Different subnets for 2.4 and 5GHz WiFi, connected through a Cyberguard VPN

Installing and Using OpenWrt
1

Hi all!

I have an Archer C7 that doesn't seem to like me using both the 2.4 and 5GHz WiFi bands simultaneously. Simply having both interfaces enabled is enough to make one of them not work, and it seems as though the C7 is constantly getting confused about which should have priority, causing frequent drop outs (like every few minutes!).

The reason I need to have both enabled is that I have a Wii U and a Roku that don't support the 5GHz band, so they have to be on 2.4. And for all my other devices (about 10 of them), I'd really prefer to be on 5GHz since that band is a lot less crowded in my neighbourhood, and I used to experience frequent drop outs on all devices for that reason, before I got the C7 (my previous router was ancient and also didn't support 5GHz).

So my current solution to this conundrum is to have two LAN interfaces configured in OpenWRT, all having the exact same settings except for those configured through LuCI's "Network -> Interfaces -> Interface name -> Physical Settings" page. Here I have the "Interface" setting set to either "eth0.1/wlan0" or "eth0.1/wlan1", but all other settings are exactly the same.

Nobody has told me to do things this way; I simply thought "hey, maybe if I just duplicate the LAN interface it will just work", and to my absolute amazement, it does! But I have a feeling that it's a far-from-ideal network design.

So my second idea is to set up two separate subnets on the router, one using the 2.4GHz band and the other using the 5GHz band. But I have no idea whether that is even possible, let alone how to set it up.

I still have my old router, so perhaps I could set it up as a dumb switch and follow the instructions here. Would that be easier?

Then to throw even more complexity into the mix, I'd like to setup my CyberGhost VPN in OpenWRT as well, but only for the 5GHz network since the older devices have no need for it, and my Australian cable TV box requires an unencrypted connection.

Is all of this (or at least the first part, without the VPN) possible to achieve through OpenWRT? If not, how else might I be able to achieve what I want? MTIA for any advice you guys can provide :slight_smile:

2

I understand that bad drivers could cause your device to be unable to use both radios at the same time. But your solution uses both radios at the same time too. So, I wonder what was wrong with the default configuration, and why shouldn't you try to fix it instead.

3

Well yeah I'd love to get it working in the "default" manner if possible, but I have no idea how. If you or anyone else can provide any insight, I'm all ears :slight_smile:

Would it have anything to do with the fact that the original LAN interface, and therefore the duplicated one as well, are in bridged mode? I don't really understand what this setting means, nor why it's enabled by default. Answers to those questions would also be very much appreciated :slight_smile:

EDIT: I believe https://openwrt.org/docs/guide-user/firewall/fw3_network#lan_bridge answers my last two questions, but raises another: how difficult would it be to setup VLANs on the wired ethernet ports instead of bridging them to the WLAN? I'm guessing it's not trivial, and that's why the default setting is to bridge them; to save people like me from unnecessary headaches. Am I right?

4

Default configuration is to have one single LAN interface, that bridges the ethernet device and both wireless devices all together.

2 Likes
5

LOL you beat me to the punch by a split second. Cheers mate :slight_smile:

1 Like
6

Which version of the Archer C7 do you have? The V1 has known problems with the 5 GHz radio.

It should work to use a default configuration and connect both APs to the existing by default LAN bridge. This is what most setups use for basic home use. Give the two APs different SSIDs and configure dual band capable clients on only the 5 GHz one. This will lessen clients jumping back and forth between the bands.

Having the four LAN Ethernet ports in the same switch VLAN means that the switch chip will hardware switch LAN to LAN traffic without involving the CPU. So this is generally good for speed and should be used unless you need separate networks.

2 Likes
7

I have v5, so that shouldn't be an issue for me, right? Judging by yours and @eduperez's comments, it seems as though it is very unusual for me to be experiencing this problem, and the cause is likely to be the way I have other things configured...although I don't see how. I haven't changed much manually from the default, freshly-flashed firmware besides interface names, a few firewall settings and adding a few simple software packages.

Do you mean connect my old router's WAN port to an available port on the C7? Sorry but my Networking 101 course from 2012 is failing me here (or rather my memory of its content). But the rest of your post seems to suggest such a network design, if I do remember things correctly. Just wanted to make sure :slight_smile:

8

Hmm very interesting; thanks for the tip! I might look into using a single VLAN for the ports, if it will improve performance...I think I've pushed the poor thing to its limits more than a few times!

9

OK I've decided to go with the one router, one switch idea. Getting the old router to behave itself and simply act as an unmanaged switch took the best part of the last 3 hours, but I finally have basic internet access from the new LAN working! :partying_face:

The only thing lacking now is the ability to talk to all devices from any single one. And everything still needs to work over the VPN as well, which I can connect to from my Windows laptop on the new LAN, but I haven't tried setting up OpenVPN on the C7 yet (which would be a much better solution - one-time configuration for geoblocking, privacy and security on every 5G device would be pure gold!).

I think I can manage the OpenVPN configuration myself and am going to try that now. I'll get back to you guys if I have problems with that, but in the meantime, any tips to solve the LAN interconnectivity problem would be very much appreciated. Thanks again guys! :smiley:

1 Like
10

It's now 2 1/2 months later and I still haven't managed to get this fully working. I've been so busy with other commitments that I just haven't had the time to investigate any further.

I have now read through the following resources but am still confused:

The last one in particular is the first thing that I tried, i.e. setting up a static route from the Archer C7 to my old router (a Netgear V7610) like so:

Archer C7 static route settings

192.168.1.0 is my C7's network address, and the V7610 (192.168.2.0) is connected to it through 192.168.1.254. The cable that connects them runs between the WAN port of the V7610 and a LAN port of the C7.

So I have a couple of questions:

  1. Why does the static route on the C7 not work?
  2. Would disabling DHCP on one router or both fix this?
  3. Would upgrading to the latest firmware help?
  4. How else may I be able to fix this frustrating and baffling issue?

MTIA! :slight_smile: