User Tools

Site Tools


Dumb AP / Access Point Only

This document describes how to create an Access Point (AP) only. This AP allows users to connect over wireless or ethernet to the AP and an existing network. This means the AP is not routing, it provides no DHCP, and no other functions. This setup is needed when your network already has a router, access control and dhcp in place, and you'd like to use it.

From a user's point of view, it works like this:

  • Connect to the AP (in case of wireless WPA2 encrypted, hence a password is needed)
  • If the user's MAC matches a MAC in the list, it gets an appropriate IP and the user gets network access (possibly not the best way to control network access…)

'Static DHCP' is not covered here, all we do is creating an AP that provides WPA2 encrypted wireless access and doesn't interfere.

Note: This recipe results in a bridged LAN that will work fine for home and small networks. It is similar to the "Bridged AP" recipe at bridgedap. These pages should probably be merged.

Configuration via Web Interface LUCI

Of course you can achieve this with using the web interface:
Once you have configured your wireless network with LUCI you can start configuring your dumb AP.

  1. Go to Network → Interfaces and select the Lan interface.
  2. Set an IP next to your main router on the field "IPv4 address". (If your main router has IP set
  3. Then scroll down and select the checkbox "Ignore interface: Disable DHCP for this interface."
  4. In the top menu go to System, then Startup, disable Firewall in the list of startup scripts.
  5. Click the Save and Apply button. Hard-Restart your router if you're not able to connect anymore.
  6. Now connect to the new IP you have just specified( and check if the settings for the Lan interface are the same you set before.
  7. Now connect your main router to one of the switch ports of your "new" dumb AP and you are done.

Configuration via command line tools

The changes below assume an OpenWrt default configuration, the relevant files are:

Step 1: Modify the Network

Edit /etc/config/network and change the interface section:

For switch-less devices, e.g. Alix Board, wr1043nd v2

On switchless devices, simply bridge all ethernet interfaces together, remove the existing WAN interface - if any.

config interface lan
        option type     'bridge'
        option ifname   '**eth0 eth1**'   # Bridges lan and wan
        option proto    'dhcp'        # Change as appropriate

For devices with switch and dedicated WAN, e.g. WNDR3700, WR1043ND v1, WR741ND v2.4

On devices with a separate WAN interface, bridge the LAN VLAN together with the WAN interface, remove the existing WAN interface - if any.

config interface lan
        option type     'bridge'
        option ifname   '**eth0.1 eth1**'  # Bridges vlan 1 and wan
        option proto    'dhcp'         # Change as appropriat

Switch configuration on WR1043ND (barrier breaker):

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '**0** 1 2 3 4 5t'  # 1. add 0 in here

#config switch_vlan               # 2. comment out or delete the whole vlan 2 section
#       option device 'switch0'
#       option vlan '2'
#       option ports '0 5t'

For devices with switch only, e.g. WRT54GL

On devices where WAN and LAN are separated by switch config, reconfigure the LAN VLAN to cover all ports, remove the existing WAN interface and its related VLAN - if any.

config switch_vlan eth0_1
        option vlan     '1'
        option ports    '**0 1 2 3 4 5t**' # Might vary depending on the device

config interface lan
        option type     'bridge'
        option ifname   '**eth0.1**'      
        option proto    'dhcp'         # Change as appropriate

Step 2: Change the existing wireless network

Edit /etc/config/wireless, and don't worry about most of it, things that might need changes are commented.

config 'wifi-device' 'radio0'
        option type    'mac80211'
        option channel '11'
        option macaddr '12:e4:4a:b3:83:1a'
        option htmode  'HT20'
        list ht_capab  'SHORT-GI-20'
        list ht_capab  'SHORT-GI-40'
        list ht_capab  'TX-STBC'
        list ht_capab  'RX-STBC1'
        list ht_capab  'DSSS_CCK-40'

config 'wifi-iface'
        option device  'radio0'
        option network '**lan**'  # Set to the name of the bridged interface
        option mode    'ap'
        option ssid    'ap_myaccesspoint'
        option encryption '**psk2**'  # Change as appropriate
        **option key     'ap_password'**

Step 3: Disable DHCP Server

If you still need dnsmasq running for something else (e.g. TFTP server) you can do:

uci set dhcp.lan.ignore=1
uci commit dhcp
/etc/init.d/dnsmasq restart

Step 4: Disable Firewall

/etc/init.d/firewall disable
/etc/init.d/firewall stop

Apply changes

Reloading the network config should be enough, it should automatically restart if necessary.

/etc/init.d/network reload


If you would like your AP to receive IPv6 as a host only and not for routing you have to tell dhcp6c not to request prefix deligation. If you do not do this the AP will reject basic IPv6 addresses. If you want to still be able to use ipv6 on the Router itself change the wan6 to lan6 and @wan to @lan

config interface 'lan6'
	option proto 'dhcpv6'
	option ifname '@lan'
	option reqprefix no

Multicast Forwarding

Multicast forwarding is necessary for DLNA and UPnP clients to work properly. For example PS3, xbox, TVs and stereos use DLNA to detect, communicate with and stream audio/video over the network. Since multicasting is turned off (multicast snooping is turned on) by default in newer OpenWrt releases, it must be activated. This would forward any multicast packets to all ports allowing your TV to find your DLNA capable NAS with movies. In large networks, this could cause some overhead which may not be desirable.

Add this into /etc/rc.local

echo "0" > /sys/devices/virtual/net/br-lan/bridge/multicast_snooping
Replace br-lan with your actual bridge interface, sometimes also called br0.

This will forward all multicast packets to all ports on your bridge, making igmpproxy or udpxy proxies unnecessary.

doc/recipes/dumbap.txt · Last modified: 2017/09/13 18:51 by tmomas