wf1nder
November 12, 2021, 7:04am
4648
Hi!
I installed the latest firmware (8cddba9) from robimarko (to whom many thanks for his efforts!), and encountered a strange problem, it seems, with ARP or smth like this. I haven't tried the previous versions btw.
I have 2 access points on the same LAN, in a common l2-domain. The second is the AX3600, which I testing.
If I reconnect client to the AX3600 again (just turn off and on Wi-Fi on laptop or phone), everything works immediately.
I tried to replace AX3600 with another AP (the third device is at my disposal), everything works fine everytime, so somehow the problem is related with AX3600.
Any idea what the reason might be?
Hi,
Just a dumb question: is current OpenWRT port stable enough for AX3600 to be used as a dumb AP in 5GHz .ax only? So no routing/NAT/firewall or anything, just a bridge between LAN/WLAN?
Sylvan
November 12, 2021, 7:45am
4650
Thank goodness someone else has this problem - I thought it was a very special one just for me.
My description of the problem can be found here .
Baden
November 12, 2021, 9:18am
4651
The same with me: 5 GHz WLAN and 2.4 GHZ WLAN are present. With my PC (near of the AX 3600) the connection is stable und speed is good. With my IPhone I can connect with the wlan, but the internet connection is not stable.
I use the AX 3600 as stupid AP, LAN with static IP und deactivated DHCP, die Clients get their IP Configuration from the DHCP of the mainrouter (FritzBox)
dchard
November 12, 2021, 10:07am
4652
These issues are all discussed before: link
The short version: use the dedicated WAN port as uplink even if you are using the AX3600 as a dumb AP.
Sylvan
November 12, 2021, 10:29am
4653
I thought so too when I read this and of course tried it out immediately.
Unfortunately, the result remains the same.
psi-c
November 12, 2021, 10:49am
4654
It sounds like the roaming issue described at Roaming Issues Xiaomi AX3600 which has a software workaround shown here Adding OpenWrt support for Xiaomi AX3600 - #3930 by avalentin
An alternative is to enable the nss-bridge-mgr module (kmod-qca-nss-drv-bridge-mgr) which fixes this, but at present you'd need to build your own image with that enabled.
3 Likes
Sylvan
November 12, 2021, 11:47am
4655
Thank you for the advice.
dchard
November 12, 2021, 11:53am
4656
You need "IPQ807x-5.10-backports" branch.
1 Like
psi-c
November 12, 2021, 11:57am
4657
It's under Kernel modules -> Network Devices
kmod-qca-nss-drv-bridge-mgr
Both in AX3600-5.10-restart and what I believe is the more up-to-date IPQ807x-5.10-backports branch.
2 Likes
vit0r
November 12, 2021, 12:19pm
4658
Awesome news! This issue was a showstopper for me many months ago, even more than the memory leak. Maybe now I can finally ditch the QSDK build
Sylvan
November 12, 2021, 5:20pm
4659
Thanks @ psi & dchard.
Just to be sure i explain what i did (because i'm not very experienced with building my own images yet):
made a complete new clone of the repo
checkout to branch IPQ807x-5.10-backports
update and install the feeds
in menuconfig choose Qualcomm IPQ807x and Xiaomi AX3600
under kernel modules i enabled kmod-qca-nss-drv-bridge-mgr
exit the menuconfig
build the image with make -j 4
how can i check if the module is correctly built in? lsmod | grep nss gave me only these:
qca_nss_dp 45056 0
qca_ssdk 1667072 1 qca_nss_dp
Have you tried just connecting to the WAN port instead of one of the LAN ones?
etzisim
November 12, 2021, 5:24pm
4661
I have the same issue with one Poco F3 phone, that just has internet when it connects to the IOT wifi, internet i through DHCP on the wan port
Setup like that aren't the devices connected to the ax3600 effectively going to be on another subnet?
I mean just for testing, nothing else
1 Like
Sylvan
November 12, 2021, 5:27pm
4664
Yes as soon as I first read about it here (am a frequent reader of the thread)./etc/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7b:4c20:7299::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'eth0'
option ipaddr '192.168.0.11'
option gateway '192.168.0.2'
option broadcast '192.168.0.255'
list dns '192.168.0.2'
option ip6ifaceid '::B'
But I mean, leave it under WAN interface in network config as well
Sylvan
November 12, 2021, 5:30pm
4666
wan interface for a dumb ap?
On stock firmware running it as a dumb AP (relay extender mode as Xiaomi calls it) you have to connect your wired Internet uplink to the WAN port.
Here are the config output for network and firewall, I have only changed the LAN IP, the rest is default setup by Xiaomi.
Stock network config dumb AP:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config switch
option name 'switch0'
config interface 'lan'
option force_link '1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option multicast_querier '0'
option igmp_snooping '0'
option macaddr '9c:9d:7e:75:26:da'
option ieee1905managed '1'
option ipaddr '192.168.1.4'
option gateway '192.168.1.1'
option mtu '1500'
list dns '8.8.8.8'
list dns '8.8.4.4'
option ifname 'eth1 eth2 eth3 eth4'
config interface 'eth1'
option ifname 'eth1'
option keepup '1'
config interface 'eth2'
option ifname 'eth2'
config interface 'eth3'
option ifname 'eth3'
config interface 'eth4'
option ifname 'eth4'
config interface 'miot'
option ifname 'wl13'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.32.1'
option netmask '255.255.255.0'
config interface 'ifb'
option ifname 'ifb0'
Stock firewall dumb AP:
config defaults
option syn_flood '0'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option drop_invalid '1'
option disable_ipv6 '1'
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest 'lan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule 'Forbidden_Wan_RA'
option name 'Forbidden_Wan_RA'
option dest 'wan'
option proto 'icmp'
option family 'ipv6'
option target 'REJECT'
list icmp_type 'router-advertisement'
config include 'webinitrdr'
option path '/lib/firewall.sysapi.loader webinitrdr'
option reload '1'
option enabled '1'
config include 'dnsmiwifi'
option path '/lib/firewall.sysapi.loader dnsmiwifi'
option reload '1'
option enabled '1'
config include 'macfilter'
option path '/lib/firewall.sysapi.loader macfilter'
option reload '1'
option enabled '1'
config include 'ipv6_masq'
option path '/lib/firewall.sysapi.loader ipv6_masq'
option reload '1'
config include 'set_tcpmss'
option path '/lib/firewall.sysapi.loader set_tcpmss'
option reload '1'
config include 'miot'
option path '/lib/firewall.sysapi.loader miot'
option reload '1'
config rule 'guest_8999'
option name 'Hello wifi 8999'
option src 'guest'
option proto 'tcp'
option dest_port '8999'
option target 'ACCEPT'
config rule 'guest_8300'
option name 'Hello wifi 8300'
option src 'guest'
option proto 'tcp'
option dest_port '8300'
option target 'ACCEPT'
config rule 'guest_7080'
option name 'Hello wifi 7080'
option src 'guest'
option proto 'tcp'
option dest_port '7080'
option target 'ACCEPT'
config zone 'ready_zone'
option name 'ready'
option input 'DROP'
option forward 'DROP'
option output 'DROP'
list network 'ready'
config rule 'ready_dhcp'
option name 'DHCP for ready'
option src 'ready'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option family 'ipv4'
option target 'ACCEPT'
config rule 'ready_dhcp_out'
option name 'DHCP for ready'
option dest 'ready'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option family 'ipv4'
option target 'ACCEPT'
config rule 'ready_minet_in'
option name 'minet ready'
option src 'ready'
option dest_port '786'
option proto 'tcp'
option target 'ACCEPT'
config rule 'ready_minet_out'
option name 'minet ready'
option src 'ready'
option src_port '786'
option proto 'tcp'
option target 'ACCEPT'
config include 'parentalctl'
option path '/lib/firewall.sysapi.loader parentalctl'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'IPv4'
option reload '1'
config include 'qcanssecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
