[SOLVED] Is wrt3200acm able to support more than 2 wifi networks on the same radio?

Hello Community,

I apologize if this discussion has already been covered else where. If so, please let me know if I should take this post down and please do not penalize me harshly as I am "newb" status. I have tried searching for this particular sitiation that I am encountering and I did not locate any discussions or solutions here or else where on the inter-webs

I am configuring a Linksys WRT 3200acm with the news version of LEDE 17.01 branch (git-17.290.79498-d3f0685) / LEDE Reboot 17.01.4 r3560-79f57e422d. The scenarios is I am configuring a network that has three networks. The architecture is as follows:

a) One wifi network is bridged to my private lan network interface called "LEDE".
b) One wifi network is my guest network configured on its own interface named "slave".
c) One wifi network is for a project I am trying to setup called "tor" with its own interface.

The router model has three radios detected which is discussed in the following thread located here:
third radio in wrt3200acm

A general overview for those who do not want to click on the link is there are three radio devices the OS discovers natively after install by default. The break down is below:

1. radio0 is the 5GHz interface
2. radio1 is the 2.4GHz interface
3. radio2 is an auxiliary interface, that can be configured either as 2.4GHz or 5GHz and used for short range items (not ideal for heavy network usage)

For the rest of this post I will be referring to the wifi networks as a, b, and/or c from the alphabetized list and the network devices as 1, 2, and/or 3 respectively from the above numbered list.

The way I wanted to configure the router was to use 2 as the interface that will host all three (a, b, and c) of the wifi networks mentioned above. The reason is to ensure device compatibility for guests on my network as not all hardware supports 5GHz.

Everything works fine when I only have two wifi networks setup.

But the issue arises when I add a third wifi network. When I add a third wifi network, the other two that were previously setup (that was tested to work) will break and wont allow devices to connect to it and only the newly added wifi network will allow connections, procure a dhcp address, and access to the internet.

For example:

• I first set up wifi networks a and b on device 2 and have each of them bridged to their own interface.
• I create the firewall rules to b to allow procurement of dhcp, dns, and access to the wan/internet
• Test connectivity and confirmed working on both wifi networks on different devices i.e. smart phone, laptop, etc.
• I then follow the same procedures to add c to device 2
• As soon as c is added, all connection attempts to a and b crashes on the devices and returns error messages that the "network cannot be connected to" or "failed to connect to network slave/LEDE" but access to c works fine.
  *I check the logs by doing a readlog -f and it does not show any connectivity or dhcp requests when trying to connect devices to a and b wifi networks

Other failed methods I have tried:

• I have tried configuring different vlans to house each of the wifi networks.
• I have tried creating an entirely new device but that seemed to fail and I think this is due to the device driver file referenced only sees 1, 2, and 3.

I tried a work around that seems to work but it does not meet my requirement of having them on the same device. It was as follows:

• I create wifi networks a and b on device 2 and have each of them bridged to their own interface.
• I create the firewall rules to b to allow procurement of dhcp, dns, and access to the wan/internet
• Test connectivity and confirmed working on both a and b wifi networks on different devices i.e. smart phone, laptop, etc.
• I then follow the same procedures to add c to device 1 with firewall configurations
• Test connectivity and confirmed working on both c wifi network on different devices i.e. smart phone, laptop, etc.

I am thinking the issue may be either of the following and looking for confirmation or a solution from the community:

• The device/operating system doesnt support more than 3 wifi networks (I read somewhere on here that the LEDE driver for this router was not a binary driver that could handle this and DD WRT was able to handle this use-case but I can't seem to find the article/URL but I would prefer OpenWRT/LEDE over that OS)?
• The feature can be done but there is an issue with the device's driver which needs an update?
• I am misconfiguring something i.e. firewall, network, etc.?

For your reference is my configurations below. Please let me know if you need any additional information that I have forgotten to include or other configurations with other use-cases I have tried i.e. vlans

note: I know the configs may be non-secure but I am just trying to get this working for now. Once functioning, I will apply security hardening afterwards.

Sincerely,

A humbly committed student

vi /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fde1:67cc:118f::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth1'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6'

config interface 'tor'
	option proto 'static'
	option ifname 'tor'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option type 'bridge'

config interface 'slave'
	option _orig_ifname 'wlan1-2'
	option _orig_bridge 'false'
	option proto 'static'
	option ipaddr '10.0.1.1'
	option netmask '255.255.255.0'

vi /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'soc/soc:pcie-controller/pci0000:00/0000:00:01.0/0000:01:00.0'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'LEDE'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'soc/soc:pcie-controller/pci0000:00/0000:00:02.0/0000:02:00.0'
	option htmode 'HT20'
	option country 'US'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'LEDE'
	option encryption 'none'

config wifi-device 'radio2'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'LEDE'
	option encryption 'none'

config wifi-iface
	option device 'radio1'
	option mode 'ap'
	option encryption 'none'
	option ssid 'tor'
	option network 'tor'

config wifi-iface
	option device 'radio1'
	option mode 'ap'
	option encryption 'none'
	option ssid 'Slave'
	option network 'slave'

vi /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

config dhcp 'tor'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'tor'

config dhcp 'slave'
	option leasetime '12h'
	option interface 'slave'
	option start '2'
	option limit '254'

vi /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option name 'tor'
	option forward 'REJECT'
	option output 'ACCEPT'
	option network 'tor'
	option input 'REJECT'

config forwarding
	option dest 'wan'
	option src 'tor'

config rule
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '53'
	option name 'tor internal dns'
	option src 'tor'

config rule
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '67-68'
	option name 'tor internal dhcp'
	option src 'tor'

config zone
	option forward 'REJECT'
	option output 'ACCEPT'
	option name 'slave'
	option input 'REJECT'
	option network 'slave'

config forwarding
	option dest 'wan'
	option src 'slave'

config rule
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '53'
	option name 'slave DNS'
	option src 'slave'

config rule
	option enabled '1'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '67-68'
	option name 'slave DHCP'
	option src 'slave'

You can check the limitations of the driver/hardware combination in many cases with iw list.

For example, this excerpt from an Archer C7 says that I can't have more than a total of 8 APs and mesh points configured and can have at most one STA configured (router as a client of another AP) with no more than 8 total among them. Your device may be different.

	valid interface combinations:
		 * #{ AP, mesh point } <= 8, #{ managed } <= 1,
		   total <= 8, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz }

Hello Jeff,

Thank you for your prompt response. Correct me if my understanding is wrong and to avoid any miscommunication, to confirm on how to read the output of your example is as such:

device can only have 8 AP or Mesh points (as stated in the comment but may not be as apparent for some readers).
#{ AP, mesh point } <= 8,

This device can only be "managed" by 1 spanning tree algorithm from a primary AP, and underneath the client's connection to the managed/primary AP, it can then have another eight separate wifi networks in on itself using the internet connectivity from the managed/primary AP.
#{ managed } <= 1, total <= 8,

If this device is managed, then assure the channels match what the managed/primary AP's uses.
#channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz }

I will have to pull up the exact output of my router to see what it says.

For the sake of curiosity, let's say that the output of my router is the same as yours. Wouldn't that mean that I should be able to have at least three wifi networks on one device (as in my scenario)?

"managed" confused me at first, but I was told that it refers to the router acting as a client of another AP.

Yes, for the 5 GHz radio on an Archer C7 one would be able to run a total of 8 different SSIDs at the same time, either "normal" APs or mesh nodes. If the radio was being used as a "normal" client of another AP, then there would be 7 remaining for APs and mesh nodes.

"STA/AP BI must match" means that the 5 GHz radio only supports a single RF channel at a time. (The Archer C7 also has a separate 2.4 GHz radio, with its own abilities, not discussed above.)

Excellent, thank you for the clarification.

So in theory, if the 2.4 GHz has the same output, then that would mean it should be able to to support 3 wifi networks and it is not a hardware issue, correct?

If that's the case, what may be the problem in this scenario? Are my configs incorrect? I will confirm my routers output and post it when I am able to get access to it.

Any other thoughts and suggestions would greatly be appreciated.

UPDATE:

Here is the output for the router in question:

        valid interface combinations:
                 * #{ AP } <= 16, #{ managed } <= 1,
                   total <= 16, #channels <= 1, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz, 160 MHz }

So based on the output and my understanding from @jeff this router should in theory be able to handle 16 APs, 1 STA with 15 sub APs which means this router can handle three wifi networks.

rango iw list output.

• The mwlwifi included with the 17.x stable release is very dated and somewhat problematic. Fist get that updated, there is a thread on the forum to get a current one for stable.
• Check the readme at the mwlwifi github. There are some issues running both the mwlwifi and the radio2 driver. Be sure as to device locale manufacture and country code setting.

Yes, you can have more than three wifi networks on this devices, but that does not have anything to do with the number of radios available; let me explain:

• For starters, I would not use the third radio, except for experimenting; in fact, to be able to use certain channels on the 5GHz band, you should disable the third radio.

• Now, unless you have some very specific needs, I would define each wifi network on both interfaces, and use the same password; this way, each device can connect to either the 2.4GHz or the 5GHz band for its configured network.

The wifi drivers for that device included on 17.01.4 are a bit updated and under heavy development, I would suggest updating them, using my packages at Pre-compiled updated mwlwifi drivers for stable releases.

Thank you everyone for your feedback,

@eduperez, I am not using the third radio radio2 and I have disabled it per your recommendations that you posted on the earlier post that I referenced above. In addition, for same wifi SSIDs in the 2.4 and 5 GHz band, I do use the same password (and have noticed some issues with the router when I configured this, it would eventually lag out from dhcp noise). For clarification, what do you mean when you say:

@anomeome and @eduperez, I am confused. Am I not using the current version that is stable or is it a out dated version?

Here is the output for the version of driver that is installed. I will try to play around with @eduperez's packages:

root@LEDE:~# opkg list-installed | grep mwlwifi
kmod-mwlwifi - 4.4.92+10.3.4.0.git-2017-06-06-1

Very dated, with issues. Update to the current one in the @eduperez thread linked. There has also been many updates to support packages around mwlwifi which would suggest moving to the 18.x build, or even master snapshot, but start with the mwlwifi to see if your issue is addressed.

The "wireless" file on your first post does not match what you said in your latest comment.
Perhaps you could post the last file that works, and the first one that fails.

@anomeome and @eduperez,

Status update:

SOLVED: I tried all your suggestions. I tried the drivers the @eduperez posted and it works. For the sake of it, I tried @anomeome's suggestion to upgrade to the 18.x build and that is also confirmed working.

@eduperez, yes you are correct about the driver differences. I think the difference was due to me flashing the router back to original state during my troubleshooting processes and the other after I did an opkg update.

Hopefully this is a permanent solution and I can get back to my tor anonymity network project (as well as others )

Thank you all for your patience, prompt correspondence, and willingness to help out the community and myself. You helped me gain additional knowledge that I can in turn help others. Keep up the great work and this is a great product that really allows freedom for all, with a touch of ubuntu (a quality that includes the essential human virtues; compassion and humanity) philosophy!

Sincerely,

A humbly committed student

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.