bchrao
November 8, 2024, 4:33pm
1
Hello. I am currently experiencing drops (or pauses) in my wifi connections. I didn't have any issue with the vendor firmware but since going to OpenWRT I noticed slowness/drops/or pauses.I assume it is a configuration issue since I am new to OpenWRT. I have a pfsense router and managed switches with VLANs that I am trying to extend to the wireless network. I ran through the "Dumb AP" configuration but the issue still persists. I thought it might be a default route issue and I disabled the default gateway option on all the interfaces, but no change. I appreciate any help on this issue. Thanks.
root@eap225:~# ubus call system board
{
"kernel": "5.15.167",
"hostname": "eap225",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link EAP225 v4",
"board_name": "tplink,eap225-v4",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fcd00",
"target": "ath79/generic",
"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
}
}
root@eap225:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd34:9cd0:8f26::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
option ipv6 '0'
config interface 'lan'
option device 'br-lan.10'
option proto 'static'
option ipaddr '192.168.110.155'
option netmask '255.255.255.0'
option gateway '192.168.110.1'
list dns '192.168.110.1'
list dns_search 'somedomain.org'
option delegate '0'
option broadcast '192.168.110.255'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'eth0:t*'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '50'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '60'
list ports 'eth0:t'
config interface 'VLAN30'
option proto 'dhcp'
option device 'br-lan.30'
option hostname 'vlan30.eap225'
option defaultroute '0'
config interface 'VLAN20'
option proto 'dhcp'
option device 'br-lan.20'
option hostname 'vlan20.eap225'
option defaultroute '0'
config interface 'VLAN50'
option proto 'dhcp'
option device 'br-lan.50'
option hostname 'vlan50.eap225'
option defaultroute '0'
config interface 'VLAN60'
option proto 'dhcp'
option device 'br-lan.60'
option hostname 'vlan60.eap225'
option defaultroute '0'
config bridge-vlan
option device 'br-lan'
option vlan '80'
list ports 'eth0:t'
config interface 'VLAN80'
option proto 'dhcp'
option device 'br-lan.80'
option hostname 'vlan80.eap225'
option defaultroute '0'
root@eap225:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel 'auto'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'VLAN50'
option mode 'ap'
option ssid '5g_1'
option encryption 'psk2'
option key 'redacted'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel 'auto'
option band '2g'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'VLAN30'
option mode 'ap'
option ssid 'foo'
option encryption 'psk2'
option key 'redacted'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'bp'
option encryption 'psk2'
option key 'redacted'
option network 'VLAN20'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'b_5g'
option encryption 'psk2'
option key 'redacted'
option network 'VLAN60'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet4'
option device 'radio0'
option mode 'ap'
option ssid 'guest'
option encryption 'psk2'
option key 'redacted'
option network 'VLAN80'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option isolate '1'
config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'b_2g'
option encryption 'psk2'
option key 'redacted'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'VLAN60'
root@eap225:~# cat /etc/config/dhcp
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@eap225:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
1 Like
ath79 hasn't been transitioned to DSA, so I'd recommend using standard dotted notation instead of bridge-VLANs.
So... remove all of these:
Edit br-lan with eth0.10 like this:
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.10'
option ipv6 '0'
And then edit the lan to use br-lan (and also remove the broadcast line -- this is automatically calculated and unnecessary to specify):
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.110.155'
option netmask '255.255.255.0'
option gateway '192.168.110.1'
list dns '192.168.110.1'
list dns_search 'somedomain.org'
option delegate '0'
Now, you can make new bridges for each additional VLAN:
config device
option name 'br-vlan20'
option type 'bridge'
list ports 'eth0.20'
...
config device
option name 'br-vlan60'
option type 'bridge'
list ports 'eth0.60'
And finally, make each of the interfaces unmanaged using these new bridges:
config interface 'VLAN20'
option proto 'none'
option device 'br-vlan20'
...
config interface 'VLAN60'
option proto 'none'
option device 'br-vlan60'
I recommend removing 802.11r from all your SSID configs, and also from all other APs. Only use it if there is a demonstrated need for it. Some client devices do not work properly when this is enabled. So remove the last 3 lines of this (and the same lines for all the other stanzas, too):
Then reboot and test again.
bchrao
December 2, 2024, 6:14pm
4
Thank you for the response. The configuration you posted did make the eap225 more stable however I still get drops/pauses. Do you have any suggestion where to look for the issue?
Did you disable 802.11r on all of your APs?
You seem to have 5g and 2g radios using different SSIDs. This is not an optimal situation, as it is best for the SSIDs to be the same such that the client devices can select the appropriate band based on the signal quality.
Let's also see the complete updated configuration.
bchrao
December 2, 2024, 8:20pm
6
bchrao:
somedomain.org
Yes, disabled 802.11r
'foo' WLAN is for IoT devices so no need for 5g, b_5g has both devices and the others only need 5g
Should I create the same SSIDs on both radios so OpenWRT functions better?
root@eap225:~# cat 2024-12-02.15:00:56.txt
{
"kernel": "5.15.167",
"hostname": "eap225",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link EAP225 v4",
"board_name": "tplink,eap225-v4",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fcd00",
"target": "ath79/generic",
"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
}
}
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd34:9cd0:8f26::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.10'
option ipv6 '0'
config device
option name 'br-vlan20'
option type 'bridge'
list ports 'eth0.20'
config device
option name 'br-vlan30'
option type 'bridge'
list ports 'eth0.30'
config device
option name 'br-vlan50'
option type 'bridge'
list ports 'eth0.50'
config device
option name 'br-vlan60'
option type 'bridge'
list ports 'eth0.60'
config device
option name 'br-vlan80'
option type 'bridge'
list ports 'eth0.80'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.110.155'
option netmask '255.255.255.0'
option gateway '192.168.110.1'
list dns '192.168.110.1'
list dns_search 'somedomain.org'
option delegate '0'
config interface 'VLAN20'
option proto 'none'
option device 'br-vlan20'
option force_link '1'
config interface 'VLAN30'
option proto 'none'
option device 'br-vlan30'
option force_link '1'
config interface 'VLAN50'
option proto 'none'
option device 'br-vlan50'
option force_link '1'
config interface 'VLAN60'
option proto 'none'
option device 'br-vlan60'
option force_link '1'
config interface 'VLAN80'
option proto 'none'
option device 'br-vlan80'
option force_link '1'
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel 'auto'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'VLAN50'
option mode 'ap'
option ssid '5g_1'
option encryption 'psk2'
option key 'redacted'
option disassoc_low_ack '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel 'auto'
option band '2g'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'VLAN30'
option mode 'ap'
option ssid 'foo'
option encryption 'psk2'
option key 'redacted'
option disassoc_low_ack '0'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'bp'
option encryption 'psk2'
option key 'redacted'
option network 'VLAN20'
option disassoc_low_ack '0'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'b_5g'
option encryption 'psk2'
option key 'redacted'
option network 'VLAN60'
option disassoc_low_ack '0'
config wifi-iface 'wifinet4'
option device 'radio0'
option mode 'ap'
option ssid 'guest'
option encryption 'psk2'
option key 'redacted'
option network 'VLAN80'
option isolate '1'
option disassoc_low_ack '0'
config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'b_5g'
option encryption 'psk2'
option key 'redacted'
option network 'VLAN60'
option disassoc_low_ack '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'