Need a guru to check my AP Settings

Got a pair of Asus BT8s running openwrt, main router works great, 2nd one is set as a dumb AP but doesnt seem to get much traffic, its in the upstairs hallway next to my daughters bedroom but her computer is connected to the router downstairs at the other end of the house so has low signal.

Can someone check my AP set up and make sure its ok? Im new so probably have something mixed up.

Also is it possible on have 2x 5ghz ssids on the same router? At the minute upstairs and downstairs wifi share tbe same name per band,,, could i make a second 5ghz upstairs name it different to anything else and have her computer connect to that network only so it doesnt try to wander off elsewhere?

Let's start by looking at the complete config...

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

root@OpenWrt:~# ubus call system board
{
        "kernel": "6.12.87",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 0",
        "model": "ASUS ZenWiFi BT8",
        "board_name": "asus,zenwifi-bt8",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "25.12.4",
                "firmware_url": "https://downloads.openwrt.org/",
                "revision": "r32933-4ccb782af7",
                "target": "mediatek/filogic",
                "description": "OpenWrt 25.12.4 r32933-4ccb782af7",
                "builddate": "1778712129"
        }
}

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        list ipaddr '127.0.0.1/8'

config globals 'globals'
        option dhcp_default_duid '00049a81e0842c5b4c18a87de660ed1dafab'
        option ula_prefix 'fdf1:abb5:4efa::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/11300000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option radio '0'
        option band '2g'
        option channel '11'
        option htmode 'EHT20'
        option country 'GB'
        option cell_density '0'
        option txpower '20'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'Openwrt-IoT'
        option encryption 'psk2'
        option key 'xxxxxxxxxxxxx'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/11300000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option radio '1'
        option band '5g'
        option channel '64'
        option htmode 'EHT80'
        option txpower '20'
        option country 'GB'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'Openwrt-Hs5'
        option encryption 'sae'
        option key 'xxxxxxxxxxxxxxx'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ocv '0'

config wifi-device 'radio2'
        option type 'mac80211'
        option path 'soc/11300000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option radio '2'
        option band '6g'
        option channel '53'
        option htmode 'EHT160'
        option country 'GB'
        option cell_density '0'

config wifi-iface 'default_radio2'
        option device 'radio2'
        option network 'lan'
        option mode 'ap'
        option ssid 'Openwrt-Hs6'
        option encryption 'sae'
        option key 'xxxxxxxxxxxxx'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ocv '0'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/odhcpd.leases'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
        option piodir '/tmp/odhcpd-piodir'
        option hostsdir '/tmp/hosts'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

The general advice is as follows:

• All APs should use the same SSID + encryption type + passphrase (for any given network).
• The 2.4G and 5G SSIDs should be the same so that client devices can select the band with the best performance dynamically.
• 802.11r should be disabled, as should 802.11k and 802.11v
  • this should be true on all APs until and unless there is a demonstrated need for this)
• Each AP should be configured to use different, non-overlapping channels on each band relative to the neighboring AP(s).
• Finally, power levels should be adjusted on each AP to reduce the amount of overlap area. You're trying to balance complete coverage while also reducing the size of the coverage area that has overlapping coverage by 2 or more APs.

These things will help encourage the client devices to roam to the best AP.

In your config, I see that you have 802.11r enabled -- remove all of that stuff (from both APs). Check the channels and make sure they're non-overlapping (this table can help).

Your firewall should include a lan firewall zone with all three zone rules set to accept (this is a secondary thing, has nothing to do with the issue you're describing).

Take a look at this video for a guide on how to optimize your APs...

Both APs do use the same SSID etc... and channels are non-overlapping.

I will remove the 802.11r stuff.

On the AP i have the firewall disabled in the startup menu? Do i need to turn it back on and make it all accept then?

The firewall doesn't need to be enabled, but having your lan zone explicitly defined (with the lan network assigned to the zone) will ensure that you will never lose access to the device should the firewall become re-enabled.

No worries then, ill do that too.

So is it possible on the access point to make an extra dedicated ssid for just the computer upstairs so it cant change where its connected too? everything else seems to roam fine, but the computer always ends up connected to the main router at 5mbps...

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'LAN'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

Yes, this is possible. But not really recommended. Sure, though... just like you did with the IoT network -- same deal. The IoT network isn't actually isolated in your situation -- it's just simply another SSID being broadcast on the same radio.

If that is the problematic SSID then change the encryption to WPA2 + CCMP to test if the computer then can connect

Yes my IOT is purely 2,4ghz im not bothered about restricting it access wise, its my car charger, wireless garage camera, washing machine and oven.

How would it be better? just the same ssid on all the radios? I didnt know so just named them so i could identify them. I will happily change them if it's the better option and you recommend it.

The computer connects fine, and works connected to the AP for a while, but ends up reverting to the main router, which is a long way away and therefore loses the near gig speeds and ends up struggling and wont seemingly revert back to the AP.

its a fixed pc so doesnt need to roam really, just connect to the AP and stay there, which is why i wondered if irs own unique ssid only on the AP would do that.... if all other networks saved on it are forgotten

Yes that is valid solution

Why would disable of r/v/k help roam between APs?
I don't find roaming problems, VoWiFi connections doesn't disconnect with those configured and help of usteer-ng between 3 dumb APs

is usteer-ng worth installing in my case?

Check logs on AP and main. Disable the main wireless and test just the AP for stability and bandwidth. Use non-DFS channels?

Check wireless adapter settings and what it actually supports.

You can enable mlo. I found clients stuck like glue to 6/5Ghz during testing, sometimes to a fault.

Yes, you can just run another "2nd floor only" SSID.