Show me the output of:
uci show mesh11sd
root@OpenWrt:~# uci show mesh11sd
mesh11sd.setup=mesh11sd
mesh11sd.setup.ssid_suffix_enable='0'
mesh11sd.setup.auto_config='1'
mesh11sd.setup.debuglevel='3'
mesh11sd.mesh_params=mesh11sd
mesh11sd.mesh_params.mesh_fwding='1'
mesh11sd.mesh_params.mesh_rssi_threshold='-65'
mesh11sd.mesh_params.mesh_gate_announcements='1'
mesh11sd.mesh_params.mesh_hwmp_rootmode='4'
mesh11sd.mesh_params.mesh_hwmp_rann_interval='5000'
mesh11sd.mesh_params.mesh_hwmp_root_interval='5000'
mesh11sd.mesh_params.mesh_hwmp_active_path_timeout='5000'
mesh11sd.mesh_params.mesh_hwmp_active_path_to_root_timeout='6000'
mesh11sd.mesh_params.mesh_max_peer_links='16'
mesh11sd.mesh_params.mesh_connected_to_as='1'
mesh11sd.mesh_params.mesh_connected_to_gate='1'
root@OpenWrt:~#
Looks good. You have ssid_suffix_enable added to all three?
Looks good. You have ssid_suffix_enable added to all three?
yes.. all of them are exact same settings.
Excellent.
Now lets set up encryption on the access point interface on this node.
Lets say we want psk2 encryption with an encryption key set to "mysecretkey"
Do:
service mesh11sd stop
uci set mesh11sd.setup.mesh_gate_encryption='3'
uci set mesh11sd.setup.mesh_gate_key='mysecretkey'
uci commit mesh11sd
service mesh11sd start
Note: mesh_gate_encryption can be set to 0 (none), 1 (sae, aka wpa3), 2 (sae-mixed, aka wpa2/wpa3) or 3 (psk2, aka wpa2).
Give it a few seconds to take effect then try connecting with your phone to this node's ssid (as you have the suffix turned off you might have to switch off the other two nodes)
works. I can connect to OpenWrt with the password( i used sae-mixed fwiw) and I can connect to internet on my phone.
next ?
Lets do the same on the other two.
Because of the unstable paths (we will fix that later), turn one of them off and wait a couple of minutes.
Now, on the first node, run:
mesh11sd connect
You should see a list of nodes, the one you turned off might still be listed.
Run the command again if you do not see the list.
Select the mac address of the node still turned on.
Note it is hyphenated so you can copy and paste easily.
Then run:
mesh11sd connect [the macaddress you selected] (without the square brackets of course)
This should open an ssh session to the remote node.
Does it?
Done on the other two AP nodes. Now all of them have password protected SSIDs and if I run mesh11sd stations I see two of them and mesh11sd status also shows 2 of them connected.
Also I can NO longer see the OpenWrt ssid as an open network on my phone or my laptop.
Can I rename the ssid to something else of my choosing ?
Can I also have different names for 2g and 5g ssids ?
Yes to both questions.
Start on the first node again.
Do the following, substituting the ssid of your choice:
service mesh11sd stop
uci set wireless.default_radio0.ssid='Nmahendru-wifi-0'
uci set wireless.default_radio1.ssid='Nmahendru-wifi-1'
uci set wireless.default_radio2.ssid='Nmahendru-wifi-2'
uci commit wireless
service mesh11sd start
Note: I read that on the tgr1900 it is not recommended to use radio2 as it for proprietary functionality not present in OpenWrt and will have low performance.
gotcha..though hopefully that claim could be verified but I just want the fastest setup. If it means radio0 for mesh and 2g devices, I couldn't care less.
Start on the first node again
Done for all nodes
With this done I think:
- I want to figure out how to switch to radio1/radio2 for the mesh without bringing the house down. I am guessing its again simple commands enveloped in stopping/starting mesh11sd.
- What tool would you use to measure the performance of the setup ?
- Disabling radio 2? does that simply mean running the below:
service mesh11sd stop
uci set wireless.default_radio2.disabled='1'
uci commit wireless
service mesh11sd start
?
Also, side note, I am curious how did this work from the perspective of dnsmasq ? I see that the wan node is dealing IPs and the others don't ? are the other two dnsmasq's running in relay mode or something similar ?
Excellent.
Now you should set the correct country code for your radios.
It will be defaulted to DFS-ETSI as this is the "safest" but not strictly correct if you are not in the ETSI region.
Do, substituting "XY" for your correct country code:
service mesh11sd stop
uci set wireless.radio0.country='XY'
uci set wireless.radio2.country='XY'
uci set wireless.radio3.country='XY'
uci commit wireless
service mesh11sd start
Good callout. Have set the correct country code now on all nodes.
Once we have finished configuring, we can go into this, and yes it is simple commands.
Up to you, but as far as usability is concerned, can you stream a Youtube video without stuttering? 
Yes.
The "wan node" in mesh terminology, is referred to as the "portal node".
The portal node runs dhcp and dns servers for the entire mesh backhaul (using dnsmasq).
Other nodes are referred to as "peer nodes" and can have numerous options, but all of them have dhcp server disabled and dns relayed to the portal node (using dnsmasq).
speed tests are working fine. youtube too.
Let me disable radio2. Also What's your thought on enabled ieee80211r for all WIFI ? I moved around a bit and lost wifi in one corner and had to reconnect.
Next we should fully secure your mesh by giving it a custom mesh id seed value.
This will make mesh11sd create secure hash values for the actual meshid and the mesh key.
We have to be careful here as if you make changes in the wrong order, you can end up locked out of peer nodes.
Start with the most remote peer.
Connect to it using mesh11sd connect as done previously.
Then do:
service mesh11sd stop
uci set mesh11sd.setup.auto_mesh_id='mysecretmeshid_hash_seed_string'
uci commit mesh11sd
service mesh11sd start; exit
NOTE: You will loose connection to this peer, so an "exit" is added to the start command to prevent your ssh session from locking up.
Now you would do the same for the other peer, then finally for the portal node.
Does this mean the one farthest away from the portal ?
Yes, the farthest away.
okie.. done! both nodes connected back. next ?
I am itching to set ieee80211r if you think it's useful 