Configuring Linksys WHW03 as Linksys does

WHW03 has 2 ethernet ports, 1 2.4GHz radio and 2 5GHz radios (so 5GHZwifi repeating can be done without 50% bandwidth drop)

The factory WHW03 firmware works great but I hate that I don't have "open" control...

How would one configure openwrt to replicate what Linksys does and calls "mesh" (but from what I've been reading is more likely just fast roaming between APs with ethernet or wifi backhauls) on their firmware with:

  • WHW03_1 in bridged mode withethernet backhaul & 3 APs (1 2.4 GHz & 2 5GHz) with same SSID/security
  • WHW03_2 with 5GHz (fast roaming) wifi backhaul & 2 APs (1 2.4GHz & 1 5GHz) (and same SSID/security as WHW03_1)
  • WHW03_3 with 5GHz (fast roaming) wifi backhaul & 2 APs (1 2.4GHz & 1 5GHz) (and same SSID/security as WHW03_1)

Is it:

  • "Just" bridging all wifi (wether in STA or AP mode) and ethernet interfaces + fast roaming (dawn)
  • relayd (for ipv4 bridging) [+ odhcpd for ivp6] +fast roaming (dawn)
  • 802.11s mesh (mesh11sd, batman-adv)
  • wds + fast roaming (dawn)

This is what the network looks like using factory firmware (or alternatives with one of WHW03_2 and WHW03_3 connecting to the other themselves) and using 2 or 3 5GHz channels depending on its choicies...

----- = ethernet
- - Freq_radio - -  = Wifi
                                                                      

                                        | - - 2.4GHz - - Device 1
                                        |          | - - Device 2
                                        |
Internet----IspRouter----DDWRT----WHW03_1 - - 5GHz_r1 - - WHW03_2 - - 2.4GHz - - Device 3
                                        |           |           |
                                        |           |           | - - 5GHz_r2 - - Device 4
                                        |           | - - Device 5 
                                        |
                                        | - - 5GHz_r2 - - WHW03_3 - - 2.4GHz - - Device 6
                                                    |           |
                                                    |           | - - 5GHz_r1 -- Device 7
                                                    | - - Device 8

I just bought a used set of three of these myself. They are v1.0 devices. I set up the the first one as Velop1 as a wired WDS AP and the second one at Velop2 as a wireless WDS Station. I used the lower frequency 5ghz radio for the back haul on ch36. The wiki states this radio is really not very useful, but with the 3 pack of these things, it finds and connects to the others without any issues....so very useful indeed. It allows the two remaining radios to be used as pure APs without halving the bandwidth, if I understand correctly.

The wired unit is connected to a managed switch with several vlans. I am wanting to repeat three of these on the Velop2 WDS Station wireless. I would guess I need to create VAPs for each vlan, then create VAPs on the WDS Station for each one, since vlans do not work directly over wireless.

Not really sure how to do this off hand. Still a WiP. I will let you know my results, if and when I get there.

That is generally not possible, in the sense of wirelessly repeating multiple VLANs, as most (all) wireless chipsets only allow a single STA connection at a time (they usually allow multiple AP interfaces, but only one STA concurrently). You'll have to bump up one level, using GRE or similar tunneling protocols (or go wired for the backhaul).

1 Like

:+1: for wired backhaul.
one-marc-fifty has some videos about vlan over wds (using layer 2 tunnel)

2 Likes

Thanks egc. I will check it out.

1 Like

I have 5 of these WHW03 v2 now (used ones that I paid 60€ for in total :slight_smile:) and actualy use 4.

I tested 802.11s using Channel36 (and mesh11sdin manual configuration). It was stable but suffered from bandwidth halving and bad latency

So now I use WDS (no halving and better latency)

WDS STA (#2 familyroom 1st floor) WDS STA ch36/AP ch116
          |
          |
WDS AP ch36 (#1 office 1st floor) WDS AP ch100
                                         |
                                         |
WDS AP ch52 (#3 2nd floor) WDS STA ch100
          |
          |
WDS STA (#4 2rd floor) AP ch132

I watched the one-mark-fifty video a few times. While it seems this should absolutely do what I need, I cannot get it to work. Well, the GRE tunnel itself may be working. I am not really sure how to tell. I cannot ping directly though the tunnel for some reason, nor can I verify that the vlan trunk is actually working. I have set up a Guest Wifi on the remote side but nothing can get an ip address.

Some differences between his setup in the video and mine:
He is running a dhcp server directly on the main gateway Guest interface.
I already have a dhcp server for the Guest network (192.168.5.1) so I need to be able to use this one without created a conflicting dhcp server. I assigned static IPs to both sides of the Guest network tunnel. (192.168.5.10 and 192.168.5.11). In the video, he uses dhcp for the Guest network interface which I believe would be optional.

Here is how it's connected:

When adding the bridge port device to br-guest, per the video, he adds @trunk.4. In my case, I added it as @tnk.11. I would think this would create a vlan11 but I see no evidence of it. In fact they both show when checking br-guest Bridge Port Absent Interface: "@tnk.11"

Here is my network config for Velop1 (the wired side):

root@Velop1:# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdff:6555:f5b3::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan'
        option ipv6 '0'

config device
        option name 'lan'
        option macaddr '30:23:03:8a:dc:7d'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.254.20'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.254.9'
        list dns '192.168.254.254'
        option delegate '0'

config device
        option name 'wan'
        option macaddr '30:23:03:8a:dc:7d'

config interface 'wan'
        option device 'br-lan'
        option proto 'none'

config device
        option name 'phy2-ap0'
        option ipv6 '0'

config device
        option type 'bridge'
        option name 'br-guest'
        option bridge_empty '1'
        option ipv6 '0'
        list ports '@tnk.11'

config interface 'Guest'
        option proto 'static'
        option device 'br-guest'
        option ipaddr '192.168.5.10'
        option netmask '255.255.255.0'
        option defaultroute '0'
        option delegate '0'

config interface 'tnk'
        option proto 'gretap'
        option force_link '1'
        option peeraddr '192.168.254.21'
        option ipaddr '192.168.254.20'
        option tunlink 'lan'
        option df '0'
        option defaultroute '0'
        option delegate '0'

And this is the config for the remote Velop2 (WDS)

root@Velop2:~# cat /etc/config/network 

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd8:6aff:6a2a::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan'
        option ipv6 '0'

config device
        option name 'lan'
        option macaddr '30:23:03:88:e7:71'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.254.21'
        option netmask '255.255.255.0'
        option gateway '192.168.254.9'
        list dns '192.168.254.254'
        option delegate '0'

config device
        option name 'wan'
        option macaddr '30:23:03:88:e7:71'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config device
        option type 'bridge'
        option name 'br-guest'
        option bridge_empty '1'
        option ipv6 '0'
        list ports '@tnk.11'

config interface 'Guest'
        option proto 'static'
        option device 'br-guest'
        option ipaddr '192.168.5.11'
        option netmask '255.255.255.0'
        option defaultroute '0'
        option delegate '0'

config interface 'tnk'
        option proto 'gretap'
        option force_link '1'
        option peeraddr '192.168.254.20'
        option ipaddr '192.168.254.21'
        option network 'lan'
        option tunlink 'lan'
        option df '0'
        option defaultroute '0'

What am I doing wrong here?

Okay, after way too much time invested, I am finally able to ping both bridges via the GRE tunnel. br-guest and br-iot are both pinging now so that in my opinion is major progress. I assumed when firewall is Unspecified it is disabled for these interfaces. Not the case! I also deleted the WAN interface and firewall on both routers.

Now, I am left with getting dhcp IP addresses assigned via my EA8500 Gateway dhcp server through the VLANs. This is still not working. I am sure it has something to do with the VLAN tags, but everything is tagged on the three switches getting to the main Velop wired device, as seen in the diagram in my previous post. Should I set up vlan tags on the Velop LAN itself or do the bridges take care of this? Sorry, I am pretty new to OpenWRT and it's way different than DD-WRT.

I could really use some suggestions right now.

Okay, I have verified it's not my tagged vlan ports on the switches as I was able to wipe the Velop1 and configure it with a vlan 10 and vlan 11 and it got the correct dhcp address for each network. So I am down to it has to be an OpenWRT configuration issue or a bug, or my lack of knowledge of using it.

This is concerning to me:
Selection_021
Why is this an Absent Interface?

And this...
Selection_022

clearly shows there is no link so I am thinking this has to be where the issue is.

I think I finally have this worked out. Whether it's correct or not, I am not sure, but it does work.

The missing piece was assigning a vlan to the br-lan bridge (br-lan.11) and adding both @trunk.11 and br-lan.11 to the br-guest bridge. On Velop1. This is only on the wired side btw.

For the wireless Velop2, I didn't have to add these, since it is not connected to the physical port. I found this out the hard way, once I saw the massive flooding to my dhcp server. Once I removed the vlans from the remote side, the dhcp log errors disappeared and I got a correct IP address assigned on two different wireless subnets. Yay!

This is basically the instructions I used for this:

Note, I am not using the firewall in this setup. The firewall is handed by my main Gateway DD-WRT router

Create Bridge br-guest
    Check: bring up empty bridge
    turn off IPv6 (unless you need it)
    
Create new Interface Guest
    bind to device br-guest
    static IP 192.168.5.x
    Check: Force Link
    Uncheck: Use Default Gateway
    Turn off IPv6 under Advanced

Create Interface trunk
    Protocol: GRETAP tunnel over IPv4
    Check: Bring up on Boot
    Fill in Remote IP and Local IP of the routers
    Advanced settings: Force Link
    Bind Interface: LAN
    Uncheck: Don't Fragment
    Uncheck: Use Default Gateway
    
Create 802.1q VLANs for the existing br-lan. This only needs to be done on the WIRED side.

On each br-guest, br-IOT, etc: Under bridge ports, add both br-lan.NN and @trunk.NN (numbers much match).

Test while pinging specific interface: ie. ping -I br-guest 192.168.5.21

Create Wifi assigns to Guest/IoT/Whatever Networks on remote router.