Netgear WAX218 installation report

Installing and Using OpenWrt
1

Hey, I'm brand new to OpenWrt but just spent some time installing it on my Netgear WAX218 WAP and thought I'd share an installation report.

Install

I used the SSH method for the initial flash, and that worked. I used openwrt-25.12.2-qualcommax-ipq807x-netgear_wax218-squashfs-factory.ubi.

Finding the web UI

This device has a single LAN port, and I had it plugged into my laptop on a statically addressed interface. However I wasn't able to connect to the device on 192.168.1.1 after powering it up, which is what the docs told me to expect.

I took a pcap on the laptop and realised OpenWrt was sending DHCP discovers for some reason?? I have no idea why. But I was able to set up a DHCP server on my laptop interface that assigned it an address and then was able to get to SSH and web UI.

Configuration

In my network, DHCP and routing is all done from a central server. Once I had access to the web UI, I was able to set up the device to act as a simple WAP bridging WLAN and VLAN the same way I had with the original firmware:

Configure Bridge VLAN Filtering

  1. Navigate to Network > Devices.
  2. Find br-lan and click Configure.
  3. Go to the Bridge VLAN filtering tab and check Enable VLAN filtering.
  4. Add three VLANs: 17, 18, and 19.
  5. For the single physical port, set its state to tagged (T) for all three VLANs.
  6. Set 17 as local. Leave 18 and 19 as unchecked (these will be directly bridged WLAN<->VLAN).
  7. Click Save.

Configure Management and VLAN Interfaces

  1. Navigate to Network > Interfaces.
  2. Edit the LAN interface.
  3. Change the Device to a custom alias: type br-lan.17 and press Enter.
  4. Set the Protocol to Static address.
  5. Set IPv4 address to 192.168.17.2, IPv4 netmask to 255.255.255.0, and IPv4 gateway to 192.168.17.1.
  6. Under the Advanced Settings tab, set Use custom DNS servers to 8.8.8.8 and 8.8.4.4. Click Save.
  7. Click Add new interface. Name it iot, set Protocol to Unmanaged, and select Device br-lan.18. Click Save.
  8. Click Add new interface. Name it guest, set Protocol to Unmanaged, and select Device br-lan.19. Click Save.

Configure Wireless Networks

  1. Navigate to Network > Wireless.
  2. For both the 2.4GHz and 5GHz radios, create three access points. Click Add for each:
    • SSID: nobody_0 | Network: attach to lan | Wireless Security: WPA2-PSK
    • SSID: nobody_iot | Network: attach to iot | Wireless Security: WPA2-PSK
    • SSID: nobody_guest | Network: attach to guest | Wireless Security: WPA2-PSK
  3. Click Save.

Apply Changes

Review pending changes and click Save & Apply.

Bugs

VLAN and WLAN

I followed the instructions above pretty much exactly, but the VLAN setup was broken. It turned out vlan_filtering was disabled on br-lan. This was visible in the output from this command: ip -d link show br-lan. I could see vlan_filtering 0, despite "Enable VLAN filtering" being enabled in the UI and despite there being no option regarding vlan_filtering set in /etc/config/network.

It took me a while to figure out why, but it turns out that for some reason the instructions above added option type 'bridge' under all my VLAN interfaces in /etc/config/network. So, for example:

config interface 'lan'
	option device 'br-lan.17'
	option proto 'static'
	option ipaddr '192.168.17.2'
	option netmask '255.255.255.0'
	option gateway '192.168.17.1'
	list dns '8.8.8.8'
	list dns '8.8.4.4'
	option multipath 'off'
	option type 'bridge'

and

config interface 'iot'
	option proto 'none'
	option device 'br-lan.18'
	option multipath 'off'
	option type 'bridge'

This is a broken configuration and in fact if you delete and recreate the interfaces in the web UI they are sometimes recreated without the option type line! I couldn't isolate the exact steps that exposed this bug. Anyway, after much hair pulling I was able to fix it like so over SSH:

uci delete network.lan.type
uci delete network.iot.type
uci delete network.guest.type
uci commit network
/etc/init.d/network restart

Wi-Fi 6 doesn't really work

This device is advertised as being WiFi 6 capable, so of course I set the radios to AX. However, this exposes what I suspect is a bug in the ath11k driver(?) for the radio hardware (Atheros IPQ8074). It manifests as periodic hangs where userspace becomes unresponsive for minutes at a time (can't SSH or web UI). Maybe softirq something something? hostapd repeatedly logs errors like this:

Thu Apr 16 06:43:53 2026 daemon.err hostapd: Failed to set beacon parameters
Thu Apr 16 06:43:53 2026 daemon.err hostapd: Failed to remove BCCA element
Thu Apr 16 06:43:53 2026 daemon.err hostapd: Failed to set beacon parameters
Thu Apr 16 06:43:53 2026 daemon.err hostapd: Failed to remove BCCA element

After some research I discovered that this message was related to BSS coloring — an 802.11ax feature. So I reverted back to 802.11ac (5GHz) and 802.11n (2.4GHz). The web UI was so unresponsive by this point that I had to do this via uci:

uci set wireless.radio0.htmode='VHT80'
uci set wireless.radio1.htmode='HT20'
uci commit wireless
reboot

Now the device remains fast and responsive, and no more errors in the logs.

Conclusion

There was a bit of pain, but honestly not as much as I expected when switching from the stock firmware.

The device is a nice piece of hardware, but out of support from Netgear and occasionally stopped forwarding packets (necessitating a reboot) with the original firmware. I feel much more confident that OpenWrt will be more reliable.

Future plans

I need to install the prometheus exporter and start pulling metrics out of this thing.

Thanks for reading, and I hope these notes help other WAX218 enjoyers :smile:

1 Like