Should I name the SSID the same name for the 5ghz and 2.4ghz radios, or keep the names separate?
Does anyone know the pros and cons? I have a google home, with smart lights, chromecast, etc, and I want those devices to automatically be able to talk to one another.
I too never found anything concrete to explain this either. I’ve run previously with separate ssid and now with them the same. Only difference seems to be you only need to enter the password once from client devices. I could never find a way to reliably test client devices switching from one radio to the other. But from what I found last year it’s highly dependent on the client devices on when and at what thresholds they will switch to the other radio. I never found any official standard on it either - it seemed to be one of these pseudo standards that all manufacturers have kind of added support for.. although there are enterprise level standards for roaming between ap devices fwiw
It's basically a matter of personal preference, but…
If you use the same ESSID/ PSK on both bands, the clients may make smarter decisions for roaming between them - and you can further help the clients (only rather new/ highend ones though) by optimizing this further via IEEE 802.11k/v/r.
If you use different access credentials per band, it's easier for you to distinguish between them and to force your clients to your preferred band, neutering any automated (advanced) roaming decisions your clients may (or may not) be able to do.
Hostapd can do some band-steering on the AP side by denying authentication to 2.4G if clients have been recently associated to 5G, but it requires that the two interfaces be run on one instance/service of hostapd.
The framework for netifd/hostapd/mac80211 is already there: http://lists.infradead.org/pipermail/openwrt-devel/2019-November/019978.html
Guess we'll just have to wait when they flip the switch to a single instance.
Ah, so OpenWrt doesn't do band-steering right now? Is it just a random assignment? or is it just whatever the client chooses?
So right now, hostapd can only run as two instances, one per interface?
Yes, to both of your remarks.
Well, the assignment isn't random, OpenWrt offers both equally - leaving the decision which band to use to the client.
The modern clients are pretty smart about choosing a proper band and I found wifi more reliable, because a laptop is always connected to a good signal. This also means that it might delay a fallback to a strong 5GHz if it is already connected to strong 2GHz. But if 5GHz is deteriorating, then a switch over to 2GHz is pretty fast.
I think I noticed that mobile devices switch over to 2GHz when sleeping (to preserve battery?) and then to 5GHz when they wake up. I now use the same name for both bands, because it works well.
You can configure two BSSIDs in each band: one with the same name, for clients that can choose by themselves, and another one with different names, for clients that must be tied to an specific band.
Hello, I have the same question from this thread from roughly 4 and a half years ago. The moderator in this thread says its largely up to user preference, but I am currently doing some testing with my Netgear Nighthawk XR500 to fix an issue I was having in this thread and found that disabling the 5Ghz guest network band has fixed the issue of not being able to connect to that specific SSID. Is there a reason that this made a change or is this a complete fluke result that is correlation over causation?
Thanks in advance and sorry for this being somewhat of a repost.
Apple mandates same AP in all bands for optimal roaming/steering.
So then the answer to the question in my post was that) No, having the bands as the same name is not the issue and there is another issue that is causing the problems I am seeing? I don't know how the internals of OpenWrt work, nor have the knowledge to check the source code myself and I am getting desperate trying to figure out what is causing devices on my network to drop. I am not trying to nag but I really am pulling my hair out having to play with my router for 6+ hours a day trying to get it to work.
Without looking at your configuration it can be quite hard to suggest a solution.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall
I apologize in advance for it being a bit messy, it's hard to keep up with a lot of the troubleshooting I have done so far with the other thread I have made as well as reading the threads of other people.
{
"kernel": "5.15.150",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear Nighthawk XR500",
"board_name": "netgear,xr500",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "ipq806x/generic",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1c:9dfc:85e4::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '192.168.1.80'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option peerdns '0'
option norelease '1'
list dns '192.168.1.80'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '192.168.1.80'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '6t 4 3 1'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option vid '2'
config interface 'GuestDHCP'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
list dns '192.168.1.80'
option dns_metric '1'
list ip6addr 'fdba:86d5:d509::/48'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '6t 2'
option vid '3'
config interface 'IoT'
option proto 'static'
option ipaddr '192.168.7.1'
option netmask '255.255.255.0'
list dns '9.9.9.9'
config interface 'GuestLAN'
option proto 'static'
option device 'eth1.3'
option ipaddr '192.168.6.1'
option netmask '255.255.255.0'
list dns '192.168.1.80'
config interface 'VPNWG'
option proto 'wireguard'
option private_key 'Removed'
list addresses 'Removed'
list addresses 'Removed'
config wireguard_VPNWG 'wgserver'
option public_key 'Removed'
option endpoint_host 'Removed'
option endpoint_port '51820'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
config interface 'VPNDHCP'
option proto 'static'
list ipaddr '192.168.3.1/24'
list dns '192.168.1.80'
config interface 'RouterWG'
option proto 'wireguard'
option private_key 'Removed'
option listen_port '58120'
list addresses '10.14.0.1/24'
list dns '192.168.1.80'
config wireguard_RouterWG
option description 'Test'
option public_key 'Removed'
option private_key 'Removed'
option preshared_key 'Removed'
list allowed_ips '10.14.0.12/32'
option route_allowed_ips '1'
config wireguard_RouterWG
option public_key 'Removed'
option private_key 'Removed'
option preshared_key 'Removed'
list allowed_ips '10.14.0.13/32'
option route_allowed_ips '1'
config wireguard_RouterWG
option description 'Framework'
option public_key 'Removed'
option private_key 'Removed'
option preshared_key 'Removed'
option route_allowed_ips '1'
list allowed_ips '10.14.0.3/32'
list allowed_ips '10.14.0.14/32'
config interface 'GVPNDHCP'
option proto 'static'
list ipaddr '192.168.5.1/24'
list dns '192.168.1.80'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel 'auto'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
option country 'US'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Data 5'
option encryption 'sae-mixed'
option key 'Removed'
option disassoc_low_ack '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option channel 'auto'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option country 'US'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'Data'
option encryption 'sae-mixed'
option key 'Removed'
option disassoc_low_ack '0'
option wpa_group_rekey '3'
option max_inactivity '86400'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'Data V5'
option encryption 'sae-mixed'
option key 'Removed'
option network 'VPNDHCP'
option wpa_disable_eapol_key_retries '1'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'Data V'
option encryption 'sae-mixed'
option key 'Removed'
option disassoc_low_ack '0'
option network 'VPNDHCP'
option max_inactivity '86400'
option dtim_period '3'
config wifi-iface 'wifinet4'
option device 'radio0'
option mode 'ap'
option ssid 'Data G5'
option encryption 'sae-mixed'
option wmm '0'
option isolate '1'
option key 'Removed'
option network 'GuestDHCP'
option disassoc_low_ack '0'
option dtim_period '3'
option max_inactivity '86400'
option disabled '1'
config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'Data G'
option encryption 'sae-mixed'
option isolate '1'
option key 'Removed'
option network 'GuestDHCP'
option disassoc_low_ack '0'
option dtim_period '3'
option max_inactivity '86400'
config wifi-iface 'wifinet6'
option device 'radio0'
option mode 'ap'
option ssid 'Data GV5'
option encryption 'sae-mixed'
option isolate '1'
option key 'Removed'
option disassoc_low_ack '0'
option dtim_period '3'
option max_inactivity '86400'
option disabled '1'
option network 'GVPNDHCP'
config wifi-iface 'wifinet7'
option device 'radio1'
option mode 'ap'
option ssid 'Data GV'
option encryption 'sae-mixed'
option isolate '1'
option key 'Removed'
option disassoc_low_ack '0'
option dtim_period '3'
option max_inactivity '86400'
option network 'GVPNDHCP'
config wifi-iface 'wifinet8'
option device 'radio1'
option mode 'ap'
option ssid 'Data IoT'
option encryption 'sae-mixed'
option key 'Removed'
option network 'IoT'
option disassoc_low_ack '0'
option dtim_period '3'
option max_inactivity '86400'
option wpa_disable_eapol_key_retries '1'
option isolate '1'
config wifi-iface 'wifinet9'
option device 'radio0'
option mode 'ap'
option ssid 'Data IoT'
option encryption 'sae-mixed'
option hidden '1'
option key 'Removed'
option wpa_disable_eapol_key_retries '1'
option network 'IoT'
option disabled '1'
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '10000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option nonwildcard '0'
option dnsforwardmax '300'
option dhcpleasemax '200'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,192.168.1.80'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'GuestDHCP'
option interface 'GuestDHCP'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
config domain
option name 'mydomain.tld'
option ip '192.168.1.80'
config domain
option name 'email.mydomain.tld'
option ip '192.168.1.80'
config domain
option name 'www.mydomain.tld'
option ip '192.168.1.80'
config dhcp 'IoT'
option interface 'IoT'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
list dhcp_option '6,9.9.9.9'
config srvhost
option srv '_submission._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '587'
option class '0'
option weight '1'
config srvhost
option srv '_smtps._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '465'
option class '0'
option weight '1'
config srvhost
option srv '_sieve._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '4190'
option class '0'
option weight '1'
config srvhost
option srv '_pop3s._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '995'
option class '0'
option weight '1'
config srvhost
option srv '_pop3._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '110'
option class '0'
option weight '1'
config srvhost
option srv '_imaps._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '993'
option class '0'
option weight '1'
config srvhost
option srv '_imap._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '143'
option class '0'
option weight '1'
config srvhost
option srv '_carddavs._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '443'
option class '0'
option weight '1'
config srvhost
option srv '_caldavs._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '443'
option class '0'
option weight '1'
config srvhost
option srv '_autodiscover._tcp.email.mydomain.tld'
option target 'email.mydomain.tld'
option port '443'
option class '0'
option weight '1'
config host
option name 'CableBox3'
option ip '192.168.1.xxx'
option mac 'removed'
config host
option ip '192.168.6.xxx'
option mac 'removed'
config dhcp 'GuestLAN'
option interface 'GuestLAN'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
config domain
option name 'printer.local'
option ip '192.168.7.xxx'
config dhcp 'VPNDHCP'
option interface 'VPNDHCP'
option start '100'
option limit '150'
option leasetime '12h'
option force '1'
config domain
option name 'dns.mydomain.tld'
option ip '192.168.1.80'
config domain
option name 'usersroku.local'
option ip '192.168.4.xxx'
config host
option ip '192.168.1.xxx'
option mac 'Removed'
config host
option name 'Removed'
option ip '192.168.6.xxx'
option mac 'Removed'
config host
option ip '192.168.6.xxx'
option mac 'Removed'
config dhcp 'GVPNDHCP'
option interface 'GVPNDHCP'
option start '100'
option limit '150'
option leasetime '12h'
config host
option name 'CableBox2'
option ip '192.168.1.xxx'
option mac 'Removed'
config host
option name 'CableBox'
option ip '192.168.1.xxx'
option mac 'Removed'
package firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'RouterWG'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'VPNWG'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'User2sRouter'
option src '*'
option dest '*'
option target 'REJECT'
list proto 'all'
list src_ip '192.168.6.211'
list src_ip '192.168.6.209'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
config zone
option name 'VPNDHCP'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'VPNDHCP'
config forwarding
option src 'VPNDHCP'
option dest 'wan'
config rule
option name 'VPNDHCP'
option src 'VPNDHCP'
option dest_port '67'
option target 'ACCEPT'
list proto 'udp'
config rule
option name 'VPNDNS'
option src 'VPNDHCP'
option dest_port '53'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
config zone
option name 'GuestDHCP'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GuestDHCP'
config forwarding
option src 'GuestDHCP'
option dest 'wan'
config rule
option name 'GuestDHCP'
list proto 'udp'
option src 'GuestDHCP'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'GuestDNS'
option src 'GuestDHCP'
option dest_port '53'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTP'
list proto 'tcp'
option src 'wan'
option src_dport '80'
option dest_ip '192.168.1.80'
option dest_port '80'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTPS'
option src 'wan'
option src_dport '443'
option dest_ip '192.168.1.80'
option dest_port '443'
list proto 'tcp'
config rule
option name 'VPNTCP'
option src 'VPNDHCP'
option dest 'lan'
list dest_ip '192.168.1.80'
option dest_port '53 80 443'
option target 'ACCEPT'
list proto 'tcp'
config zone
option name 'GuestVPN'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GVPNDHCP'
config forwarding
option src 'GuestVPN'
option dest 'wan'
config rule
option name 'GVPNDNS'
option src 'GuestVPN'
option dest_port '53'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
config rule
option name 'GVPNDHCP'
option src 'GuestVPN'
option dest_port '67'
option target 'ACCEPT'
config zone
option name 'GuestLAN'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GuestLAN'
config forwarding
option src 'GuestLAN'
option dest 'wan'
config rule
option name 'GuestLanDNS'
option src 'GuestLAN'
option dest_port '53'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
config rule
option name 'GuestLanDHCP'
option src 'GuestLAN'
option target 'ACCEPT'
option dest_port '67'
config rule
option name 'GuestTCP'
list proto 'tcp'
option src 'GuestDHCP'
option dest '*'
list dest_ip '192.168.1.80'
option dest_port '53 80 443 25 465 587 143 993 110 995 4190 3478 5349 8448 25565 21114-21119'
option target 'ACCEPT'
config rule
option name 'GVPNTCP'
list proto 'tcp'
option src 'GuestVPN'
option dest 'lan'
list dest_ip '192.168.1.80'
option dest_port '53 80 443 25 465 587 143 993 110 995 4190 3478 5349 8448 25565 21114-21119'
option target 'ACCEPT'
config rule
option name 'GuestLanTCP'
list proto 'tcp'
option src 'GuestLAN'
option dest 'lan'
list dest_ip '192.168.1.80'
option dest_port '53 80 443 25 465 587 143 993 110 995 4190 3478 5349 8448 25565 21114-21119'
option target 'ACCEPT'
config rule
option name 'VPNUDP'
list proto 'udp'
option src 'VPNDHCP'
list dest_ip '192.168.1.80'
option dest_port '3478 5349 49152-49172 24454 19132 51820 53 21116'
option target 'ACCEPT'
option dest 'lan'
config rule
option name 'GuestUDP'
list proto 'udp'
option src 'GuestDHCP'
option dest 'lan'
list dest_ip '192.168.1.80'
option dest_port '3478 5349 49152-49172 24454 19132 51820 53 21116'
option target 'ACCEPT'
config rule
option name 'GuestLanUDP'
list proto 'udp'
option src 'GuestLAN'
option dest 'lan'
list dest_ip '192.168.1.80'
option dest_port '3478 5349 49152-49172 24454 19132 51820 53 21116'
option target 'ACCEPT'
config rule
option name 'GVPNUDP'
list proto 'udp'
option src 'GuestVPN'
option dest 'lan'
list dest_ip '192.168.1.80'
option dest_port '3478 5349 49152-49172 24454 19132 51820 53 21116'
option target 'ACCEPT'
config rule
option name 'LAN->Guest'
list proto 'tcp'
option src 'lan'
option dest 'GuestDHCP'
option target 'ACCEPT'
config rule
option src 'lan'
option dest 'GuestLAN'
option target 'ACCEPT'
option name 'LAN->GuestLan'
config rule
option name 'LAN->GuestVPN'
option src 'lan'
option dest 'GuestVPN'
option target 'ACCEPT'
config rule
option name 'LAN->VPN'
option src 'lan'
option dest 'VPNDHCP'
option target 'ACCEPT'
config rule
option name 'VPN->LAN'
option src 'VPNDHCP'
option dest 'lan'
option target 'ACCEPT'
list proto 'all'
config rule
option name 'VPN->Guest'
option src 'VPNDHCP'
option dest 'GuestDHCP'
option target 'ACCEPT'
config rule
option name 'VPN->GuestLan'
option src 'VPNDHCP'
option dest 'GuestLAN'
option target 'ACCEPT'
config rule
option name 'VPN->GuestVPN'
option src 'VPNDHCP'
option dest 'GuestVPN'
option target 'ACCEPT'
config zone
option name 'IoT'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'IoT'
config forwarding
option src 'IoT'
option dest 'wan'
config rule
option name 'IoTDHCP'
option src 'IoT'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'IoTDNS'
option src 'IoT'
option dest_port '53'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
config rule
option name 'LAN->IoT'
option src 'lan'
option dest 'IoT'
option target 'ACCEPT'
list proto 'all'
config rule
option name 'VPN->IoT'
option src 'VPNDHCP'
option dest 'IoT'
option target 'ACCEPT'
list proto 'all'
config rule
option name 'Temp'
option src 'IoT'
list src_ip '192.168.7.241'
option dest 'wan'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Smartplug'
list proto 'all'
option src 'IoT'
list src_ip '192.168.7.202'
option dest 'wan'
option target 'ACCEPT'
config rule
option name 'IoTDenyWAN'
option src 'IoT'
option dest 'wan'
option target 'REJECT'
config rule
option name 'DenyLanGuestVPN'
option src 'GuestVPN'
option dest 'lan'
option target 'REJECT'
config rule
option name 'DenyLanGuest'
option src 'GuestDHCP'
option dest 'lan'
option target 'REJECT'
config rule
option name 'DenyLanGuestLan'
option src 'GuestLAN'
option dest 'lan'
option target 'REJECT'
config rule
option name 'Printer->Guest'
option src 'GuestDHCP'
option dest 'IoT'
option target 'ACCEPT'
list proto 'all'
list dest_ip '192.168.7.148'
config rule
option name 'mDNS'
list proto 'udp'
option src '*'
option src_port '5353'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
config rule
option name 'mDNSv6'
option src '*'
option src_port '5353'
list dest_ip 'ff02::fb'
option dest_port '5353'
option target 'ACCEPT'
config rule
option name 'IoTDenyLan'
list proto 'all'
option src 'IoT'
option dest 'lan'
option target 'REJECT'
config rule
option src 'lan'
list src_ip '192.168.1.80'
option dest 'wan'
option target 'ACCEPT'
option name 'DNS'
option dest_port '53'
config rule
option name 'AllowDNS'
option src '*'
option dest 'lan'
option dest_port '53'
option target 'ACCEPT'
list dest_ip '192.168.1.80'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'DNS'
option src 'wan'
option src_dport '853'
option dest_ip '192.168.1.80'
option dest_port '853'
config redirect
option target 'DNAT'
option name 'InterceptDNSLAN'
option src 'lan'
option src_dport '53'
option dest 'lan'
option dest_ip '192.168.1.80'
option enabled '0'
config rule
option name 'VPN Router Config'
list proto 'tcp'
option src 'VPNDHCP'
option src_port '443'
option dest 'lan'
list dest_ip '192.168.1.1'
option dest_port '443'
option target 'ACCEPT'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '58120'
option proto 'udp'
option target 'ACCEPT'
config redirect
option target 'DNAT'
option name 'RouterWG'
list proto 'udp'
option src 'wan'
option src_dport '58120'
option dest_ip '192.168.1.1'
config rule
option name 'UsersRoku'
option src '*'
option dest 'GuestDHCP'
list dest_ip '192.168.4.146'
option target 'ACCEPT'
config rule
option name 'Printer'
list proto 'all'
option src 'IoT'
list src_ip '192.168.7.148'
option dest 'wan'
option target 'REJECT'
You disable wmm and get what you earned 54 or 65 mbps.
Also use a fix channel and not auto.
auto helps to jump between DFS channels and get more bandwidth once radars settle.
Are you saying I should disable wmm? The box is currently checked in LuCi which I believe was the default.
config wifi-iface 'wifinet4'
option device 'radio0'
option mode 'ap'
option ssid 'Data G5'
option encryption 'sae-mixed'
option wmm '0' <--- whyyyy
option isolate '1'
You have a lot of APs but only wifinet4 has wmm disabled.
Is that an oversite because you are juggling so many APs or, as @brada4 asked, why on that AP?
Also:
sae-mixed is not, generally, suggested (if ever); it just does not play nice.
If you must use WPA2 use a very long (>15) password with symbols, upper and lowercase etc, with AES.
You should already be using a very long password since some devices, I presume, are stuck using WPA2 anyway.
Its an oversight because I have so many of them. I wasn't aware of SAE-Mixed being an issue. I am using it because I do have devices that won't work with WPA3. For all the APs I generated a unique 63-char password with a-z, A-Z, 0-9, and some common symbols. I will try setting the guest networks & IoT to WPA2 and the main networks to WPA3.