Judge my Network

Hey y'all,

Spent the better part of 2-3 months trying to configure my home network. I had the pleasure of discovering that my apartment was fully wired for cat5e!

Well, turns out the tard who did it didn't wire the ends correctly so i'm only getting T100 base. I'll fix that in the distant future since the only thing connected over the slower lines is a network printer and a wifi access point in a guest room that is basely used.

I fixed one of the heads so now two of my wifi APs get full T1000 speed. All network components have fixed IPs in the 192.168.1.1-10 range. DHCP pool begins at like .100-199

I love love love the Edgerouter X as a router and QOS device. I tried desperately to get EdgeOS to work, but I gave up and went OpenWRT. Since i'm running OpenWRT on my router and AP access points, I turned on HWNAT on all of the devices.

DNS is also configured for cloudflare's ipv4 and 6 address. I get ipv6 address to all of my devices too. I've configured all of my wifi access points (archer c7 v2) to be on the same NAS id for 802.11r.

Yet, I get the feeling that there's something else I can do to etch out more performance (much to my wife's chagrin).

Suggestion? :stuck_out_tongue:

Looks fine to me. Archers are all dumbAPs, right?

1 Like

@trendy , yup. The Edgerouter X manages addressing.

Here's a question for you, I sometimes get DNS resolving errors on my mac that resolve when I dump the resolver cache. The PCs in the house don't seem to suffer this.

Is there a way to fix this?

From your diagram, only the EdgeRouter X (MediaTek SoC) is supported with OpenWrt hardware flow offload.
and
Enabling the hardware flow offload will negate QoS on the EdgeRouter X.

1 Like

Only the main router should be doing NAT...

Enable DNS logging on the Edge to show what is the issue.

Thanks, turned that off.
and @trendy like a fool, I set the DNS up incorrectly. Fixed it when I put the addresses under the wan and wan6 interface profiles.

You can paste here a few basic configuration files to have a quick look:

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Assuming you have only one CAT 5 port to Living Room then depending on whether you prefer / need gigabit you could use a 2+2 passive adapter (just splits 4 pairs to two 2 pairs) to get the VOIP and that C7 directly connected to Edge Router at 100Mb which might just improve VOIP performance. If you have two wall ports then I'd do it direct of course :).

No don't do that. Connecting gigabit devices with two pair cable does not meet any specification, and in some cases will fail to link up at all. The C7 has a hardware GbE switch which operates at full line speed. So no problem to switch to additional devices from one wall port.

If you do want two networks in the room you can use VLANs.

3 Likes

I agree it may be unnecessary, but colleagues have had odd effects for VOIP connected to downstream access points so thought it might help if OP has any excess jitter, etc.

I'm not sure 2 pair (rather than 4) is in spec for any speed - gigabit or not. Will gigabit ports disable themselves rather than fall back to 100Mb/s?

Yes, fast ethernet only requires 2 pairs... And typically ethernet interfaces on routers will fall back to 100 Mbps fast ethernet if connected with a 2 pair cable (I remember going on a wild goose chase once why a link got stuck on 100 Mbps even though the devices at both ends were capable of 1000 Mbps, believing a software issue, when all I did was accidentally exchanging a 4 pair cable with a two pair cable).

In my case both ends happily fell back to 100Mbps and operated reliable albeit at 1/10 of the speed I expected... I am willing to bet that there are some devices out there that will fail in that condition, but I believe most devices will just do the right thing nowadays.

1 Like

So to really explain, I discovered that the guy who wired the house has the wall outlets set up correctly.
But when he wired the ethernet jacks in the wire closet, he missed a few wires.

I ended up replacing a couple of the jacks in the closet for a different reason. Much to my surprise, I noticed that the speed went up to gigabit instead of t100 base.

I'd go and replace all of them, but doing so in the wire closet is a damn nightmare because of how tight it is. So far, the wires that matter have been fixed.

Here's the code of my config:

> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* 
/tmp/resolv.* /tmp/resolv.*/*
{
	"kernel": "4.14.209",
	"hostname": "Router",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "UBNT-ERX",
	"board_name": "ubnt-erx",
	"release": {
		"distribution": "OpenWrt",
		"version": "19.07.5",
		"revision": "r11257-5090152ae3",
		"target": "ramips/mt7621",
		"description": "OpenWrt 19.07.5 r11257-5090152ae3"
	}
}
package network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdca:6362:4677::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr 'XX:XX:XX:XX:XX'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'
	list dns '1.1.1.1'
	list dns '1.0.0.1'
	option peerdns '0'
	option broadcast '1'

config device 'wan_eth0_2_dev'
	option name 'eth0.2'
	option macaddr 'XX:XX:XX:XX

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'
	list dns '2606:4700:4700::1111'
	list dns '2606:4700:4700::1001'
	option reqprefix 'auto'
	option reqaddress 'try'
	option peerdns '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'

uci: Entry not found
package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option flow_offloading '1'
	option flow_offloading_hw '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx    1 root     root            16 Dec  6 07:31 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            32 Jan 21 20:59 /tmp/resolv.conf
-rw-r--r--    1 root     root           135 Jan 21 21:02 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 1.1.1.1
nameserver 1.0.0.1
# Interface wan6
nameserver 2606:4700:4700::1111
nameserver 2606:4700:4700::1001
head: /tmp/resolv.*/*: No such file or directory

Thanks for the advice guys!

2 Likes