One common or separate interfaces for 2.4 GHz and 5 GHz wireless radio?


I run an OpenWrt router without modem behind the ISP's router to separate my devices in a subnet from the ISP's router/network.
My OpenWrt device has two wireless transmitters (2.4 GHz & 5 GHz). Both have the same SSID so devices can choose the best frequency on their own.

What about the wireless interfaces? Do I need a separate ones for 2.4 GHz and 5 GHz?

Yes, in /etc/config/wireless, you need separate config wifi-iface sections, with their option device referring to different radios.

However, they can share the same network interface, for example lan, if that interface is set up as a bridge.

config wifi-device 'radio2'

config wifi-device 'radio5'

config wifi-iface 'lan2'
	option device 'radio2'
	option network 'lan'

config wifi-iface 'lan5'
	option device 'radio5'
	option network 'lan'

1 Like

Thanks for your reply!

I use LuCl and have now configured the SSID for 2.4 GHz under Network/Wireless and thereby created a new interface for the device. The latter I configured under Network/Interfaces to the static IP address with the device <SSID master (radio0)>. Now the WLAN LED flashes and I see the SSID on other devices, but I can't connect to it. It does not complain about a wrong key but just takes forever to connect, ending up to re-connect to the WLAN connection used before.

I feel like I'm not quite getting the interface thing right with the WLAN because there is a separate menu for it, but when creating a wireless network you can also specify an interface. :face_with_monocle:

In LuCI, the WiFi interface must be linked to a network interface under Network->Wireless->Edit->Interface Configuration-> General Setup->Network.
To get started, lan is usually a good choice.

Move over to Network->Interfaces:

  • Make sure the lan interface is configured as a bridge: Get the device name under Edit->General Setting->Device, click Dismiss and then find the details on the Devices tab.
  • Do not try to assign a WLAN interface here

For further discussion, please post the following files after redacting any secrets they may contain:

  • /etc/config/wireless
  • /etc/config/network

One thing to keep in mind is that if you have two separate SSID's then you avoid some of the issues of your device "flip flopping" from the faster 5ghz to the slower 2.4ghz because at some ranges the 2.4g signal will be stronger than the 5g one and your device will drop to 2.4ghz prematurely.

Modern clients should be smart enough to avoid this (for the most part).

This means it wouldn't work if lan is not configured as bridge? In may case, it refers to the specific lan port with static IP. This is done on purpose as the OpenWrt device serves to create a subnet behind the ISP's router.

PS: I reset the settings, so /etc/config/wireless is in its default state:

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/soc/a000000.wifi'
	option htmode 'HT20'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'platform/soc/a800000.wifi'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

/etc/config/wireless looks like this:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr ''
	option netmask ''

config globals 'globals'
	option ula_prefix 'xxx'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option proto 'static'
	option netmask ''
	option ip6assign '60'
	option device 'eth0'
	option ipaddr ''
	option gateway 'ip4 of wan interface'

config interface 'wan'
	option device 'eth1'
	option proto 'static'
	option ipaddr 'ip4 of ISP router'
	option netmask ''
	option gateway 'ip4 of ISP router'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 0'

On a device with multiple interfaces such as yours, OpenWrt is configured as a router by default, with separate LAN and WAN. It is not necessary to remove the bridge from the LAN interface. Indeed, the bridge is needed if you have both wired and wireless LAN, or if you want to set up two wireless LAN interfaces.

Note that LAN uses eth0, while WAN uses eth1. Only eth0 is a member of the LAN bridge, eth1 is still separate.

You might want to post the configuration that is actually used, with passwords redacted.
The default config has wireless disabled.

This file looks like /etc/config/network.
There are multiple problems with this configuration:

  • change device to br-lan
  • remove gateway
  • make sure the OpenWrt LAN subnet is different from the ISP router LAN (OpenWrt WAN) subnet

ipaddr must be different from the IPv4 address of the ISP router, but still be contained in the proper subnet. As an alternative, use the default proto dhcp for the wan interface.

Thanks for your patient replies. In the default's bridge mode and wireless associated to lan, clients can connect to WLAN.

But I wonder if in this configuration (OpenWrt connected to ISP router), the OpenWrt device (which itself has no modem) isn't acting as exposed host?

The OpenWrt device is protected from exposure to the Internet in two ways:

  1. The ISP router likely comes with a firewall which protects clients connected to its LAN interfaces, as long as such clients are not explicitly configured in the router as exposed. The OpenWrt device is one of those clients. However, I have limited trust in the security of vendor firmware, and I would not want to rely on this protection alone.
  2. OpenWrt comes with a firewall which is active by default and rejects connection attempts to its WAN interface, with only a few exceptions essential for maintaining network connectivity. As long as the OpenWrt device is connected upstream through its WAN interface, this protection takes effect.

Sounds good. Thanks for the explanation!