[DumbAP][Zyxel WSM20] - Ethernet connectivity, but no WiFi connectivity

Hello everyone,

Hope you're all doing well.

I'm struggling a bit on the current situation.

TL;DR : 3 dumb APs in the house, each running on different channels with same the same SSID, no fast roaming enabled (mediocre results after testing it). The ISP modem/router combo acts as DHCP server, it's WiFi interface have been disabled.

DumbAP 1 and 2 were added a while ago, and work flawlessly, DumbAP 3 was added today due to a new ethernet backhaul.

The devices are able to do handover between 1 and 2, but when connecting to 3, there seems to be 0 WiFi connectivity, even though Ethernet connectivity is working. (checked with ping/traceroute / dns resolving through LuCI)

Here provided the config files for the DumbAP3. I tried to copy the config of 1/2 into 3.

On top of that I've noticed some significant slowdowns and even random crashes of LuCI on DumbAP3.

DSF channels are being used for 1 and 2.

If anyone got any idea I'd be very grateful.

Regards,
Basileus

etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd9:fa16:d43b::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.4'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'
        list dns '1.1.1.1'
        list dns '8.8.8.8'
        option force_link '0'

config device
        option name 'wan'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option auto '0'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'wan'
        option auto '0'
        option reqaddress 'try'
        option reqprefix 'auto'

/etc/config/firewall

        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '9'
        option band '2g'
        option htmode 'HE20'
        option cell_density '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
        option channel '44'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'
        option country 'FR'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid '[REDACTED]'
        option encryption 'psk2'
        option key '[REDACTED]'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid '[REDACTED]'
        option encryption 'psk2'
        option key '[REDACTED]'
        option dtim_period '3'

Update :
After checking a bit more in detail, and doing a few traceroute attempt on some devices able to connect in WiFi.

For some odd reason, the traceroute skyrockets to 5000ms when trying to reach the ISP backbone (went through a lookingglass hosted by them as well and was getting 1ms).

Could it be an issue regarding the configuration.

As additional information, all 3APs are running :
LuCI openwrt-23.05 branch (git-23.118.79121-6fb185f) / OpenWrt 23.05.0-rc2 (r23228-cd17d8df2a)

start by upgrading.

https://firmware-selector.openwrt.org/?version=23.05.3&target=ramips%2Fmt7621&id=zyxel_wsm20

Hi,

I did the upgrade and it seemed to be working just fine, now the WiFi partially works.

However, as soon as I plug a second device on LAN2 the ping skyrockets to 5000ms and I lose all connectivity.

The device in question is a TV Box from the french ISP orange.
As soon as I plug into LAN2, LAN1 starts auto-negotiating from 1GbE down to 100Mbps

and everything starts lagging to a degree that I can't even access LuCI but I can still SSH into AP.

not sure if it's going to work here, but you could try ethtool to force the link to 1gbit, and disable auto neg.

Did that, seems to be something specific to the ISP TV box, I'll try to investigate. as soon as it connects (WiFi or Ethernet) the entire AP dies.

The 2 older TV box from orange are fast ethernet (décodeur TV4 and UHD), only the latest (TV6) is gigabit.

Regarding your other problem, I've got the same behaviour when I tried to connect the liveboxTV to my AP via wifi (also WSM20), network become very slow, borderline unusable till I shutdown/disconnect the box.

I didn't explore the problem, I used the easy solution: a special wireless network on the livebox dedicated to the TV. Everything else on the AP.

Orange use multicast to stream the TV, maybe try something with igmp or multicast to unicast?

1 Like

Does the TV box have simultaneous wifi + ethernet connectivity? Are there other components to this TV box (for example, a connection to an ISP's router or a 'TV base-station' device of some sort, or additional TV boxes around your home)? It is possible that you are getting a switching loop in some of these situations.

If you plug something else into the ethernet port (instead of your TV box), does it work properly?

Hi,

I will try that in a bit, but yeah it is exactly the same problem, and the Livebox is too far for a WiFi connectivity, thus why I want to use the WMS20.

Hi, it does have WiFi and Ethernet connectivity, but they cannot work simultaneously, the box has a wizard within it's firmware to only force one type of connectivity.

The general setup for our ISP is :
A modem / Router combo where there is an optical fiber link, and that combo can act as AP (that option can be disabled).

I have tried already in the past successfully to plug a laptop directly to the AP3 and also connected only one device on the WiFi and it was working perfectly, the TV Box was the crash cause.

I'll try to investigate IGMP snooping and potentially see if it's doable to setup VLANs on the WiFi.

Other than, I have no clue what I'm doing.

Just to ensure that it doesn't try to use both at the same time, you might reset the device or have it "forget" the wifi network/credentials so that it cannot connect when you're wired. I have seen situations where a device brings up both wifi and ethernet at the same time and then does it using a bridge topology. When this happens, it brings down the network due to switching loops.

Is the AP functionality on that device currently enabled or disabled?

Are there any other TV boxes in your system and do they communicate with each other in any way?

Hi,
The device has been reset a few times already, and I tried one at a time Ethernet then WiFi.

The AP functionality for the combo Modem/Router has been disabled for a few days now. The second TV box used to connect directly to the Combo Modem/Router of the ISP with the built-in AP. Now that it has been disabled, it generates the same scenario, so it was also turned off.

I tried enabling IGMP snooping (cf. Screenshot)
image

  • a VLAN with the ID 840, which apparently the TV box uses according to some specification.

image

I'll try to turn on one of the TV box and see if it works.

Update :
after enabling IGMP snooping + the br-lan.480 the TV Box seems to be working, (previously the images used to stutter).

However, the problem of slowly crashing AP3 after a few minutes is still a thing.

Please elaborate....

  • What does 'slowly crashing' mean in this context?
  • Does this only happen when the TV box is connected, or is this issue separate?

Hi,

I usually run a traceroute and multiple speedtest when I boot up AP3 to check connectivity.

When AP3 has 0 devices connected to it (except an SSH instance)
The traceroute takes 3ms to get to 1.1.1.1
If I add a laptop on WiFi, it goes to 3/4ms
But as soon as the TV Box is connected to the AP3 by either WiFi or Ethernet, the traceroute skyrockets to 5000+ms, most devices refuse to handover to AP3 and most speed test will consider that AP3 has 0 connectivity due to how high the ping is.

This escalates very quickly as soon as I plug / turn on the TV Box and it connects to AP3.

It seems to me that the TV box is not behaving well, and that it is the cause of your issues.

Have you tried connecting it to another device (rather than AP3) -- for example, maybe connecting it to your main router? I would expect the same issue to occur, but it should be tested to ensure that it is the box and not something with OpenWrt.

Hi,
I've tried the TV box on the ISP combo and it works flawlessly here without causing any problem.

I wouldn't be surprised if it is some weird shenanigans the ISP embedded on the TV box hardware.

You said that you needed to setup a VLAN for the TV box, right? Did you configure that VLAN through to the ISP box, too? I assume you're wired from the ISP router > AP3, and then another ethernet cable between AP3 and the TV box, right?

Let's see your latest network config file, and also please tell us which port connects upstream to the main router and which connects to the TV box. Also, is the connection between AP3 and the main router direct, or does it go through other devices (if so, what)?

Hi, sorry for the late answer.

A theory proposed by some colleagues was a possible Broadcast Storm that could not be managed by the AP?

Here is the current network configuration file :

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd9:fa16:d43b::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        option igmp_snooping '1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.4'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'
        list dns '1.1.1.1'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'TV'
        option proto 'dhcp'
        option device 'lan2.480'

config device
        option type '8021q'
        option ifname 'lan2'
        option vid '480'
        option name 'lan2.480'

And here is a simplified architecture of the system we have.

The config you shared doesn’t really setup the vlan. I can provide the specifics now, but I’ll do that when I have some time later. Feel free to ping me if I don’t get back to this in a reasonable about of time.