I've just flashed my 3 Linksys SPNMX56 units with OpenWRT and set them up as dumb APs. They are all wired to each other and connected to an Asus router that takes care of DHCP/DNS etc.
I noticed that LAN performance is quite terrible, either from wired ethernet or my SSID I use to LAN access. I have 2 other SSIDs thag are set up as Guest Networks using OPENWRT Guide, and they work absolutely fine. There's something going on in my LAN that I can't figure out.
Example 1: I ping any of my APs from wired ethernet, often they time out. This is the same over my LAN accessible SSID.
Example 2: I have a number of smart devices and plugs which I interact with through the 'Smart Life' app. If I'm connected to my LAN SSID and try to turn a smart light on for example, it takes 10-20 seconds to execute. If I perform the exact same action from either of my Guest SSIDs, the execution is pretty instant, which it shoild be.
I should note that I have IPTV from my ISP, so I don't know if UDP packets are causing havoc on my LAN however, this issue did NOT happen with stock firmware.
Is there any sort of known issue with OpenWRT that I'm not aware of? Would something like tcpdump help be get to the bottom of this?
I can provide more detail soon, but any pointers would be appreciated. Thank you!
Yes they are indeed on a separate subnet. I though these devices required WAN access as they don't communicate with each other over the LAN. It needs WAN to execute.
Thanks. Apologies for the delay. Outputs below. Another thing I should add is that all 3 APs use the same backup file, but only the host IP is different, so perhaps there's some conflict there. I did this to save time as it took a while to set up the Guest networks etc.
root@AP1-WRT:~# ubus call system board
{
"kernel": "6.6.74",
"hostname": "AP1-WRT",
"system": "ARMv8 Processor rev 4",
"model": "Linksys SPNMX56",
"board_name": "linksys,spnmx56",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r28674+54-78f908407e",
"target": "qualcommax/ipq50xx",
"description": "OpenWrt SNAPSHOT r28674+54-78f908407e",
"builddate": "1737980794"
}
}
root@AP1-WRT:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc@0/c000000.wifi'
option band '2g'
option channel 'auto'
option htmode 'HE40'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'guest'
option mode 'ap'
option ssid 'IOT'
option encryption 'sae-mixed'
option key 'OpenGRM1980'
option ieee80211r '1'
option ft_over_ds '0'
option ocv '0'
option mobility_domain '42ff'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc@0/a0000000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0'
option band '5g'
option channel '36'
option htmode 'HE80'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OPENWRT_Inn'
option encryption 'sae-mixed'
option key 'OpenWifi1955!'
option ieee80211r '1'
option ft_over_ds '0'
option ocv '0'
option mobility_domain '40ff'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'OPENWRT_Guest'
option encryption 'sae-mixed'
option key 'OpenGRM50'
option ieee80211r '1'
option ft_over_ds '0'
option ocv '0'
option network 'guest'
option mobility_domain '41ff'
root@AP1-WRT:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0c:3e35:360d::/48'
option packet_steering '1'
option steering_flows '128'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'wan'
config device
option name 'lan1'
option macaddr '80:69:1a:cd:97:28'
config device
option name 'lan2'
option macaddr '80:69:1a:cd:97:28'
config device
option name 'lan3'
option macaddr '80:69:1a:cd:97:28'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.21'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.1.1'
list dns '192.168.1.1'
config device
option name 'wan'
option macaddr '80:69:1a:cd:97:28'
config device
option type 'bridge'
option name 'br-guest'
option bridge_empty '1'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
root@AP1-WRT:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
option masq '1'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding
option src 'guest'
option dest 'lan'
config rule
option name 'Guest_DHCP'
list proto 'udp'
option src 'guest'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'Guest_DNS'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Block_Guest_From_Lan'
list proto 'all'
option src 'guest'
option dest 'lan'
list dest_ip '192.168.1.0/24'
option target 'REJECT'
root@AP1-WRT:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
It's an earlier snapshop of the this firmware selector image provide by another community member. I am not sure what thos 54 patches are.
It would make sense for me to try the update snapshop from the firmware selector, but I still haven't been able to get it to work. Either the image fails, or it's missing Luci. When I try to 'Request Build', I either get an error, or it doesn't even execute. I've tried this on a couple of my APs now.
My understanding is tat Luci doesn't come with the snapshot image, but you can add it to the 'Request Build' which I can't seem to get working. Every chance this is something I am doing wrong as I'm not overly familar with snapshots etc.
What should that say? I grouped the wan port to the lan as these are just dumb APs. I don't need the wan.
This did seem to work. It was my understanding that this is required to enable fast roaming.
Nope! I deleted the wan/wan6 interfaces and disabled ipv6 dhcp etc
I think the best thing for me to do is to get a clean(er) build. this firmware has only just become available as a snapshot, but I'm also having trouble getting them to work.
Something else to note is the firmware I'm using currently was like an alpha test.
Is there an issue at the moment with the firmware selector customized build selection? I was getting an error yesteday and now I can't even get it to build. This happens no matter what device I select, so maybe there's an issue.
Thank you @LilRedDog and @brada4 for your great help! I have removed the duplicate MAC addresses and there is a significant improvement. I really have no clue how/why that happened.
Despite this, I am still seeing some terrible ping and latency between my APs. If you look at the below screenshot, .20, .21 and.22 are my APs. The .8 address here is a local Rasp Pi and it's perfect.
I'm kind of in an awkward position here, because the sysupgrade doesn't work, I can't flash back to stock because my stock partition appears to be bricked, and I can't create a system build due to issues with the site at present. What a mess
I suspect the sysuprade is failing because of the extremely poor network performance on the LAN ports. Even if I connect directly to the AP, it's still not very good. There may be some underlying issue. I'm going to try it again anyway.
I did do that, and adding the Guest network and SSIDs was pretty mich the only thing I did. The problem is that this was an earliy pre-release version and the guy who made it available was likely just testing a bunch of things. If I can get an updated, clean image to work, I will definitely be starting again from scratch
Thanks for that. I tried again and no luck. Maybe there's an issue with the sysupgrade or something, or maybe a some kind of snapshot mismatch? I am currently on r28674 and the snapshot on the selector is r28868. I might need to get a serial cable just in case I brick it completely!
I should also note I tried to upgrade via SCP, but no luck there either.
