This translation is older than the original page and might be outdated. See what has changed.

FIXME This page is not fully translated, yet. Please help completing the translation.
(remove this paragraph once the translation is finished)

无线接入点 / 哑接入点 / 哑AP

请注意 “哑接入点”这个说法源自树莓派的世界。由一个普通网络工程师看来,确切的词汇应该是“无线接入点”。如linksys.com所述 - “接入点用以太网线[或别的类似介质]连接至有线路由、交换机或集线器,并为指定区域提供无线信号。而具有无线接口的路由器应当称为“无线路由”。

摘要: 本文记录了如何为一个已有“主路由”的网络创建扩展哑接入点(哑AP) 。之所以称它为“哑接入点”,是因为它既不提供路由,也不提供DHCP功能。以下即为将一个路由(不仅指OpenWrt)设置为哑AP的流程:

  • 用网线将哑AP的LAN端口连接至主路由的LAN端口。(对 - LAN-到-LAN - 用不到哑AP的WAN端口。)
  • 为哑AP的LAN端口配置一个在主路由LAN地址范围内的静态地址。比如:如果主路由的LAN是192.168.1.1,则将哑AP的LAN端口设置为192.168.1.2
  • 将DNS服务器和网关地址设置为主路由的地址(本例中为192.168.1.1)
  • 关闭哑AP中的防火墙和DHCP&DNS服务(dnsmasq)
  • 在哑AP上设置SSID、密码等
  • 重启哑AP

由此创建一个桥接LAN(无内部子网),它将在家庭或小网络的环境中工作的很好。 用户可以用网线或Wi-Fi(用设置的SSID/密码)接入哑AP,以使用当前网络。


  1. 从网络中断开您的哑AP(即将成为),用网线把您的电脑连上。
  2. 打开web界面,至网络→接口,并选择LAN接口。
  3. 在“IPv4地址”输入框中输入一个您的主路由IP的下一个IP。(如果您的主路由IP是192.168.1.1,输入192.168.1.2)。将DNS和网关指向您的主路由以为哑AP自己开启因特网访问。
  4. 然后切换至“DHCP服务器”标签页(如果使用的是18.06或更老的Luci版本,则要下滚页面),钩上”忽略接口:在此接口禁用DHCP“的检查框
  5. 点击“IPv6设置”标签页并禁用所有项目。
  6. 在“物理设置”标签页,确保钩上了“桥接接口”,并确保两个接口(eth0, wlan0)都是选中状态,以允许无线到有线连接的数据传输。
  7. 在顶菜单上导航至系统→ 启动,在启动脚本中禁用防火墙、dnsmasq和odhcpd。
  8. 点击保存并应用按钮。如果连接断了,则需要硬重启您的路由。
  9. 访问http:// (或者您指定的别的地址)。检查LAN接口的设置是不是一样的。
  10. 用网线连您主路由的LAN端口和您“新”哑AP的LAN/交换机端口。(毋需连接哑AP的WAN端口)
  11. 大功告成

The changes below assume an OpenWrt default configuration, the relevant files are:

Edit /etc/config/network and change the interface section:

For switch-less devices, e.g. Alix Board, wr1043nd v2

On switchless devices, simply bridge all ethernet interfaces together, remove the existing WAN interface - if any.

config interface lan
        option type     'bridge'
        option ifname   'eth0 eth1'   # Bridges lan and wan
        option proto    'dhcp'        # Change as appropriate

For devices with switch and dedicated WAN, e.g. WNDR3700, WR1043ND v1, WR741ND v2.4

On devices with a separate WAN interface, bridge the LAN VLAN together with the WAN interface, remove the existing WAN interface - if any.

config interface lan
        option type     'bridge'
        option ifname   'eth0.1 eth1'  # Bridges vlan 1 and wan
        option proto    'dhcp'         # Change as appropriate

Switch configuration on WR1043ND (barrier breaker):

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 4 5t'  # 1. add 0 in here

#config switch_vlan               # 2. comment out or delete the whole vlan 2 section
#       option device 'switch0'
#       option vlan '2'
#       option ports '0 5t'

For devices with switch only, e.g. WRT54GL

On devices where WAN and LAN are separated by switch config, reconfigure the LAN VLAN to cover all ports, remove the existing WAN interface and its related VLAN - if any.

config switch_vlan eth0_1
        option vlan     '1'
        option ports    '0 1 2 3 4 5t' # Might vary depending on the device

config interface lan
        option type     'bridge'
        option ifname   'eth0.1'      
        option proto    'dhcp'         # Change as appropriate

Edit /etc/config/wireless, and don't worry about most of it, things that might need changes are commented.

config 'wifi-device' 'radio0'
        option type    'mac80211'
        option channel '11'
        option macaddr '12:e4:4a:b3:83:1a'
        option htmode  'HT20'
        list ht_capab  'SHORT-GI-20'
        list ht_capab  'SHORT-GI-40'
        list ht_capab  'TX-STBC'
        list ht_capab  'RX-STBC1'
        list ht_capab  'DSSS_CCK-40'

config 'wifi-iface'
        option device  'radio0'
        option network 'lan'  # Set to the name of the bridged interface
        option mode    'ap'
        option ssid    'ap_myaccesspoint'
        option encryption 'psk2'  # Change as appropriate
        option key     'ap_password'

If you still need dnsmasq running for something else (e.g. TFTP server) you can do:

uci set dhcp.lan.ignore=1
uci commit dhcp
/etc/init.d/dnsmasq restart

If not disable dnsmasq service:

/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

Disable odhcpd with uci:

uci set dhcp.lan.dhcpv6=disabled
uci set dhcp.lan.ra=disabled
uci commit

Or disable service:

/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop
/etc/init.d/firewall disable
/etc/init.d/firewall stop

Reloading the network config should be enough, it should automatically restart if necessary.

/etc/init.d/network reload

If you would like your AP to receive IPv6 as a host only and not for routing you have to tell the DHCPv6 client not to request prefix delegation. If you do not do this the AP will reject basic IPv6 addresses. If you want to still be able to use IPv6 on the router itself change the wan6 to lan6 and @wan to @lan.

config interface 'lan6'
	option proto 'dhcpv6'
	option ifname '@lan'
	option reqprefix 'no'

DLNA and UPnP clients and printer or SMB discovery protocols on LANs tend to work by using multicast packets. For example PS3, xbox, TVs and stereos use DLNA to detect, communicate with and stream audio/video over the network. By default on bridged interfaces on OpenWrt (at least tested in 18.x series) multicast snooping is turned off. This means all network interfaces connected to a bridge (such as a WiFi SSID and ethernet VLAN) will receive multicast packets as if they were broadcast packets.

On WiFi the slowest modulation available is used for multicast packets (so that everyone can hear them). If you have “enabled legacy 802.11b rates” on your WiFi (Advanced settings checkbox in LuCI under the WiFi settings, or option legacy_rates '1' in /etc/config/wireless file) then 1Mbps is the rate that will be used. This can completely use up the WiFi airtime with even fairly light multicast streaming.

There are two possible fixes for this, one is to enable multicast snooping: option igmp_snooping '1' under the appropriate /etc/config/network settings for the bridge. This will cause the bridge to forward only on bridge ports that have requested to receive the particular multicast group. On the other hand, if someone on WiFi requests the group, it will still flood the multicast there, and some people have reported problems with certain devices such as android phones and with ipv6 when igmp_snooping is enabled (requires further debugging to identify if there is really a problem or not). By disabling legacy 802.11b rates (option legacy_rates '0') you can at least force the use of 6Mbps or more on the WiFi multicast packets, and this opens up more airtime for other uses.

  • The Dumb AP wireless can be configured to control access as Open/WPA/WPA2/etc. MAC-based access control is controlled by the main router.
  • 'Static DHCP' is not covered here: this procedure creates an AP that provides wired/wireless access and won't interfere with Static DHCP.
  • This recipe is similar to the “Bridged AP” recipe at Bridged AP. These pages should probably be merged.
  • Firewall bridge mode support in OpenWrt is provided by the kmod-br-netfilter module.
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/07/24 01:47
  • by someothertime