Access point as DHCP server

[nemesus]

Hi,

I have a Huawei B315 router (telkom Lte), and a TP link TL-WA830RE set up as Access Point.
The TP link is connected to the Huawei via LAN cable.

My Huawei is currently the DHCP server (DHCP is disabled on the TP Link)

However, I would prefer to have the TP Link as my DHCP server - the reason for this is because the TP link has the option to do address reservation, so with it I could add MAC addresses and reserve specific IP's for them.

** I run a plex media server, and I want to add certain IP's to access it without auth (in case internet goes offline). I dont want to give an entire subnet access without auth, single ip's are more secure. Currently the only way I can achieve this is to assign static ip's to my plex devices and adding these ip's in plex's settings... Reserving MAC's on DHCP is so much easier

I have tried disabling DHCP on the Huawei and at the same time enabling it on the TP link - but this didnt work...

Is this possible and can someone give some guidance please?

Thanks!

 

[sajunky]

Important: How do you connect routers - B315s LAN port to TP-link LAN port?
I assume the above, but please note to not use LAN/WAN port (#4) on the B315s, as it might confuse router thinking it is a WAN connection. You can use this port as long you configure it manually to work as a LAN port, default is automatic.

Once the above is clear, things are very simple. Configure LAN interface IP address on both routers to be in the same subnet, but unique. By example keep default B315s IP 192.168.8.1 and change TP-link to 192.168.8.2. Disable DHCP on B315s and enable on TP-link as you decided and there is no more adjustment required on the B315s side. On the TP-Link side DHCP range must be outside of these above addresses, lets set it from 192.168.8.100 to 150. For passing correctly default gateway parameter to the DHCP clients, TP-link has to know that B315s IP address is the right one. This may be tricky, but is required for accessing Internet. I don't know TP-link, it may pick up automatically if B315s is powered on first and already connected to the Internet. If it is not a case, you must define default gateway address on each client.

If you are planning to do some routing on the TP-link, then say so, a different connection is requred. This one is very simple but TP-link is degraded to work as an ordinary network switch.

 

[nemesus]

Hi, correct - they are connected via LAN ports. (and not port 4/WAN on the Huawei)

I did configure it as above, but for some reason only the wireless clients in the range of the TP link gets assigned an IP (and internet etc works) but the ones in range or connected to the Huawei does not get an IP... Almost (guessing / assuming) as if the Huawei blocks the port when it's connected device searches for a DHCP server on the network. I disabled the Firewall on the Huawei but that didnt make a difference.

 

[sajunky]

It explains why on the B315s DHCP server settings is located in the WiFi section, not in a common LAN section. You are the first reporting this 'feature'. Which firmware version? Did you test whether Huawei wired clients do receive IP address? Finally, can you ping 192.168.8.2 from Huawei side (wireless and wired clients)?

 

[irBosOtter]

If you can't specify a gateway IP in the DHCP settings on the TP link then it will probably not work. Sometimes the routers will automatically give out it's IP as the Gateway, but in this case the gateway IP must be your Huawei IP

 

[nemesus]

Hi

@sajunky - My Huawei router has the following firmware (latest one from Telkom which allows manual selection of 2300 frequency):
Hardware version: WL1B310TM02
Software version: 21.321.03.00.372

The Huawei wired clients also does not obtain IP from DHCP server (tp link) - only static IP works.
Can ping tp link from wired clients, but only if they have static ip.
Can also ping Huawei from the TP Link.

@irBosOtter - on the TP link I can specify gateway, dns's etc - which I did and the gateway is pointing to the Huawei's IP.

As mentioned before - if I disable DHCP on Huawei and enable it on the Tp Link, then devices connected to the TP link gets an IP from its DHCP but devices connected to the Huawei does not get an IP from the DHCP (tp link via lan cable)

I suspect that the Huawei by default blocks DHCP traffic through its lan ports..? however, when my setup is Huawei = DHCP on / TP Link DHCP off, then devices connected to either one will get an IP (from the Huawei).

What is the significance of WAN port 4 on the Huawei? Should I not perhaps link the access point on this lan port?

 

[sajunky]

The Huawei wired clients also does not obtain IP from DHCP server (tp link) - only static IP works.
Can ping tp link from wired clients, but only if they have static ip.
Can also ping Huawei from the TP Link.

This is obvious, sorry I should mention that. Device must have proper IP address assigned, otherwise adapter interface is not properly initialized - it won't ping at all.

I asked this question, as I was suspecting that TP-link would automatically activate WAN interface on the port connected to Huawei, but it seems to be not the case, as devices can ping indeed. Most probably but not conclusive as I made assumption that WAN ping port is closed on the TP-link, I should ask this question, sorry.

Problem is probably very plain and stupid, as usual. I asked you to power-on LTE router before TP-link and it is a reason. Device is searching for DHCP server and it is not available at the moment, so it fails. Mea culpa - tough weekend.

Device with DHCP server must be powered-on first (TP-link), then all devices should receive IP address, end of the story.

 

[SauRoNZA]

I think you are unnecessarily over thinking this.

Firstly why do you want to secure your network? It's your network after all, do you have random people accessing it?

Beyond that what is there really to secure on a Plex Server?

Secondly DHCP reservation doesn't add any security. If anyone with even intentions were on your network they would simply use a static IP and bypass your "security".

****

Sounds like the Huawei wants you to configure a DHCP server. Look for a DHCP relay option or DHCP Server field and enter the TP-LINK IP there.

You haven't maybe already blocked via DHCP Reservation and forgot to add the Huawei?

 

[nemesus]

@sajunky - will try to start TP link first and then Huaweii and check if that resolves the issue... If not, I will just stick by using static IP's on my plex devices. Thanks for all your advise thus far.

@SauRoNZA - Maybe you misunderstood the reason in my first post
Like I mentioned, I run a Plex Media server.
Multiple devices on my network access this media server. Access to Plex is granted via username & password authentication, and by default Plex requires a working internet connection to validate the user which is trying to auth to the local media server...
In other words, if your internet connection goes down - you are screwed and cannot watch anything on plex even though everything is on your LAN.
Plex has a bypass for this - you can add individual IP addresses or an entire subnet to be able to login without "online" authentication / user validation. It is this part I want to make the maintenance of these IP's easier for myself...
And I thought I would do this be keeping all my devices set to DHCP, and just reserving specific MAC's (Plex devices) to specific IP's and then load those IP's in Plex's "bypass" settings.
The alternative is to set static IP's on each of the Plex devices (pc's / cellphones / tablets / smart tv's), and the load the same... This is just a very manual process maintaining multiple devGoing forward and not having to search / run after devices and configure them, its just easier to do it in one place - ie the AP which supports address reservation.

And yes - I dont want anyone connected to my subnet to have access to my plex media server without auth... As we all do, some friends and family has access to my wifi when they come visit - so I would like to protect my plex content. Adding specific IP's in the "bypass" list is the most secure option.

 

[SauRoNZA]

I run Plex myself and know all about that.

I still don't see it as any form of security of necessary.

Just open the entire subnet and be done with it.

But if you like making life hard for no good reason at all really...sure struggle away.

 

[sajunky]

My suggestion should work, but let me make a comment to this:

And yes - I dont want anyone connected to my subnet to have access to my plex media server without auth... As we all do, some friends and family has access to my wifi when they come visit - so I would like to protect my plex content. Adding specific IP's in the "bypass" list is the most secure option.

I think it is quite a common requirement. You want to have a 'guest' wireless network with free access to the Internet, but not to the devices on your local LAN. Create a second SSID on TP-link and use "WiFi separation" option for this SSID. The same you could do on Huawei if this stupid device had such option, so your guests will be limited to the TP-link WiFi, but it is a simple solution. Businnes grade routers/switches also have VLAN options for even more flexibility.