Mismatched APs to use with 802.11s mesh via VLAN backbone

Hi. Here's my very badly drawn network diagram;

(i know some lan devices are not going to internet through wrt#1, trust me it's intentional to skip some sqm limiting etc. essentially openwrt's lan is only for wifi. also both the 8 port cisco switch and the 4 port openwrt #2 device is all full, no empty ports, and they are physically not close to each other at all)

and i wanna do this;

Changes I need to do to achieve that is:

  • Create VLAN on the first device and connect it to br-lan
  • Create it on the second device and create a new adapter. (the second device will still be connected to 192.168.1.1/24 network)
  • Set up the APs with matching config

im stuck at step 1 because the device #1, Zyxel WSM20, uses DSA, which compared to the older way of creating VLANs via switch menu, I am somehow failing at comprehending how it should work. On the older system it should've been like this:

all lan ports: untagged for lan vlan
wan port: untagged for wan wlan, tagged for lan vlan.

I think the primary problem is that I am trying to use WAN port for both untagged and tagged traffic maybe (not sure, but untagged to access to the vdsl router and tagged to get back to the device #2, also keep it in mind that we have a managed cisco switch in between so we can easily tag/untag both traffic either way). I will try more on this and get back.

And yes, I've read through the wiki. I could've edited it into a better version only if I could understood it myself.

My actual question is: What is the best method to use for roaming when dealing with mismatched APs? Will 802.11s work good enough or 802.11r still has some life in it? Also I think 802.11r is incompatible with wpa3 but not sure? Or should I simply buy another zyxel device?

so yeah im open to suggestions, as long as they dont involve me changing the physical wiring because thats a bit too hard for me rn

thx

If you switch DSL to passthrough mode then OpenWRT can do main/admin/guest network partitioning. You lose DSL gateway wifi, but get a lot more control.

I dont use dsl router's wifi at all, it sits disabled to be enabled in case Openwrt fails due to misconfiguration, but I have an IPTV service so I can't use passthrough because that disables IPTV service too for some reason. That is probably configurable via OpenWRT in some way (I'm guessing specifically via VLAN 55), but I don't want to go there, since I'm already behind CGNAT, abolishing one NAT or not does not really matter. I'm essentially planning to do the network partitioning via the cisco switch(with main dsl modem and stb box in a vlan of their own, and openwrt modem joining this 192.168.1.1 network via vlan), with the main openwrt device being the main gateway for the other VLANs.

You have to dump traffic on cheap aas switch mirroring ports to undesrtand multicast or what is used for streaming.

hi. I am not planinng interfere with what's going on between the isp's gateway and iptv box. but to answer your question, it uses a separate VCI on the VDSL interface to connect to the services via a separate internal network, and uses UDP multicast to deliver a 1080i50 6mbps(or higher) stream.

So basically, it turns out DSA is just as simple. Adding a VLAN device on Interfaces > Devices did the trick. Separated IoT, CCTV, guest, and regular LAN onto its VLANs and disabled untagged traffic on all ports on the cisco switch (except the three ports where the openwrt ap, stb box and the main router is connecting) after putting the poe cameras onto their vlan and pulling the empty ports onto administratively down.

Now we have the LAN part figured out. I searched a bit more on what to use for WLAN as well and I am either going to just run two APs and leave the roaming onto clients, or 802.11s.. or batman-adv but not sure about that one.

802.11r isnt an option because the AP menu on zyxel wsm20 does not have it, and also i'd like to use wpa3, which is inherently incompatible with wpa3 as far as I understand. i tried installing the full package instead of -basic. will try -mesh too maybe that'll do the trick.

Clearly, what you want is roaming.

Roaming is NOT the same thing as a mesh.

Obviously not the correct wiki...

Give this one a quick scan.
https://openwrt.org/docs/guide-user/network/wifi/mesh/802-11s#are_you_sure_you_want_a_mesh

Your misunderstanding is not your fault, it is the fault of manufacturers who incorrectly use keywords as a marketing ploy..... The average consumer will not know this of course.

I hope this helps!

There are many threads on this forum with regard to roaming and you will see that 802.11r is not usually needed, instead all that may be required is a little careful tuning.

1 Like

Hi, thank you for great response.

For the wiki part, I meant this page for VLANs: https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial . I figured that part out for now and might actually contribute back to wiki later when I am confident in my understanding(already have an account there).

For the mesh part, my understanding was -and still sort of is- that mesh is a wireless backbone system for APs, bashed together with some roaming magic. Well, that roaming magic is not due to 802.11s it seems to me now, but due to vendors doing their magic. Well if I was going to go for the almost proprietary looking but not actually proprietary easymesh bullshit I'd simply use the stock firmware anyway.

So yes, you are correct to say that 802.11r is the solution to my roaming problem, even if that's even needed. Currently running the two stations as standalone APs with exactly the same /etc/config/wireless config with exactly the same flavor of wpad installed, and currently it's all fine, only sometimes some dumb xiaomi phones don't switch over unless it really drops out but other than that it's fine.

Not using 802.11r currently since I doubt it will bring any significant improvement at this moment, not that I can either because one of the APs (for some reason) does not have 802.11r under the settings. Nevermind, now it's there idk why... Anyway, will enable it shortly to see if it feels any different.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.