Sun Mar 2 14:38:52 2025 daemon.notice netifd: radio0 (7610): sh: out of range
Sun Mar 2 14:38:52 2025 daemon.notice wpa_supplicant[2308]: Set new config for phy phy0
Sun Mar 2 14:38:53 2025 daemon.notice hostapd: Set new config for phy phy0:
Sun Mar 2 14:38:53 2025 daemon.notice wpa_supplicant[2308]: Set new config for phy phy0
Sun Mar 2 14:38:53 2025 daemon.notice netifd: Wireless device 'radio0' is now up
Sun Mar 2 14:38:53 2025 daemon.notice netifd: Interface 'wwan' is enabled
Sun Mar 2 14:38:53 2025 daemon.notice netifd: Interface 'wwan' has link connectivity
Sun Mar 2 14:38:53 2025 daemon.notice netifd: Interface 'wwan' is setting up now
Sun Mar 2 14:38:53 2025 daemon.notice netifd: wwan (7693): udhcpc: started, v1.37.0
Sun Mar 2 14:38:53 2025 daemon.notice netifd: wwan (7693): udhcpc: broadcasting discover
Sun Mar 2 14:38:55 2025 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Sun Mar 2 14:38:55 2025 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 4 names
Sun Mar 2 14:38:55 2025 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Sun Mar 2 14:38:56 2025 daemon.warn odhcpd[2754]: No default route present, overriding ra_lifetime to 0!
Sun Mar 2 14:38:56 2025 daemon.notice netifd: wwan (7693): udhcpc: broadcasting discover
Sun Mar 2 14:38:59 2025 daemon.notice netifd: wwan (7693): udhcpc: broadcasting discover
I also tried relayd mode, but no packets were forwarded from the WLAN interface.
Thank you this worked as I already had openwrt installed on the router anyways, so I only needed the sysupgrade file.
For anyone stumbling across this post this is what worked for me. I used a docker container to build this in:
# Replace "/mnt/disks/1tbnvme/containers/temp" with the directory you want on your docker host
docker run --rm -it --name openwrt -v /mnt/disks/1tbnvme/containers/temp:/home/builduser ubuntu:22.04 bash
# Install dependencies
apt update && apt install -y \
build-essential clang flex bison g++ gawk gcc-multilib gettext git \
libncurses-dev libssl-dev python3 python3-venv python3-pip rsync unzip \
zlib1g-dev file wget ccache curl sudo time bzip2 xz-utils patch bc \
libncurses5-dev libncursesw5-dev libelf-dev subversion tar autoconf \
automake libtool zstd cmake nano
useradd -m -s /bin/bash builduser
passwd -d builduser
usermod -aG sudo builduser
echo "builduser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builduser
su - builduser
sudo git clone https://github.com/qosmio/openwrt-ipq -b 24.10-nss # Or choose main-nss
sudo chown -R builduser:builduser /home/builduser/openwrt-ipq
cd openwrt-ipq
export FORCE_UNSAFE_CONFIGURE=1
./scripts/feeds update
./scripts/feeds install -a
cp nss-setup/config-nss.seed .config
# Uncomment the line for your router as defined in the quickstart guide
nano .config
# Use the gui to navigate to "target images" spacebar to uncheck "ramdisk", then save the config
make menuconfig
make defconfig V=s
make download -j$(nproc) V=s
make -j$(nproc) V=s
# The sys upgrade .bin file will be in ~/openwrt-ipq/bin/targets/qualcommax/ipq807x/
If you are using Flet's optical network, 5Gb/s is a good enough speed. It’s a best-effort service, and many users report speeds around 5-7Gb/s. Speedtesting at midnight may give better results.
My AX12 can handle almost 10Gb/s in router/bridge mode in my evaluation local network. Aside from the complexity of calculating usable ports, MAP-E is basically NAT/NAPT, so NSS should offload packets. Watch CPU usage in htop or top -d3 while benchmarking and check that it’s not consuming too much CPU. If the CPU is almost idle, it’s likely the limit of the optical service.
i think i found the culprit
ICE connection timeout in webRTC session
probably my isp is shitty but non-nss builds less affected
also 6.6.74 and up kernels give really bad peformance
edit:skb_recycler really makes all the trouble
disabled for now
I was able to set up VLAN on the dumb APs following the instructions and make them work with my main router (configured with VLAN filtering), the devices connected to the dumb APs was able to reach the Internet and the main router.
However, the device connected to a dumb AP wirelessly can't reach/ping the other dumb AP or the devices connected to the main router. This problem doesn't exist when the device connects to the dumb AP through wire or to the main router wiredly/wirelessly. The firewall has been disabled on the dumb APs, and the Wifi doesn't have Isolate Clients checked.
@bgcngm Do you know what I am missing by any chance? Please let me know if there are any configs to share for better debugging.
BTW, this is on the latest qosmio's 24.10-nss build
Let me share the configs to better demonstrate. On my main router I did use the usual OpenWRT VLAN setup, which is called VLAN filtering in the LuCI UI but it does create 802.1q devices, so I am a bit confused about the terms.
VLAN id 20 for IoT and VLAN id 99 for main network.
Main router (GLiNet-MT6000 with MT chips so no NSS)
/etc/config/network
expand
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda1:b600:3259::/48'
option packet_steering '1'
option steering_flows '128'
config device
option name 'br-lan'
option type 'bridge'
option igmp_snooping '1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
config interface 'lan'
option device 'br-lan.99'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config interface 'IoT'
option proto 'static'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
option device 'br-lan.20'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan2:t'
list ports 'lan3:t'
config bridge-vlan
option device 'br-lan'
option vlan '99'
list ports 'lan1:u*'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:u*'
list ports 'lan5:u*'
2 Dump APs (MX4200v1 with 24.10-nss build, connect to main router lan port 2 and lan port 3 through wire via their wan port, firewall and dnsmasq disabled)
/etc/config/network
expand
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdf1:3916:46a0::/48'
option packet_steering '0'
config device
option name 'br-lan'
option type 'bridge'
option igmp_snooping '1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'wan.99'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
config interface 'IoT'
option proto 'none'
option device 'br-iot'
config device
option type '8021q'
option ifname 'wan'
option vid '99'
option name 'wan.99'
config device
option type '8021q'
option ifname 'wan'
option vid '20'
option name 'wan.20'
config device
option type 'bridge'
option name 'br-iot'
list ports 'wan.20'
With VLAN filtering it's done at the physical switch port level. 8021q is a software based method of managing VLAN tags. IPQ807x doesn't have standard DSA architecture and uses 8021q, but with NSS it's able to offload 8021q traffic.
AP is connected via lan port 1 to router's lan port 2? You wouldn't specify wan in your AP config, since it's not actually used. You can simplify it to this.
NOTE: You can just use the syntax port_number.vlan_id under list ports. netifd will know to create a 8021q device. You only need to lay out the full config if you want to change mac address or other non-default settings.
config device
option name 'br-lan'
option type 'bridge'
option igmp_snooping '1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
config interface 'IoT'
option proto 'none'
option device 'br-iot'
config device
option type 'bridge'
option name 'br-iot'
list ports 'lan1.20'
Ensure you also have the proper firewall zone on your main router to allow IoT => wan as well.
2 APs connects to the router's lan port 2 and 3 through their wan port, that's why I have wan.20 for IoT and wan.99 for main network on the APs, and yes I do have the firewall zone for IoT => wan.
It is really weird that devices connect to the AP through wire doesn't have the issue, while devices connect to the AP through WiFi can't connect to other devices, which feels like something wrong on the AP side rather than on the router side, but I might be wrong.
With VLAN filtering it's done at the physical switch port level. 8021q is a software based method of managing VLAN tags. IPQ807x doesn't have standard DSA architecture and uses 8021q, but with NSS it's able to offload 8021q traffic.
And AP running non-NSS build with "VLAN filtering" config works fine, which I think is using 8021q behind the scene rather than the actual standard DSA VLAN filtering?
isnt this the issue of cleint isolation?
the issue about unintended isolation of wireless clients with the NSS builds are multiply reported in this topic. i have yet to find an understnading of the reason why it is not always a problem or not. it thus follows that a consistent fix for the problem has not been reported/
Thank you for bring this up! I remember seeing reports of isolation somewhere once (must be this or the other MX4200 topic), but couldn't find them by searching for isolation, discover, etc.
@ghoffman Found it, I actually saw that in your post lol
