Automatic Mesh + Separate WLANs (Public / Internal / Mesh) with OpenWrt (Archer C7, Shared Subnet)

Installing and Using OpenWrt
1

Hi everyone,

I’d like to share my planned setup and ask if anyone here has already implemented something similar or has experience with related concepts (e.g. Freifunk, batman-adv, 802.11s).

Goal

I am running several 19" boxes with OpenWrt routers (Archer C7).
The idea is that each box can operate standalone, but as soon as multiple units are active, they should automatically form a mesh – no master/slave roles, all nodes equal.

Each box should broadcast three different WLANs:

  1. Device WLAN (public / for clients / end devices)

    • 2.4 GHz + 5 GHz, same SSID name (e.g. “Mixer01” or “Controller01”)

    • This WLAN should only have access to a specific port on the router (Port 1, where e.g. a mixing console is connected)

    • No access to the rest of the network or mesh

  2. Mesh WLAN

    • Separate SSID (e.g. “MeshNet”)

    • Based on 802.11s + batman-adv

    • Provides the interconnection between the boxes

    • Works automatically, no need to decide who is master

  3. Internal Staff WLAN

    • Separate SSID (e.g. “InternNet”)

    • SSID hidden

    • Full access to the entire mesh/LAN

    • Intended for staff/technicians who need full access to all devices

Addressing and DHCP Concept

  • All boxes run in one large subnet (e.g. 10.0.8.0/21 with netmask 255.255.250.0).

  • Each box runs its own DHCP server, but only hands out addresses from a defined range.

  • Example:

    • Box 1 → DHCP range 10.0.10.0–255

    • Box 2 → DHCP range 10.0.11.0–255

    • Box 3 → DHCP range 10.0.12.0–255

    • Box 4 → DHCP range 10.0.13.0–255

    • Box 5 → DHCP range 10.0.14.0–255

  • Advantages:

    • All devices remain in the same subnet, so they can communicate directly without routing.

    • No DHCP collisions, as each router only serves its own range.

    • Standalone operation works as well, since each box always controls its own pool.

Additionally:

  • Devices permanently connected to Port 1 (e.g. controllers, web servers, mixers) will have static IP addresses.

  • This ensures these systems are always reachable at the same IP, regardless of whether the box is running standalone or in a mesh.

  • Mobile devices (phones, laptops, etc.) will not be connected via Port 1 – they only use the public device WLAN.

Planned Technical Setup

  • VLAN separation:

    • Port 1 = VLAN for the public/device WLAN (with fixed devices and static IPs)

    • Ports 2–4 + Mesh = VLAN for the internal LAN

  • batman-adv:

    • Automatically distributes connectivity across all mesh participants

    • No central role, self-healing

  • Firewall:

    • Device WLAN is only allowed to access the VLAN of Port 1

    • Internal WLAN is allowed full mesh access

Questions to the Community

  • Has anyone here implemented a similar setup already?

  • Are there known pitfalls when combining 802.11s + batman-adv + multiple DHCP servers in a /21 subnet?

  • Freifunk uses a very similar approach – any feedback on stability with Archer C7 and OpenWrt, especially with 5 devices meshed together?

  • For static IPs on the Port-1 devices: is it better to assign them directly on the device itself, or via DHCP reservations?

Thanks a lot for your input and experiences!

2

There are five ports on each device.
How many chatbot coins you spent to call 30-some years old DHCP standard a freshly invented concept?