Static DHCP.//   * //'Static DHCP' is not covered here: this procedure creates an AP that provides wired/wireless access and won't interfere with Static DHCP.//
   * //This recipe is similar to the "Bridged AP" recipe at [[docs:guide-user:network:wifi:BridgedAP|Bridged AP]]. These pages should probably be merged.//   * //This recipe is similar to the "Bridged AP" recipe at [[docs:guide-user:network:wifi:BridgedAP|Bridged AP]]. These pages should probably be merged.//
   * //Firewall bridge mode support in OpenWrt is provided by the [[packages:pkgdata:kmod-br-netfilter|kmod-br-netfilter]] module.//   * //Firewall bridge mode support in OpenWrt is provided by the [[packages:pkgdata:kmod-br-netfilter|kmod-br-netfilter]] module.//
  
  • Last modified: 2024/06/24 11:04
  • by bluewavenet