IoT Access Point

BlueChip · October 29, 2023, 12:54am

Hi,

I have a (kickstarted) Omnia running the latest firmware.

I’ve Just spent over an hour getting lost in the Luci interface and I think it’s time to admit defeat…

I want to create a new WiFi access point called “IoT_House”
…which will allow connections (eg. Shelly/Sonoff relays) on both 2.4 and 5 GHz (**later devices will also connect via Ethernet Port-1; but that is a future requirement)
…This AP will have its own IP range (192.168.99.0/24)
…Each client will be allocated a Static DHCP IP address (based on MAC) in the range 192.168.99.16-250
…Each client will be able to access [a] the internet, and [b] any client in the range 192.168.99.1-15 (ie. home automation servers) - but will NOT be able to see other IoT clients (1-15)
…ANY device on this network (192.168.99.0/24) can be accessed from ANY device on the ‘main’ (admin) network (172.16.16.0/24)
…CERTAIN devices on this network (eg. bathroom light) can be accessed from ANY device on the ‘guest’ network (10.10.10.0/24)

The “admin” and “guest” networks are already setup by Foris.

I figure I need to create an access point … bind it to the relevant interfaces (wifi now + lan1 later) … configure static DHCP … and set up a bunch of firewall rules for isolation/routing
…But how to actually achieve that using Luci (or worse still, by editing config files via SSH) is eluding me

I’m really hoping the community here can help me to get this working.

Thanks in advance for any advice,
BC

mattventura · October 29, 2023, 2:55am

In LuCI, you need to create another interface, and set it up with the IP range you want. Create a new firewall zone with the needed rules (e.g. can forward to WAN, can forward from main, etc), and add the new interface to that zone.

Then, make a new wireless interface with the desired SSID, and assign it to the interface, and enable “Client Isolation”.

Then, you can go through and add static DHCP and the custom firewall rules, but make sure everything works before you do all that.

BlueChip · November 8, 2023, 6:12pm

@mattventura
Sorry for the delay …I’ve been ill.

So: Luci → Interfaces → Add new interface :-
. Name: IoT
. Protocol: errr, “Static address” ?? …None of the others make sense in this scenario
. Device: The only “Wireless” options are the existing access points

That’s it - the only other button is “Create interface” …Nowhere to set CIDR mask or such

What am I missing?

mattventura · November 8, 2023, 6:20pm

Set it up similar to the LAN interface. Static address, with an address of 192.168.99.1, mask 255.255.255.0, and no gateway (since the router is the gateway).

You can leave the device unspecified, and assign it to the WLAN device after you create it.

BlueChip · November 10, 2023, 3:53pm

Hey @mattventura

Thanks for your input.

Sadly I am looking for guidance on the steps required to “Set up the wireless IoT network similar to the LAN interface, and specify an IP range” …I agree that (in broad and general terms) this is part of what I want to achieve [see OP] …But I don’t know what Luci screens I need to visit, in what order, and what to put in the various input fields to affect this outcome …Are you able to share this information in a way that I can recreate it?

BC

tac2 · November 10, 2023, 4:38pm

If you prefer learning by video point your browser to a search engine and search for “ openwrt iot wifi onemarkfifty” .
There is a two episode video walkthrough of areas you might be interested in.