ASUS TUF-AX4200 Wifi Totally Unstable (Repeater-Mode)

Hi Everyone,

I have been trying to solve this for the past couple days but just haven't been successful.

I have a new ASUS TUF-AX4200 Router which I am trying to setup as a repeater, taking an existing 5Ghz Wifi signal and pushing it out again further (in future, with a new SSID, password and even subnet, but that is not the current issue).

The signal strength is excellent as for testing purposes, the two routers are about 5m from each other.

I have successfully flashed the router with OpenWrt as follows:

• Using the openwrt-23_tuf-ax4200-initramfs.trx file from @remittor (link) to get the versions: OpenWrt 23.05.2 r23630-842932a63d 231213 / LuCI openwrt-23.05 branch git-23.118.79121-6fb185f / Kernel Version 5.15.137
• I then uploaded the sysupgrade.bin file from the OpenWrt page (openwrt-23.05.0-mediatek-filogic-asus_tuf-ax4200-squashfs-sysupgrade.bin) but that seem to downgrade the OpenWrt and Kernel versions: OpenWrt 23.05.0 r23497-6637af95aa / LuCI openwrt-23.05 branch git-23.236.53405-fc638c8 / Kernel Version 5.15.134
• So I upgraded the versions using the Attended Sysupgrade Package to get the following versions: OpenWrt 23.05.2 r23630-842932a63d / LuCI openwrt-23.05 branch git-24.086.45142-09d5a38 / Kernel Version 5.15.137

In other words, the Kernel is .137 (instead of .134), OpenWrt is .2 (instead of .0) and LuCi is at git-24. (instead of git-23).

I then did the following to setup the repeater:

• Network -> Wireless
• Removed the existing/ default OpenWrt SSIDs there
• Used "Scan" to search for the existing 5Ghz Wifi network and connected to it (SUCCESS)
• Testing that the ASUS Router now had an internet connection by running a quick ping diagnostic to 1.1.1.1 which was successful
• Adding a 5Ghz SSID (new name, password) using the "Access Point" mode and attaching it to the "lan" Network so that the routers DHCP assigns IP's -- also successful

However, and here comes the problem. The new 5Ghz SSID:

• Takes forever to show up (Channel is set: AX/ 36/ 80 MHz)
• When it does show up, I try connecting using my laptop and my iPhone and I get nearly the full speed that the original Router gives on Wifi... however after a bit of time, or after restarting the ASUS Router, I cannot reconnect to the network. Sometimes I can, sometimes I can't. My laptop just stops trying and looks for another Wifi network and on my iPhone, the spinning connection circle just keeps turning and turning but never connecting.

I also want to have a new 2,4Ghz SSID running, which I have also tried at the same time, but even this one is unstable and sometimes lets me connect but most of the time just doesn't.

I have tried:

• Using different channels for the 2,4Ghz and 5Ghz network
• Setting the channel to Auto
• Using a different width for both networks
• Changing the Mode from AX to AC...

... nothing works.

I am in Germany so I have set the country code (DE) accordingly, no change.

I have attached a few screenshots to show the setup. To summarize, the setup does work (even with full speeds) but totally inconsistently, which makes it unusable.

Could it be the device? What other settings can I change?

Thanks in advance for your help, really would love to get this to work ASAP.

Cheers,
elite_nutty

Screenshot 1-new3004×2199 336 KB

Screenshot 2.1-new3014×1728 269 KB

Screenshot 2.2-new3044×1541 202 KB

Screenshot 31545×964 120 KB

Hi. Could you show your Interfaces page. Have you disabled DHCP on your router (WDS client)?

It would be great to see your config files: network, wireless

latest stable
https://firmware-selector.openwrt.org/?version=23.05.3&target=mediatek%2Ffilogic&id=asus_tuf-ax4200

is your existing ap supporting wds?

Thank you both for your replies!

@brada4:

• I checked yesterday and didn't even see this new stable release! Thank you. I installed it immediately of course, lets see if that helps at all.
• I think so, but I might be changing routers in the future so I guess my question would be, do I need WDS or should I just change to the normal "Client" mode? Am I sacrificing a lot of performance?

@ilija.culap

• I have posted a photo of my interfaces page in the simple version that I am currently running (without extra firewalls, etc.)
• I have not disabled DHCP on the original router as most of my clients are connecting to that. I want both devices to be issuing IPs. Currently, the original router is running on 192.168.178.xxx and the new ASUS router is running 192.168.1.xxx.
• I am not sure how best to make my config files available to you?

Thanks again guys, really appreciate it.

Cheers,
elite_nutty

Screenshot 4 - Interfaces (Simple)1702×878 132 KB

If your primary WLAN does not support WDS, you cannot use it in OpenWRT. OpenWRT even suggest not to use different Vendors for both WDS master and client. Is your main router running OpenWRT? If i could guess it is an FritzBox (https://avm.de/service/wissensdatenbank/dok/FRITZ-Box-7170/351_WLAN-Reichweite-der-FRITZ-Box-mit-WDS-Repeater-eines-anderen-Herstellers-erhohen/). You can try this.

If that does not work, try changing your mode from WDS Client to normal Client mode. DHCP server should be enabled on both routers.

I have not disabled DHCP on the original router as most of my clients are connecting to that. I want both devices to be issuing IPs. Currently, the original router is running on 192.168.178.xxx and the new ASUS router is running 192.168.1.xxx.

That is correct. You should not disable DHCP on primary router. But if you are using WDS you need to disable DHCP on your "secondary" router (or use DHCP client as protocol)

I am not sure how best to make my config files available to you?

Are you familiar with SSH. If yes, you can connect to the router and issues some commands. Output of them you can post here.

cat /etc/config/wireless
cat /etc/config/network

You should of course remove any MAC or passwords from those outputs.

Takes forever to show up (Channel is set: AX/ 36/ 80 MHz)

You could try changing Beacon interval for your 5GHz radio to 90 or 85.

When it does show up, I try connecting using my laptop and my iPhone and I get nearly the full speed that the original Router gives on Wifi... however after a bit of time, or after restarting the ASUS Router, I cannot reconnect to the network. Sometimes I can, sometimes I can't. My laptop just stops trying and looks for another Wifi network and on my iPhone, the spinning connection circle just keeps turning and turning but never connecting.

Just one more tipp. If your are using Apple products change your DTIM from 2 to 3 (For your AP). https://www.sniffwifi.com/2016/05/go-to-sleep-go-to-sleep-go-to-sleep.html

Suggestion for upgrade just to avoid variables.

If access point names are different you dont need WDS. Just normal nat where wan is on same radio device as AP.
WDS may work with some vendor firmware, but it needs tweaks like setting that firmware to no encryption wifi (please dont) or WPA2+AES,
the result should be mesh-like network with same Aceess point aka ESSID running from different APs aka BSSIDs

No performance, half of bandwidth consumed by uplink.

Thanks again to you both!

In theory, it should be supported as yes, you are correct, I am currently using a Fritzbox. But, as I said, this is not the plan in the future, so I would prefer to set everything up without WDS. I have therefore returned the MODE to the normal "Client".

Perfect, thanks for explaining. Yes I am somewhat familiar and was able to extract the config files for you:

cat /etc/config/wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option channel '1'
        option band '2g'
        option htmode 'HE20'
        option country 'DE'
        option cell_density '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option channel '36'
        option band '5g'
        option htmode 'HE80'
        option country 'DE'
        option cell_density '0'
        option beacon_int '90'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'sta'
        option network 'Existing_Wifi_Network'
        option ssid 'EXISITING 5GHZ NETWORK'
        option encryption 'psk2'
        option key '############'
        option ifname 'phy1-sta0_exist'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'NEW 5GHZ AP-SSID'
        option encryption 'psk2'
        option key '############'
        option network 'lan'
        option dtim_period '3'
        option ifname 'phy1-ap0_5ghz'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid 'NEW 2.4GHZ AP-SSID'
        option encryption 'psk2'
        option key '############'
        option network 'lan'
        option ifname 'phy0-ap0_2.4ghz'

cat /etc/config/network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '####:####:####::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config device
        option name 'lan1'
        option macaddr '##:##:##:##:##:32'

config device
        option name 'lan2'
        option macaddr '##:##:##:##:##:32'

config device
        option name 'lan3'
        option macaddr '##:##:##:##:##:32'

config device
        option name 'lan4'
        option macaddr '##:##:##:##:##:32'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth1'
        option macaddr '##:##:##:##:##:32'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config interface 'Existing_Wifi_Network'
        option proto 'dhcp'

Maybe you spot something else in my config which is off? If not, I am going to continue to setup the AP as originally planned as the 5Ghz seems to be working now. However, when I restore my original configuration (I had backed it up), it started going crazy again. So I hope that through starting again 'clean' I will achieve what I hope to achieve this time.

As you can see I have set this to 90 to see what happens.

Giving this a whirl as well, thanks.

Sorry, not sure I quite understand. What is "normal NAT"? I haven't configured anything.
And the second part of your sentence, ".. where WAN is on same radio device as AP." Could you elaborate please?

Thank you and have a nice evening!

Cheers,
elite_nutty

You are needlessly sacrificing performance by running a single-radio repeater 15 feet from the main access point, because stuff gets transmitted two times over the air instead once and the clients can reach an AP at 15 feet just fine. Wi-Fi reaches up to ten times the distance indoors (150 feet).

I run similar distance in a mesh configuration, but I do NOT serve Wi-Fi clients on the mesh, only bridge to wired, because it's pointless to have multiple APs within a few feet distance all on the same channel.

Sorry, this is not in reply to the last post from @jtsn, just took me a while to summarise, but probably a good exercise...

What I am ultimately trying to achieve is create a subnet (currently the 192.168.1.xxx network on the ASUS router) that is its own, secure network. It uses the internet connection of the original router via Wifi (or, if LAN is available, uses that -- but it currently isn't so this is just a optimisation for the future), but devices on the original router (192.168.178.xxx) cannot access anything/ any devices on the new ASUS router, only devices connected to the new SSIDs on the ASUS router (192.168.1.xxx) can communicate with each other.

I suppose you could say I want to implement things in stages, with the first stage being the only one that is crucial to the setup (of course AFTER getting both the 5Ghz and 2,4Ghz signals to run stable). The others would be nice to have:

Phase 1 (crucial)
Setup ASUS Router with its own subnet/ network, secure from any outside networks/ connections but can see devices on original network (can see out but no one can see in, so to speak)

• It seems that because of the way I have set it up using LAN and WAN, devices on the other network (WAN: 192.168.178.xxx) by default can't see any devices on the new, OpenWrt network (LAN: 192.168.1.xxx), which saves me a lot of configuration
• However, even devices within the LAN network don't seem to be able to communicate with each other (network scan only picks up OpenWrt router and own device, e.g. laptop, but doesn't find iPhone on the same network. Direct ping doesn't work either.
  EDIT: Silly me, the new network was detected as PUBLIC on my windows laptop and was therefore not finding other devices or allowing itself to be found.
• I would disable the traffic rule "Allow-Ping" (from WAN to ) to disable the router getting pinged from the other network (WAN)

Phase 2
Setup a guest SSID (2.4Ghz) which has internet access but cannot access any devices on the network or any other guests, with the possibility of adding an exception to connect to the printer.

Phase 3
Setup two further WAN connections as a sort of fall back, if this is even possible. If a LAN cable providing internet access is plugged into the WAN port of the ASUS Router, use that for internet and don't connect to the existing Wifi. If not, obviously connect to the Wifi (current setup). If that also fails, connect to a different Wifi network (Hotspot from a phone) to provide internet.

Having outlined that, I have a few current questions:

• Question 1: If I do a network scan on my original router, then I am able to detect the OpenWrt Router and it's IP address (although I am unable to connect to the login portal, which is good). Would it be possible or even, would it make sense to disable this somehow so that users from outside can't even see there is an OpenWrt router, or would that impact the outside routers ability to broadcast internet to the OpenWrt router?
• Question 2: I am currently unsure whether I would need to setup traffic rules for DNS and DHCP to allow such requests, or whether that would only be necessary for the Phase 2 guest network zone.
• Question 3: For the purpose of this setup, and for interests sake, would it be possible to allow 1 outside IP address from the original network (WAN: 192.168.178.xxx) to access another device within the OpenWrt network or even the OpenWrt web portal itself? Let's assume for the purpose of this discussion that these were the two possibilities; either all out access (all ports, etc.) or specifically and only access to the OpenWrt web portal.

I hope that gives you a better overview. I'm off to bed now but again, I can't stress how much I appreciate your help.

Cheers,
elite_nutty

Thanks for your reply @jtsn, but I think you missed the part where I mentioned that they are currently only that close together because I am testing the setup:

There is no point putting them 100m apart if they cannot work 5m from another

Cheers,
elite_nutty

For a useful configuration without sacrificing performance your device is missing dual radio. These are your best options:

1. Reconfigure the existing Wi-Fi to use channel 100, that AP will use up to 27-30 dBm instead of just 20-23 dBm which improves performance even with single radio repeating.

2. Use the 2.4 GHz radio to connect to the existing Wi-Fi. Especially if WAN speeds are rather slow (50 or 100 Mbit/s), this might gives better WAN performance as 2,4 GHz penetrates better at just 20 dBm. In low density areas you might even have the option of using a 40 MHz channel to get up to 300 Mbit/s (2x2 802.11n) WAN speeds.

3. Get another repeater like AX1200, pair it with the existing Wi-Fi and connect it to WAN port via Ethernet. In this case you might leave the existing Wi-Fi on channel 36, so it doesn't interfere with your own Access Point.

Then configure the 5 GHz radio on the TUF-AX4200 to channel 100 AX, 26 dBm (or device default), 160 MHz to get reasonable Wi-Fi performance.

BTW: My general recommendation for the ETSI region is to not waste any money on Wi-Fi 6 hardware, as there is only one single 160 MHz channel available for either mesh backhaul or client access. This is not the US which recently licensed 5.7 GHz for a 1 W 160 MHz channel. Wait for Wi-Fi 7 instead.

There are 3 160mhz channels, one 20dbm one 26dbm and one 13dbm, anyway zero with radar present

Channel 177 is not licensed for use in the ETSI region, so there is no third continuous 160 MHz spectrum available to use.

I managed to configure HE80+80 on channel 52, but this is not supported by clients, they use 80 MHz only. When configuring 160 MHz on channel 36 the radio doesn't come up.

149-161 is a 80 MHz SRD channel. 25 mW at 5,7 GHz are useless for Wi-Fi coverage, this is intended for game controllers and remotes talking to a device 3 feet away.

Thanks for clarifying. For me Ch100 is punched by radar every 2 days, and 20dBm Ch52 does not cover home, but it is same almost everywhere in the world.

This is why my recommendation is to stay clear of pretty much useless Wi-Fi 6 hardware until clients pick up Wi-Fi 7 and are capable of Multi-Link Operation through the entire spectrum.

There is literally nothing useful an "ASUS TUF Gaming AX4200 Dual Band WiFi 6 Gaming Router" is going to do for your "gaming", when you have to connect on a single channel until priority users occupy your spectrum. This stuff looks fancy and is a complete waste of money.

Dont ruin their dreams

BTW: I only have DFS-RADAR-DETECTED on shoddy hardware like WRT1200AC with Marvell SoC, which turned out simply not being able to detect radar at all. It just pretends and "detects" radar even with all antennas being disconnected. The SoC probably runs an internal RNG to fool regulatory bodies.

Good Wi-Fi hardware works well on DFS spectrum, it usually just doesn't support OpenWrt firmware.