802.11s with two separated Wifi networks

Hello,

I want to realise the following scenario:

I have an OpenWrt Router (Archer C7 v2) that delivers two Wifi networks:
HOME (192.168.1.254/24) and GUEST (192.168.2.254/24).

HOME belongs to the main network with the internet gateway + DHCP server (192.168.1.1) and DNS (192.168.1.2).
GUEST is only reachable over Wifi and the routing and firewaling is done in the OpenWrt router.
The router uses the internal DHCP server for GUEST Wifi.

This works without problems.

Now I want to extend the Wifi range with additional OpenWrt devices.
I was able to do this with the HOME network and 802.11s mesh nodes but it seems problematic to route GUEST over the same mesh.

What is the easyest working solution to realize this?

Uwe

Hi.
Create a new firewall zone GUEST, allow forward to WAN.
Create a new interface GUEST, static IP, and specify gateway as the router itself. setup a new DHCP server for it.
Create new wireless mesh GUEST and assign it to the GUEST interface.
You must also do the same on the AP, without the DHCP server of course.
On the AP, setup an wireless network, and assign it to the GUEST firewall zone.

You mean, I should add a second mesh network only for GUEST?
Both Wifi networks (HOME and GUEST) must use the same 2.4GHz channel.

I will test this

Uwe

Oh ? You have HOME computers also on the AP ? I was assuming the AP was only for the GUEST.
I agree that two mesh networks may be too much,
Have you consider using wires to connect AP to router ? If so the answer is to use VLAN to separate traffics.

Adding a second mesh doesnt work. The radio stops working.
It looks like Archer C7 v2 with OpenWrt 19.07.8 can handle only one Mesh Wifi interface per radio.

Uwe

I dont want to use wires.
Is it possible to use VLAN only for Wifi?
How do I terminate VLANs on the main AP?

Uwe

Ok so two wifi accesspoints to route over a single mesh ?

• create a HOME wifi network assign to the HOME firewall zone
• create a GUEST wifi network assign to the GUEST firewall zone
• create a mesh wifi network and assign it both to the HOME and GUEST

On the router :

• mesh assigned to both HOME and GUEST
• wifi networks if needed

This is an idea, I have never met such case nor experiment it. Try and see if it works. Check if you can see HOME from GUEST and reverse (you shouldn't).

Yes I want to use two (or three) AP with two SSIDs (for HOME and GUEST).
When I bridge mesh with HOME and GUEST both networks can reach each other.
This is not what I want.

Uwe

Agreed.
This is over my abilities.
Try this ?

I guess what you need is Batman: https://openwrt.org/docs/guide-user/network/wifi/mesh/batman

With batman you can create a new interface bat0 and then add VLANs bat0.123 etc to it. After that you can bridge the batman VLANs with the appropriate wifi networks.

@uweklatt Also using batman here. So one 5Ghz (fast) mesh backhaul ssid interconnects both APs and is able to give the "only wireless" AP access to many VLANs. the Second AP can then bridge the bat0.x vlan if to new AP ssids , preferably on 2.4 ghz radio.

Ok, I have noted that Batman is a possible solition. I will try it...

Thank you everybody so far

Uwe

Here are some useful example configs of mine : BATADV (mesh) the best decision? - #8 by Catfriend1

For the second "only wireless AP" I'd also recommend [HowTo/batman-adv] Bring AP SSIDs down if mesh backhaul gets disconnected

You're lucky, for the Archer I've made an image inluding batman-adv : State of TP-Link Archer C7v2|v5 in 2021

Can you kindly post your config if you succeed? I'm also trying to achieve the same thing but don't understand the VLAN part, especially with DSA.