both. the lag goes to my upstairs office. if i need a direct internet connection i.e to bypass pfsense, etc. i simply disconnect one and re-patch it temporarily. plus my media server, etc is upstairs, so i used the increased bandwidth as all the other devices come for the media upstairs and i work from upstairs
no. most vlans pass direct via pfsense out. there is routing via pfsense from the media network to the server or the client network to the server.
i have 100mg fibre and 120mg cable wan connections which are used in with two failover groups. i direct some vlans to the fibre as primary and some vlans to the cable as primary
Well I don't use pfsense so don't know exactly how it operates. But it sounds like you might be confusing interfaces and ports when assigning VLANs. You should only need one VLAN 'interface' (i.e. something with an actual IP) on the pfsense box.
In the case of OpenWRT you'd probably put all 8 ports (assuming they're all used for LAN connections) into a single bridge. You'd then create a LAN interface for that bridge and assign your various VLANs to the appropriate ports. You'd have the respective VLANs also set up on the relevant ports on the managed switches and, if necessary, on the APs.
You'd also be using several VLANs, depending on which networks you want separated from each other. So would have trunk ports (i.e. ports tagged with multiple VLANs) between routers, switches, and APs.
This would actually be expected when a LAG is compromised (i.e. running on fewer than the intended physical links). However, if you go with a non-LAG connection, you might not have issues.
Also, to be clear, LAG isn't solving a bridging issue. It may be creating additional problems if not properly configured, but even if it is properly configured, it may be a distraction.
What you probably need is a switch next to the router so you can properly handle your situation. A diagram would make it more clear, though.
think i have the solution.
I bridged the wifi guest vlans on both interfaces on the pfsense. doesn't support spanning tree for those types, but should not be required as it is primarily client to internet or internal server on different vlan.
will now test the roaming and put on the other vlans if that is the case
so here is the network. i created a bridge on pfsense for the wifi and guest wifi vlans.
all vlans on the aps are unmanaged protocol, clients isolated, WMM mode enabled, access point
i enabled fast transition on both the wifi and guest for each device
i disabled the 5G on the wdr3600 - will come to the problem next.
using the android cell info lite app, i see the following
WIFI - transitions for upstairs to basement, but does not select wdr3600 even when only a couple of meters away
GUEST - does the same as WIFI but will sometimes pick up 5G on the wdr3600. if i change networks, then it will pickup the wdr3600
This diagram doesn't really help... we don't know anything about the switches (what model are they) and we have no idea which APs are which. We don't know what VLANs are in play, or really anything else.
I hope you bridged the ports, and not the networks themselves. The former will behave like a software switch, but the latter will mess things up.
Bridging ports on some hardware is also suboptimal in that it will seriously affect throughput. For example, on the Ubiquiti ER-X, you can get gigabit performance when the ports are individually routed and/or configured with the hardware switch. But if you bridge any of the ports, it will drop the maximum performance down to approximately 250Mbps. So, if your pfSense system is on an embedded router device, you're likely reducing your performance (if it's running on something like an x86 system, it should be fine).
Have you properly configured your APs with the exact same SSID and password? Do you have unique SSIDs for the 2.4 and 5GHz bands? What about power -- have you reduced the power to encourage roaming (yes, you have to reduce it... using auto or maximum power will reduce the likelihood of proper roaming)?
the pfsense is an i3 mini headless
the switches are both netgear 8 and 12 port managed GS108 and GS110 series
SSIDs and passwords are the same on all devices.
but in relation to your question about 2,4 and 5, i used the same SSID for that. is that a mistake?
actually, for testing, i have turned the 5G radio off but still no effect
re power, i actually increased it, because the the walls are sandstone and there is very low signal strengths in some parts where only one AP can be detected
Are they properly configured for each of the respective ports? You should have trunks between the router and the switches and between the switches and the APs. Double check that they are properly configured and passing the VLANs as expected.
No, it's fine. just verifying.
You want to have the minimum power required in order to have the smallest overlap of the signals. Ideally you want 1 AP's signal to become pretty low as you begin to approach the next.
vlan4 igb2 tag 4
vlan4 igb3 tag 4
vlan5 igb2 tag 5
vlan5 igb3 tag 5
bridge0 igb2.4, igb3.4 dhcp server 192.168.4.1
bridge1 igb2.5, igb3.5 dhcp server 192.168.5.1
openwrt all devices have same passwords for corresponding SSIDs
WIFI and GUEST have Mobility Domain unique for each SSID and same across devices
FT over the Air protocol
DTIM internal 3
802.11r enabled on all devices
DG and KG have their max transmit power set to a level to ensure coverage to spots where only they can reach.
EG has power set higher than default.
behaviour is as follows
stand near each device, turn wifi off/on and device will pick the nearest AP
roam from DG to KG and device will switch from channel 1 to 11 but there seems a long transition (youtube will work uninterrupted due to buffering)
roam from DG/KG to EG and device will not switch to EG AP (neither 2.4G or 5G) even when signal is -80 dBm
test device has static dhcp address and stays consistent across all APs.
per above, switch on/off or to different SSID and the closest AP will be used. Ping/internet works fine after switchover
clients retain their IP address when switching off/on and and picking the closet AP.
all devices on the LAN vlans work fine on all APs. the wan port is bridged to the lan ports on all devices and all vlans configured as unmanaged on the APs
Try resetting the WiFi network to default settings (or create a new test one) across all 3 APs, then just enable fast roaming without making any other changes. Assuming you're using a recent version of OpenWRT it'll sort out the mobility domain etc. Itself.
