Help w R7800 bridge wifi, lan & wan - ap mode, internet bband rtr is nat & dhcp

I have been reading up but can't quite figure out what I'm doing. LEDE Noob. Any help sincerely appreciated. I'm running hnyman 17.01 r3784.

I would like:

All one network 192.168.0.0/24, R7800 no DHCP server, no NAT.

Broadband internet router is 192.168.0.1 serving DHCP and doing NAT.

R7800 WAN port connected to Broadband router, gets 192.168.0.0/24 address

Wifi 2.4 and 5 separate ESSID, bridged to R7800, 192.168.0.0/24 addresses

Ethernet machines connected to R7800 switch ports getting assigned 192.168.0.0/24 addresses.

CPU (eth0), CPU (eth1), LAN1, LAN2, LAN3, LAN4, WAN

Can I bridge Wifi, WAN and all LAN ports together? Disable DHCP server. Somehow turn off NAT (I'm guessing by bridging interfaces). I do not believe I need VLAN config (pardonmy ignorance). I've been reading about Dump AP mode, etc. I can'tfigure exactly what I need to configure for the R7800.

Look for the "dumb AP guide", it is all explained there.

@eduperez Please link to guides, as there is no Dumb AP guide, and it would be more to the user's benefit to configure it as a smart switch, versus a dump PnP switch.

@dotXboi You can utilize the configs I lay out in this post to configure it as a smart switch

  • I'd recommend utilizing the router for additional tasks other than just a switch, else it's a waste of hardware and processing power.

.
You'll need to make a few tweaks to my /etc/config/dhcp & /etc/config/network in the link above:

  • /etc/config/dhcp
    • Under DHCP Settings, change to:
      config dhcp 'lan'
          option  interface           'lan'
          option  ignore              1
      
  • /etc/config/network
    • Under LAN: Home Network, change to:
      config interface 'lan'
          option  ifname          'eth0.1 eth1.2'
          option  proto           'dhcp'
      

On the Quick Start guide - LEDE Installation there is a section called "LEDE Dumb AP".
And there is also the Dumb AP / Access Point Only recipe at OpenWrt's wiki.

@eduperez thank you I have read both Bridged AP and Dumb AP OpenWRT guides but they are slightly out of date and I am also having trouble translating them to the R7800 specifically.

@JW0914 thank you. Your referred post is very helpful. Smart (managed) switch is what I'll target.

What I want is to have this post layout the exact physical and logical configuration for the R7800 so that it can serve as a reference. I amstill not clear in my head the exact changes I need to make, I will state what I know, I very much appreciate your and anyone's help, TIA:

The R7800 has: https://wikidevi.com/wiki/Netgear_R7800
ETH chip1: Qualcomm Atheros IPQ8065
Switch: Qualcomm Atheros QCA8337
LAN speed: 10/100/1000
LAN ports: 4
WAN speed: 10/100/1000
WAN ports: 1

Switch: (in luci) - are these 0-6 in /etc/config/network "switch" section?
CPU (eth0) = Port 0 = CPU WAN - Upstream HW switch?
CPU (eth1) = Port 1 = CPU LAN - Upstream HW switch?
LAN 1 = Port 2
LAN 2 = Port 3
LAN 3 = Port 4
LAN 4 = Port 5
WAN = Port 6

Default LEDE Switch / VLAN config:
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0'

image

So create an interace lan
What VLAN config do I need?
config switch_vlan
option device 'switch0’
option vlan 1
option ports ‘0t 1t 2 3 4 5 6’

I would really like to accomplish this entire config in luci for ease of future reference.

@JW0914 I am trying to follow your example, but I am a little lost.
configure a logcial interface 'lan'
Should I disable WAN
https://lede-project.org/docs/user-guide/switch_configuration

I understand that the R7800 has a VLAN-capable switch, and that I need at least one VLAN to "reach" the CPU. As it is not a software VLAN, that I do not need to bridge LAN and WAN?

"Newer devices with embedded switches (like Netgear R7800) use the DSA switch driver, that creates a distinct network interface for each switch port as if they didn't have a switch at all."
...
"If needed, you have to use OS-software based VLAN configuration"

Are OS-level VLANS the same as Driver level VLANS? Am I meant to follow instructions from this section: https://lede-project.org/docs/user-guide/switch_configuration#creating_driver-level_vlans

R7800
root@LEDE:~# ls -l /sys/class/net
...
lrwxrwxrwx 1 root root 0 Jan 1 1970 eth0 -> ../../devices/platform/soc/37200000.ethernet/net/eth0
lrwxrwxrwx 1 root root 0 Jan 1 1970 eth1 -> ../../devices/platform/soc/37400000.ethernet/net/eth1

I wasn't aware of that, thanks =]

It would probably be best to not suggest the OpenWrt wiki until someone fixes the code blocks, as whomever edited that wiki included DokuWiki formatting as plain text within the code blocks. Should a new user come across that, they'll have some major issues.

  • I used to edit wikis I came across with bad formatting, however since 95% of users refuse to read or implement DokuWiki plugin formatting into their wikis, I'd be editing almost every OpenWrt or LEDE wiki I come across.

All you need to do is utilize the configs in the post I linked to, replacing the specific parts bulleted in my last post.

This is something that needs to be done via SSH for simplicity's sake as your DNS Masq settings (located in /etc/config/dhcp) will differ greatly from someone using it as a WAN facing router.

Simply copy and paste:

  • After the below changes have been saved, you'll need to issue a two part command since the first will likely kill your SSH session:

    1. /etc/init.d/network restart
    2. cd /etc/init.d ; ./odhcpd restart ; ./dnsmasq restart ; ./firewall restart
  • /etc/config/dhcp

    #
    
        ##::[[---  LEDE LAN DHCP Config  ---]]::##
    
    ####################################################
                 ##----- DNS Server -----##
    ####################################################
    
        # DNS Masq #
    #---------------------------------------------------
    config dnsmasq
        option  domain                  'WRT'
        option  local                   '/lan/'
        option  leasefile               '/tmp/dhcp.leases'
        option  resolvfile              '/tmp/resolv.conf.auto'
        option  localise_queries        1
        option  readethers              1
        option  localservice            1
        option  logquerries             1
        option  domainneeded            1
        option  filterwin2k             0
        option  authoritative           0
        option  rebind_protection       0
        option  sequential_ip           1
        option  nonwildcard             0
    
    ####################################################
               ##----- oDHCPd Server -----##
    ####################################################
    
        # oDHCPd #
    #---------------------------------------------------
    config odhcpd 'odhcpd'
        option  maindhcp            0
        option  leasefile           '/tmp/hosts/odhcpd'
        option  leasetrigger        '/usr/sbin/odhcpd-update'
        option  loglevel            4
    
    ####################################################
               ##----- DHCP Settings -----##
    ####################################################
    
        # LAN #
    #---------------------------------------------------
    config dhcp 'lan'
        option  interface           'lan'
        option  ignore              1
    
  • /etc/config/firewall

    #
    
      ##::[[---  LEDE LAN Firewall Config  ---]]::##
    
    ####################################################
                 ##----- Scripts -----##
    ####################################################
    
    config include
        option  path            '/etc/firewall.user'
    
    ####################################################
              ##----- Default Zone -----##
    ####################################################
    
    config defaults
        option  input                 'ACCEPT'
        option  output                'ACCEPT'
        option  forward               'ACCEPT'
        option  custom_chains         1
        option  drop_invalid          0
        option  synflood_protect      0
        option  tcp_syncookies        1
    
    ####################################################
                 ##----- Zones -----##
    ####################################################
    
        # LAN #
    #---------------------------------------------------
    config zone
        option  name            'lan'
        option  network         'lan'
        option  input           'ACCEPT'
        option  output          'ACCEPT'
        option  forward         'ACCEPT'
    
  • /etc/config/network

    #
    
      ##::[[---  LEDE LAN Network Config  ---]]::##
    
    ####################################################
                   ##----- Global -----##
    ####################################################
    
        # Globals #
    #---------------------------------------------------
    config globals 'globals'
        option  ula_prefix     'fde1:a11b:b64f::/48'
    
    ####################################################
            ##----- Active Networks w/ LAN-----##
    ####################################################
    
        # Loopback #
    #---------------------------------------------------
    config interface 'loopback'
        option  ifname          'lo'
        option  proto           'static'
        option  ipaddr          127.0.0.1
        option  netmask         255.0.0.0
    
        # LAN #
    #---------------------------------------------------
    config interface 'lan'
        option  ifname          'eth0.1 eth1.2'
        option  _orig_ifname    'eth0.1'
        option  type            'bridge'
        option  _orig_bridge    'true'
        option  proto           'dhcp'
    
    ####################################################
              ##----- Virtual Switches -----##
    ####################################################
    
        # vSwitches #
    #---------------------------------------------------
    
      # Switch 0:
    config switch
        option  name            'switch0'
        option  reset           1
        option  enable_vlan     1
    
        # vLANs #
    #---------------------------------------------------
    
      # 1: LAN
    config switch_vlan
        option  device          'switch0'
        option  vlan            1
        option  ports           '0 1 2 3 4 5t 6t'
    

.

I recommend saving all your WAN configs to either external storage, or /etc/config/WAN/

  • Files specific for WAN:
    • ddns
    • dhcp
    • firewall
    • network
    • qos
    • sqm

Thank you @JW0914 I will give that a try a little later today!!

I have the R7800 all setup. I discovered that my cable modem can operate in bridge mode, so i am using that, and the R7800 is in router mode, single NAT. This also resulted in a 10% internet speed boost over the dodgey cable modem/router. i didn't modify the VLAN configuration and the defaults are all working wonderfully. I renumbered my LAN to 192.168.1.X/24 to fit the defaults.

I have all the amazing features of LEDE (luci, cmdline), firewall, DHCP server, Dynamic DNS (no-ip), port forwarding, zones, etc.

My advice to others is to try and put your current internet router into bridge mode and use your LEDE router for everything. I'm getting amazing performance, test maxed at 62MB/sec to local LAN from 5GHZ

Happy to share more of my experience if I can help.

Thanks LEDE community and @hnyman !

This is how one should always configure their network if they receive a router from their ISP, as it prevents the ISP from remotely accessing your LAN.

Also, @dotXboi, you should be getting a far higher throughput than 62MB/s ( 496mbit/s) for LAN to LAN 5.7GHz traffic. That speed should be ~700mbit/s - ~867mbit/s

True @JW0914 I didn't think of that security aspect of the dumbing down the ISP router. Good point.

My test was copy large file (SMB share) from main PC SSD to laptop SSD (7265 Intel card I believe). AFAIK 62 Megabytes (MB/sec) is ~ 620 Megabits (Mb/sec).

I will setup iperf and get some more accurate figures.

I transposed the formula, which has been updated in my prior post:

  • 1 mbit = 0.125 MByte
  • 1 MByte = 8 mbit

.
496mbit/s for LAN traffic is far too low for a 5.7GHz network... you channel should not be set to auto, but be in the upper 150s (unless your country of residence blocks those channels, in which case the channel should be as high as possible)

  • Check the speed the router is stating the device is transferring at on the Network - Wireless LuCI page
  • To provide some context, 2.4GHz N speed is 450mbit/s

root@R7800:/etc/config# iperf3 -c 192.168.1.23
Connecting to host 192.168.1.23, port 5201
[ 4] local 192.168.1.1 port 38318 connected to 192.168.1.23 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 34.6 MBytes 290 Mbits/sec 0 221 KBytes
[ 4] 1.00-2.00 sec 34.2 MBytes 287 Mbits/sec 0 221 KBytes
[ 4] 2.00-3.00 sec 34.0 MBytes 285 Mbits/sec 0 221 KBytes
[ 4] 3.00-4.00 sec 34.6 MBytes 290 Mbits/sec 0 221 KBytes
[ 4] 4.00-5.00 sec 36.7 MBytes 308 Mbits/sec 0 221 KBytes
[ 4] 5.00-6.00 sec 33.7 MBytes 283 Mbits/sec 0 221 KBytes
[ 4] 6.00-7.00 sec 35.7 MBytes 300 Mbits/sec 0 221 KBytes
[ 4] 7.00-8.00 sec 33.1 MBytes 278 Mbits/sec 0 221 KBytes
[ 4] 8.00-9.00 sec 35.7 MBytes 300 Mbits/sec 0 221 KBytes
[ 4] 9.00-10.00 sec 34.3 MBytes 287 Mbits/sec 0 221 KBytes


[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 347 MBytes 291 Mbits/sec 0 sender
[ 4] 0.00-10.00 sec 346 MBytes 290 Mbits/sec receiver

iperf Done.
root@R7800:/etc/config# iperf3 -c 192.168.1.29
Connecting to host 192.168.1.29, port 5201
[ 4] local 192.168.1.1 port 40188 connected to 192.168.1.29 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.01 sec 35.5 MBytes 295 Mbits/sec 0 963 KBytes
[ 4] 1.01-2.00 sec 54.4 MBytes 461 Mbits/sec 0 1.16 MBytes
[ 4] 2.00-3.00 sec 50.6 MBytes 424 Mbits/sec 0 1.16 MBytes
[ 4] 3.00-4.00 sec 52.5 MBytes 441 Mbits/sec 0 1.23 MBytes
[ 4] 4.00-5.01 sec 48.7 MBytes 404 Mbits/sec 0 1.30 MBytes
[ 4] 5.01-6.00 sec 53.7 MBytes 454 Mbits/sec 0 1.39 MBytes
[ 4] 6.00-7.00 sec 51.1 MBytes 428 Mbits/sec 41 993 KBytes
[ 4] 7.00-8.00 sec 53.7 MBytes 452 Mbits/sec 0 1.05 MBytes
[ 4] 8.00-9.00 sec 50.8 MBytes 425 Mbits/sec 0 1.05 MBytes
[ 4] 9.00-10.00 sec 54.3 MBytes 457 Mbits/sec 0 1.19 MBytes


[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 505 MBytes 424 Mbits/sec 41 sender
[ 4] 0.00-10.00 sec 502 MBytes 421 Mbits/sec receiver

iperf Done.

config

config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
option country 'AU'
option channel '157'

config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option key 'XXXXXXXXXXX'
option wps_pushbutton '0'
option ssid 'XXXXXXXXXXX'

config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option htmode 'HT20'
option country 'AU'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'XXXXXXXXXXX'
option key 'XXXXXXXXXXX'
option wps_pushbutton '0'
option encryption 'psk-mixed'

Thanks @JW0914 I am at a lost as to why it is so slow.

Model Netgear Nighthawk X4S R7800
Firmware Version LEDE Reboot 17.01-SNAPSHOT r3784-ebb54740c7 / LuCI lede-17.01 branch (git-17.336.23170-d2dc32a)
Kernel Version 4.4.103

I apologize, as I should have read some of the professional reviews of the R7800 prior to my previous comment. It appears the R7800 is known to get sub-par speeds, as even in PCMag's close-proximity test, it only reached 491mbit/s.

You can try buying higher gain antennas, and if you choose to do so, I would recommend trying Linksys' WRT004ANT, as they should be the same high quality antennas used on the WRT AC Series (slightly different design aesthetic, but you'll know for sure when you hold them as they should be quite heavy).

  • I'd also recommend opening up LuCI to Network > Wireless, then with your laptop/phone next to you, adjust the antennas until you see dB levels in the -40 to -65 range

  • Just an FYI, all external antennas are not the same as antennas are made to broadcast more on one axis than another (i.e. some will radiate more horizontally, while others more vertically, others a cross between the two)

.
Also, I know you made a mistake by accidentally posting your WiFi passwords in your deleted reply, and because it takes 24hrs for a deleted post to be taken down, please change your WiFi password.

  • Just an FYI: Passwords should be complex, and should contain at least:
    • 20 characters
      • 2 Uppercase letters
      • 2 Lowercase letters
      • 2 Numbers
      • 2 Symbols

will do thanks @JW0914