This page is not fully translated, yet. Please help completing the translation.
(remove this paragraph once the translation is finished)
无线接入点 / 哑接入点
请注意 “哑接入点”这个说法源自树莓派的世界。由一个普通网络工程师看来,确切的词汇应该是“无线接入点”。如linksys.com所述 - “接入点用以太网线[或别的类似介质]连接至有线路由、交换机或集线器,并为指定区域提供无线信号。而具有无线接口的路由器应当称为“无线路由”。
摘要: 本文记录了如何为一个已有“主路由”的网络创建扩展哑接入点(哑AP) 。之所以称它为“哑接入点”,是因为它既不提供路由,也不提供DHCP或DNS服务,这些功能是由其接入的主路由提供。
一般情况下,这样做是为已有网络扩展无线覆盖范围:覆盖另一个楼层或消除无线死点。也可以用无线AP达成同样的目的。您可以把这种拓扑结构想成“菊花链”的实现。
这种部署的结果是成为一个无内部子网的桥接LAN。接入任一路由的设备之间都是互相可见的,并经由主路由接入因特网。这种设置在小型办公场所或家庭网络中可以很好的工作。但大一点的网络中,最好使用更加细致的部署方式。
使用OpenWrt的Web界面LUCI进行配置
本说明已更新至2021年10月15日,与OpenWrt 21.01.0版本的界面保持一致。 由于v21版本的界面与前序版本有较大差异,我们会尽量涵盖这些差异点,但无法保证绝对一致。
本设置需要两个路由、一部带有网口的电脑和一条网线。我们将路由分为主路由和无线AP路由并均以默认配置开始。主路由应当已经配置完毕并连接至因特网。
- 将无线AP路由自网络断开,用网线连接至电脑。不要 使用路由的Internet/WAN口。
- 在电脑上打开浏览器,并访问192.168.1.1上的LuCI界面。登录。 如有必要,更改admin密码。
- 浏览Network → Interfaces点击LAN接口的编辑按钮。确认目前在一般设置标签页。
- 为无线路由配置成您的主路由IP的下一个IP。 默认情况下,您主路由的地址为192.168.1.1,所以您可以使用诸如192.168.1.2。(此地址应当与主路由位于同一子网,但应避开DHCP分发的范围。默认情况下无线AP路由的可选地址范围在192.168.1.2至192.168.1.100)
- 保存并应用新IP地址,并重新用浏览器访问。确认您使用了前一步骤设定的IP地址进行访问(比如说192.168.1.2。) 。之所以这样做,是因为在下一步,我们需要把网关设置成指向主路由,而当无线AP路由使用192.168.1.1的时候,LuCI是无法将网关修改成这个地址的。现在,回到Network → Interfaces,编辑 LAN接口, 一般设置标签页.
- 将IPv4网关指向您的主路由,默认是192.168.1.1,这将无线AP路由设置为通过主路由访问因特网。
- 使用主路由作为DNS。同一页面的高级设置标签页。在Use custom DNS servers框里输入您主路由的IP,并点击+。
- 使用主路由作为DHCP服务器。同一页面的DHCP Server标签页。应该在General Setup子标签下。(在18.06及之前的LuCI版本上,没有这个标签,您需要将页面下滑。) 确认Ignore interface复选框已经勾选。
- 禁用IPv6 DHCP。 同一页面,也在DHCP Server标签页,在IPv6 Settings子标签下。设置RA-Service,DHCPv6-Service,和NDP-Proxy下拉菜单设置为禁用。
- 在21.02.0之前的OpenWrt版本上: 在”Physical Settings“标签页下,确认”Bridge interfaces“已勾选,并确认两个接口(eth0, wlan0)均被选中,以允许无线和有线连接之间的传输。
- 为节约无线AP路由资源期间,禁用一些已经不需要的服务。浏览System → Startup。禁用以下服务:firewall,dnsmasq和odhcpd。 (搞笑的是,您需要点击启用按钮来关闭。) 需要注意的是,尽管这些服务当下被禁用了,但刷了新固件之后,这些服务又会重新启用。 为了一劳永逸,清参阅Disable Daemons Persistently.
- 可选步骤:移除或禁用WAN和WAN6接口。在Network → Interfaces页面,编辑WAN和WAN6接口,去掉Bring up on boot勾选。或直接删掉这两个接口。
- 请注意,默认情况下OpenWrt没有启用无线访问。所以,在默认安装下,最后您需要检查无线接入点设置,启用无线安全,并在Network → Wireless启用无线网络。
- 点击保存并启用按钮。
- 用网线连接主路由的LAN插口和无线AP路由的LAN插口(不是WAN/或者Internet插口)。
- 您可能需要重启您的两个路由以及通过主路由上网的设备。或其它连接设备。 但大多数情况下,这不是必须的。
- 大功告成!
Configuration via OpenWrt command line tools
The changes below assume an OpenWrt default configuration, the relevant files are:
Step 1: Modify the Network
Edit /etc/config/network
and change the interface
section:
For switch-less devices, e.g. Alix Board, wr1043nd v2
On switchless devices, simply bridge all ethernet interfaces together, remove the existing WAN interface - if any.
config interface lan option type 'bridge' option ifname 'eth0 eth1' # Bridges lan and wan option proto 'dhcp' # Change as appropriate
For devices with switch and dedicated WAN, e.g. WNDR3700, WR1043ND v1, WR741ND v2.4
On devices with a separate WAN interface, bridge the LAN VLAN together with the WAN interface, remove the existing WAN interface - if any.
config interface lan option type 'bridge' option ifname 'eth0.1 eth1' # Bridges vlan 1 and wan option proto 'dhcp' # Change as appropriate
Switch configuration on WR1043ND (barrier breaker):
config switch_vlan option device 'switch0' option vlan '1' option ports '0 1 2 3 4 5t' # 1. add 0 in here #config switch_vlan # 2. comment out or delete the whole vlan 2 section # option device 'switch0' # option vlan '2' # option ports '0 5t'
For devices with switch only, e.g. WRT54GL
On devices where WAN and LAN are separated by switch config, reconfigure the LAN VLAN to cover all ports, remove the existing WAN interface and its related VLAN - if any.
config switch_vlan eth0_1 option vlan '1' option ports '0 1 2 3 4 5t' # Might vary depending on the device config interface lan option type 'bridge' option ifname 'eth0.1' option proto 'dhcp' # Change as appropriate
Step 2: Change the existing wireless network
Edit /etc/config/wireless
, and don't worry about most of it, things that might need changes are commented.
config 'wifi-device' 'radio0' option type 'mac80211' option channel '11' option macaddr '12:e4:4a:b3:83:1a' option htmode 'HT20' list ht_capab 'SHORT-GI-20' list ht_capab 'SHORT-GI-40' list ht_capab 'TX-STBC' list ht_capab 'RX-STBC1' list ht_capab 'DSSS_CCK-40' config 'wifi-iface' option device 'radio0' option network 'lan' # Set to the name of the bridged interface option mode 'ap' option ssid 'ap_myaccesspoint' option encryption 'psk2' # Change as appropriate option key 'ap_password'
Step 3: Disable DHCP Server
If you still need dnsmasq running for something else (e.g. TFTP server) you can do:
uci set dhcp.lan.ignore=1 uci commit dhcp /etc/init.d/dnsmasq restart
If not disable dnsmasq service:
/etc/init.d/dnsmasq disable /etc/init.d/dnsmasq stop
Step 4: Disable DHCPv6 Server
Disable odhcpd with uci:
uci set dhcp.lan.dhcpv6=disabled uci set dhcp.lan.ra=disabled uci commit
Or disable service:
/etc/init.d/odhcpd disable /etc/init.d/odhcpd stop
Step 5: Disable Firewall
/etc/init.d/firewall disable /etc/init.d/firewall stop
Apply changes
Reloading the network config should be enough, it should automatically restart if necessary.
/etc/init.d/network reload
IPv6
If you would like your AP to receive IPv6 as a host only and not for routing you have to tell the DHCPv6 client not to request prefix delegation.
If you do not do this the AP will reject basic IPv6 addresses.
If you want to still be able to use IPv6 on the router itself change the wan6
to lan6
and @wan
to @lan
.
config interface 'lan6' option proto 'dhcpv6' option ifname '@lan' option reqprefix 'no'
Disable Daemons Persistently
Note that although the start-up of daemons such as firewall, dnsmasq, and optionally odhcpd have been set to disabled, when a new image is flashed to the device, they will be re-enabled. To work-around this, simply add the following to /etc/rc.local
on the device:
# these services do not run on dumb APs for i in firewall dnsmasq odhcpd; do if /etc/init.d/"$i" enabled; then /etc/init.d/"$i" disable /etc/init.d/"$i" stop fi done
Multicast Forwarding
DLNA and UPnP clients and printer or SMB discovery protocols on LANs tend to work by using multicast packets. For example PS3, xbox, TVs and stereos use DLNA to detect, communicate with and stream audio/video over the network. By default on bridged interfaces on OpenWrt (at least tested in 18.x series) multicast snooping is turned off. This means all network interfaces connected to a bridge (such as a WiFi SSID and ethernet VLAN) will receive multicast packets as if they were broadcast packets.
On WiFi the slowest modulation available is used for multicast packets (so that everyone can hear them). If you have “enabled legacy 802.11b rates” on your WiFi (Advanced settings checkbox in LuCI under the WiFi settings, or option legacy_rates '1
' in /etc/config/wireless file) then 1Mbps is the rate that will be used. This can completely use up the WiFi airtime with even fairly light multicast streaming.
There are two possible fixes for this, one is to enable multicast snooping: option igmp_snooping '1
' under the appropriate /etc/config/network settings for the bridge. This will cause the bridge to forward only on bridge ports that have requested to receive the particular multicast group. On the other hand, if someone on WiFi requests the group, it will still flood the multicast there, and some people have reported problems with certain devices such as android phones and with ipv6 when igmp_snooping is enabled (requires further debugging to identify if there is really a problem or not). By disabling legacy 802.11b rates (option legacy_rates '0
') you can at least force the use of 6Mbps or more on the WiFi multicast packets, and this opens up more airtime for other uses.
Notes:
- The Dumb AP wireless can be configured to control access as Open/WPA/WPA2/etc. MAC-based access control is controlled by the main router.
- 'Static DHCP' is not covered here: this procedure creates an AP that provides wired/wireless access and won't interfere with Static DHCP.
- This recipe is similar to the “Bridged AP” recipe at Bridged AP. These pages should probably be merged.
- Firewall bridge mode support in OpenWrt is provided by the kmod-br-netfilter module.