This article may contain network configuration that is version dependent post 2021-06
More Information
Summary: This document describes how to create a Dumb Access Point (Dumb AP) that extends a network that already has a “main router”. It's called a “Dumb Access Point” because it does not provide routing or DHCP. Here are the basics of setting up any router (not just OpenWrt) to be a Dumb AP.
The result is a bridged LAN (no internal subnets) that will work fine for home and small networks. People can connect to the Dumb AP over Ethernet or Wi-Fi (using the configured SSID/password) and use to the existing network.
Note: The term “Dumb Access Point” appears to have originated in the Raspberry Pi world. From the perspective of a generic network engineer, the correct term would be “Wireless Access Point”. To quote linksys.com - “An access point connects to a wired router, switch, or hub via an Ethernet cable [or some other means], and projects a Wi-Fi signal to a designated area”. A router with a wireless interface would be called a “Wireless Router”.
Of course you can achieve this with using the web interface:
Once you have configured your wireless network with LUCI you can start configuring your dumb AP.
Disconnect the (soon-to-be) Dumb AP from your network, and connect your computer to it with an Ethernet cable.
Use the web interface to go to Network → Interfaces and select the LAN interface.
Enter an IP address “next to” your main router on the field “IPv4 address”. (If your main router has IP 192.168.1.1, enter 192.168.1.2). Set DNS and gateway to point into your main router to enable internet access for the dumb AP itself
Then switch to “DHCP Server” tab (or scroll down in older versions, 18.06 and earlier, of Luci) and select the checkbox “Ignore interface: Disable DHCP for this interface.”
Click “IPv6 Settings” tab and set everything to “disabled”.
Under “Physical Settings” tab, ensure “Bridge interfaces” is ticked, and ensure BOTH of your interfaces (eth0, wlan0) are selected, in order to allow traffic between wireless and wired connections.
In the top menu go to System → Startup, and disable firewall, dnsmasq and odhcpd in the list of startup scripts. It should be noted that even though they are disabled, flashing a new image to the device will re-enable them. One option is to add some code to /etc/rc.local to do this for you. See Disable Daemons Persistently.
Click the Save and Apply button. Hard-Restart your router if you're not able to connect anymore.
Go to http://192.168.1.2 (or whatever address you specified) and check if the settings for the LAN interface are the same.
Use an Ethernet to connect one of the LAN ports on your main router to one of the LAN/switch ports of your “new” dumb AP. (There's no need to connect the WAN port of the Dumb AP.) Since neither the WAN nor WAN6 interfaces will be used, edit each one and uncheck'bring up on boot' to disable them.
You are done.
Configuration via OpenWrt command line tools
The changes below assume an OpenWrt default configuration, the relevant files are:
Edit /etc/config/network and change the [interface](https://openwrt.org/docs/guide-user/base-system/basic-networking#interfaces "docs:guide-user:base-system:basic-networking") section:
For switch-less devices, e.g. Alix Board, wr1043nd v2
On switchless devices, simply bridge all ethernet interfaces together, remove the existing WAN interface - if any.
config interface lan
option type 'bridge'
option ifname 'eth0 eth1' # Bridges lan and wan
option proto 'dhcp' # Change as appropriate
For devices with switch and dedicated WAN, e.g. WNDR3700, WR1043ND v1, WR741ND v2.4
On devices with a separate WAN interface, bridge the LAN VLAN together with the WAN interface, remove the existing WAN interface - if any.
config interface lan
option type 'bridge'
option ifname 'eth0.1 eth1' # Bridges vlan 1 and wan
option proto 'dhcp' # Change as appropriate
Switch configuration on WR1043ND (barrier breaker):
config switch\_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 4 5t' # 1. add 0 in here
#config switch\_vlan # 2. comment out or delete the whole vlan 2 section
# option device 'switch0'
# option vlan '2'
# option ports '0 5t'
For devices with switch only, e.g. WRT54GL
On devices where WAN and LAN are separated by switch config, reconfigure the LAN VLAN to cover all ports, remove the existing WAN interface and its related VLAN - if any.
config switch\_vlan eth0\_1
option vlan '1'
option ports '0 1 2 3 4 5t' # Might vary depending on the device
config interface lan
option type 'bridge'
option ifname 'eth0.1'
option proto 'dhcp' # Change as appropriate
Edit /etc/config/wireless, and don't worry about most of it, things that might need changes are commented.
config 'wifi-device' 'radio0'
option type 'mac80211'
option channel '11'
option macaddr '12:e4:4a:b3:83:1a'
option htmode 'HT20'
list ht\_capab 'SHORT-GI-20'
list ht\_capab 'SHORT-GI-40'
list ht\_capab 'TX-STBC'
list ht\_capab 'RX-STBC1'
list ht\_capab 'DSSS\_CCK-40'
config 'wifi-iface'
option device 'radio0'
option network 'lan' # Set to the name of the bridged interface
option mode 'ap'
option ssid 'ap\_myaccesspoint'
option encryption 'psk2' # Change as appropriate
option key 'ap\_password'
If you still need dnsmasq running for something else (e.g. TFTP server) you can do:
uci set dhcp.lan.ignore=1
uci commit dhcp
/etc/init.d/dnsmasq restart
Reloading the network config should be enough, it should automatically restart if necessary.
/etc/init.d/network reload
If you would like your AP to receive IPv6 as a host only and not for routing you have to tell the DHCPv6 client not to request prefix delegation. If you do not do this the AP will reject basic IPv6 addresses. If you want to still be able to use IPv6 on the router itself change the wan6 to lan6 and @wan to @lan.
Note that although the start-up of daemons such as firewall, dnsmasq, and optionally odhcpd have been set to disabled, when a new image is flashed to the device, they will be re-enabled. To work-around this, simply add the following to /etc/rc.local on the device:
\# these services do not run on dumb APs
for i in firewall dnsmasq odhcpd; do
if /etc/init.d/"$i" enabled; then
/etc/init.d/"$i" disable
/etc/init.d/"$i" stop
fi
done
DLNA and UPnP clients and printer or SMB discovery protocols on LANs tend to work by using multicast packets. For example PS3, xbox, TVs and stereos use DLNA to detect, communicate with and stream audio/video over the network. By default on bridged interfaces on OpenWrt (at least tested in 18.x series) multicast snooping is turned off. This means all network interfaces connected to a bridge (such as a WiFi SSID and ethernet VLAN) will receive multicast packets as if they were broadcast packets.
On WiFi the slowest modulation available is used for multicast packets (so that everyone can hear them). If you have “enabled legacy 802.11b rates” on your WiFi (Advanced settings checkbox in LuCI under the WiFi settings, or option legacy_rates '1' in /etc/config/wireless file) then 1Mbps is the rate that will be used. This can completely use up the WiFi airtime with even fairly light multicast streaming.
There are two possible fixes for this, one is to enable multicast snooping: option igmp_snooping '1' under the appropriate /etc/config/network settings for the bridge. This will cause the bridge to forward only on bridge ports that have requested to receive the particular multicast group. On the other hand, if someone on WiFi requests the group, it will still flood the multicast there, and some people have reported problems with certain devices such as android phones and with ipv6 when igmp_snooping is enabled (requires further debugging to identify if there is really a problem or not). By disabling legacy 802.11b rates (option legacy_rates '0') you can at least force the use of 6Mbps or more on the WiFi multicast packets, and this opens up more airtime for other uses.
https://openwrt.org/docs/guide-user/network/wifi/dumbap
Notes:
The Dumb AP wireless can be configured to control access as Open/WPA/WPA2/etc. MAC-based access control is controlled by the main router.
'Static DHCP' is not covered here: this procedure creates an AP that provides wired/wireless access and won't interfere with Static DHCP.
This recipe is similar to the “Bridged AP” recipe at Bridged AP. These pages should probably be merged.
Firewall bridge mode support in OpenWrt is provided by the kmod-br-netfilter module.
This article may contain network configuration that is version dependent post 2021-06
More Information
Summary: This document describes how to create a Dumb Access Point (Dumb AP) that extends a network that already has a “main router”. It's called a “Dumb Access Point” because it does not provide routing or DHCP. Here are the basics of setting up any router (not just OpenWrt) to be a Dumb AP.
The result is a bridged LAN (no internal subnets) that will work fine for home and small networks. People can connect to the Dumb AP over Ethernet or Wi-Fi (using the configured SSID/password) and use to the existing network.
Note: The term “Dumb Access Point” appears to have originated in the Raspberry Pi world. From the perspective of a generic network engineer, the correct term would be “Wireless Access Point”. To quote linksys.com - “An access point connects to a wired router, switch, or hub via an Ethernet cable [or some other means], and projects a Wi-Fi signal to a designated area”. A router with a wireless interface would be called a “Wireless Router”.
Of course you can achieve this with using the web interface:
Once you have configured your wireless network with LUCI you can start configuring your dumb AP.
/etc/rc.localto do this for you. See Disable Daemons Persistently.Configuration via OpenWrt command line tools
The changes below assume an OpenWrt default configuration, the relevant files are:
Edit
/etc/config/networkand change the[interface](https://openwrt.org/docs/guide-user/base-system/basic-networking#interfaces "docs:guide-user:base-system:basic-networking")section:For switch-less devices, e.g. Alix Board, wr1043nd v2
On switchless devices, simply bridge all ethernet interfaces together, remove the existing WAN interface - if any.
For devices with switch and dedicated WAN, e.g. WNDR3700, WR1043ND v1, WR741ND v2.4
On devices with a separate WAN interface, bridge the LAN VLAN together with the WAN interface, remove the existing WAN interface - if any.
Switch configuration on WR1043ND (barrier breaker):
For devices with switch only, e.g. WRT54GL
On devices where WAN and LAN are separated by switch config, reconfigure the LAN VLAN to cover all ports, remove the existing WAN interface and its related VLAN - if any.
Edit
/etc/config/wireless, and don't worry about most of it, things that might need changes are commented.If you still need dnsmasq running for something else (e.g. TFTP server) you can do:
If not disable dnsmasq service:
Disable odhcpd with uci:
Or disable service:
Reloading the network config should be enough, it should automatically restart if necessary.
If you would like your AP to receive IPv6 as a host only and not for routing you have to tell the DHCPv6 client not to request prefix delegation. If you do not do this the AP will reject basic IPv6 addresses. If you want to still be able to use IPv6 on the router itself change the
wan6tolan6and@wanto@lan.Note that although the start-up of daemons such as firewall, dnsmasq, and optionally odhcpd have been set to disabled, when a new image is flashed to the device, they will be re-enabled. To work-around this, simply add the following to
/etc/rc.localon the device:DLNA and UPnP clients and printer or SMB discovery protocols on LANs tend to work by using multicast packets. For example PS3, xbox, TVs and stereos use DLNA to detect, communicate with and stream audio/video over the network. By default on bridged interfaces on OpenWrt (at least tested in 18.x series) multicast snooping is turned off. This means all network interfaces connected to a bridge (such as a WiFi SSID and ethernet VLAN) will receive multicast packets as if they were broadcast packets.
On WiFi the slowest modulation available is used for multicast packets (so that everyone can hear them). If you have “enabled legacy 802.11b rates” on your WiFi (Advanced settings checkbox in LuCI under the WiFi settings, or
option legacy_rates '1' in /etc/config/wireless file) then 1Mbps is the rate that will be used. This can completely use up the WiFi airtime with even fairly light multicast streaming.There are two possible fixes for this, one is to enable multicast snooping:
option igmp_snooping '1' under the appropriate /etc/config/network settings for the bridge. This will cause the bridge to forward only on bridge ports that have requested to receive the particular multicast group. On the other hand, if someone on WiFi requests the group, it will still flood the multicast there, and some people have reported problems with certain devices such as android phones and with ipv6 when igmp_snooping is enabled (requires further debugging to identify if there is really a problem or not). By disabling legacy 802.11b rates (option legacy_rates '0') you can at least force the use of 6Mbps or more on the WiFi multicast packets, and this opens up more airtime for other uses. https://openwrt.org/docs/guide-user/network/wifi/dumbapNotes: The Dumb AP wireless can be configured to control access as Open/WPA/WPA2/etc. MAC-based access control is controlled by the main router. 'Static DHCP' is not covered here: this procedure creates an AP that provides wired/wireless access and won't interfere with Static DHCP. This recipe is similar to the “Bridged AP” recipe at Bridged AP. These pages should probably be merged. Firewall bridge mode support in OpenWrt is provided by the kmod-br-netfilter module.