WLAN roaming and Chromecast connectivity

Hi all. I have a two-device setup with a main router and a dumb AP. There are three VLANs, LAN, IOT, and Guest, and all three have associated Wireless channels on the two routers. WLAN roaming is set up and works perfectly.

I have phones, tablets, and a Chromecast on the Guest network, and as it happens, the TV room sits almost equidistant from the two routers. That means that devices switch from one router to the other frequently and a little unpredictably.

It seems to be the case that when a tablet and the Chromecast both happen to be connected to the same router, everything works fine, but when one of them decides to roam to the other router, they lose connection, even though they're on the same VLAN. I didn't quite expect this, but I suppose the ability to see other devices on a wifi connection is limited to devices which are connected to the same actual router, irrespective of the VLAN/roaming situation.

Is this to be expected? If so, has anyone else encountered the problem and found a workaround? I'm thinking of either turning off the Guest network on the dumb AP or perhaps decreasing its radio power so that there's one obvious winner in the TV room.

Roaming should be transparent and if you've got things properly configured, it should all happen on the same L2 network.

How are the two routes connected to each other physically (LAN > LAN, or LAN > WAN)?

Please share the configs from each device (make it clear which is the main router and which is the dumb AP; only the network and wireless files are required for the dumb AP):

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

I'll post configs when I get home tonight. The roaming itself works seamlessly; as I move between one router and the other, I get a clean transition. The only oddity is that devices lose contact with the Chromecast if they roam to the other device, even though they're on the same VLAN.

The two devices are connected over a single trunk carrying all three VLANs. The VLANs are all working perfectly (connecting devices get the right IPs for the right networks), and devices on the Guest wifi get IPs on the same subnet irrespective of which router they're connected to.

Here are the configs, redacted to remove identifiable info (I hope):

MAIN ROUTER /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix [redacted]

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'
	option vlan_filtering '1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.0.1'

config device
	option name 'eth0.2'
	option macaddr [redacted]

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option type 'bridge'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
	option type 'bridge'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 3t 4 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option description 'IOT VLAN'
	option ports '0t 2 3t'

config interface 'IOT'
	option proto 'static'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'
	option type 'bridge'
	option device 'br-iot'

config device
	option name 'eth0.3'
	option type '8021q'
	option ifname 'eth0'
	option vid '3'

config device
	option type 'bridge'
	option name 'br-iot'
	list ports 'eth0'
	list ports 'eth0.3'
	option bridge_empty '1'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option description 'Guest VLAN'
	option ports '0t 3t'

config device
	option type 'bridge'
	option name 'br-guest'
	list ports 'eth0'
	list ports 'eth0.4'
	option bridge_empty '1'
	option vlan_filtering '1'

config interface 'Guest'
	option proto 'static'
	option device 'br-guest'
	option ipaddr '192.168.4.1'
	option netmask '255.255.255.0'
	
MAIN ROUTER /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option channel '36'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid '[MYSSID]-LAN'
	option encryption 'psk2'
	option ieee80211r '1'
	option mobility_domain '0005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option key [redacted]
	option dtim_period '3'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option channel '5'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid '[MYSSID]-LAN'
	option isolate '1'
	option dtim_period '3'
	option encryption 'psk2'
	option ieee80211r '1'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option mobility_domain '0005'
	option key [redacted]

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid '[MYSSID]-IOT'
	option encryption 'psk2'
	option network 'IOT'
	option ieee80211r '1'
	option mobility_domain '3005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option key [redacted]
	option dtim_period '3'

config wifi-iface 'wifinet3'
	option device 'radio0'
	option mode 'ap'
	option ssid '[MYSSID]-Guest'
	option encryption 'psk2'
	option network 'Guest'
	option ieee80211r '1'
	option mobility_domain '4005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option key [redacted]
	option dtim_period '3'
	option disassoc_low_ack '0'

config wifi-iface 'wifinet4'
	option device 'radio1'
	option mode 'ap'
	option ssid '[MYSSID]-IOT'
	option encryption 'psk2'
	option ieee80211r '1'
	option mobility_domain '3005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'IOT'
	option key [redacted]
	option dtim_period '3'

config wifi-iface 'wifinet5'
	option device 'radio1'
	option mode 'ap'
	option ssid '[MYSSID]-Guest'
	option encryption 'psk2'
	option isolate '1'
	option ieee80211r '1'
	option mobility_domain '4005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'Guest'
	option key [redacted]
	option dtim_period '3'
	option disabled '1'

MAIN ROUTER /etc/config/dhcp

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option channel '36'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid '[MYSSID]-LAN'
	option encryption 'psk2'
	option ieee80211r '1'
	option mobility_domain '0005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option key [redacted]
	option dtim_period '3'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option channel '5'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid '[MYSSID]-LAN'
	option isolate '1'
	option dtim_period '3'
	option encryption 'psk2'
	option ieee80211r '1'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option mobility_domain '0005'
	option key [redacted]

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid '[MYSSID]-IOT'
	option encryption 'psk2'
	option network 'IOT'
	option ieee80211r '1'
	option mobility_domain '3005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option key [redacted]
	option dtim_period '3'

config wifi-iface 'wifinet3'
	option device 'radio0'
	option mode 'ap'
	option ssid '[MYSSID]-Guest'
	option encryption 'psk2'
	option network 'Guest'
	option ieee80211r '1'
	option mobility_domain '4005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option key [redacted]
	option dtim_period '3'
	option disassoc_low_ack '0'

config wifi-iface 'wifinet4'
	option device 'radio1'
	option mode 'ap'
	option ssid '[MYSSID]-IOT'
	option encryption 'psk2'
	option ieee80211r '1'
	option mobility_domain '3005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'IOT'
	option key [redacted]
	option dtim_period '3'

config wifi-iface 'wifinet5'
	option device 'radio1'
	option mode 'ap'
	option ssid '[MYSSID]-Guest'
	option encryption 'psk2'
	option isolate '1'
	option ieee80211r '1'
	option mobility_domain '4005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'Guest'
	option key [redacted]
	option dtim_period '3'
	option disabled '1'

root@[MYSSID]1:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'IOT'
	option interface 'IOT'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'

config dhcp 'Guest'
	option interface 'Guest'
	option start '100'
	option limit '150'
	option leasetime '12h'

config host
	option name '[MYSSID]-2'
	option dns '1'
	option mac [redacted]
	option ip '192.168.0.2'
	option leasetime 'infinite'

config domain
	option name '[MYSSID]2_on_IOT'
	option ip '192.168.3.148'

config domain
	option name 'Samsung_Tablet'
	option ip '192.168.4.175'

config domain
	option name 'ASUS_Tablet'
	option ip '192.168.4.179'

config domain
	option name 'Chromecast_Gen_1'
	option ip '192.168.4.145'

config host
	option name 'ChromecastGen1'
	option dns '1'
	option mac [redacted]
	option ip '192.168.4.145'
	option leasetime 'infinite'

MAIN ROUTER FIREWALL

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'GuestZone'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'
	list network 'Guest'

config forwarding
	option src 'GuestZone'
	option dest 'wan'

config zone
	option name 'IOTZone'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'IOT'
	option input 'ACCEPT'

config forwarding
	option src 'IOTZone'
	option dest 'wan'

config forwarding
	option src 'lan'
	option dest 'IOTZone'

config rule
	option name 'Guest DHCP and DNS'
	option src 'GuestZone'
	option dest_port '53 67 68'
	option target 'ACCEPT'

config rule

config rule
	option name 'IOT DHCP and DNS'
	option src 'IOTZone'
	option dest_port '53 67 68'
	option target 'ACCEPT'

Dumb AP /etc/config/network


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix [redacted]

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 3t 4 5 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '0t 1 6t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option description 'IOT VLAN'
	option ports '0t 2 3t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '0t 3t 6t'
	option vid '4'
	option description 'Guest VLAN'

config device
	option type 'bridge'
	option name 'br-iot'
	list ports 'eth0'
	list ports 'eth1.3'
	option bridge_empty '1'

config device
	option type 'bridge'
	option name 'br-guest'
	list ports 'eth0'
	list ports 'eth1.4'
	option bridge_empty '1'

config interface 'Guest'
	option proto 'dhcp'
	option device 'br-guest'
	option hostname '[MYSSID]-2.Guest'

config interface 'IOT'
	option proto 'dhcp'
	option device 'br-iot'
	option hostname '[MYSSID]-2.IOT'

Dumb AP /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option channel '44'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid '[MYSSID]-LAN'
	option encryption 'psk2'
	option ieee80211r '1'
	option mobility_domain '0005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option key [redacted]
	option dtim_period '3'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option cell_density '0'
	option htmode 'HT40'
	option channel '11'
	option disabled '1'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid '[MYSSID]-IOT'
	option encryption 'psk2'
	option ieee80211r '1'
	option mobility_domain '3005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'IOT'
	option key [redacted]
	option dtim_period '3'

config wifi-iface 'wifinet3'
	option device 'radio0'
	option mode 'ap'
	option ssid '[MYSSID]-Guest'
	option encryption 'psk2'
	option ieee80211r '1'
	option mobility_domain '4005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'Guest'
	option key [redacted]
	option disassoc_low_ack '0'

config wifi-iface 'wifinet4'
	option device 'radio1'
	option mode 'ap'
	option ssid '[MYSSID]-Guest'
	option encryption 'psk2'
	option key [redacted]
	option ieee80211r '1'
	option mobility_domain '4005'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'Guest'
	option disabled '1'

Dumb AP /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ignore '1'
	option ra 'hybrid'
	option dhcpv6 'hybrid'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

Dumb AP /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

I'm seeing quite a few issues...

Starting with the main router;

Is there a reason you've enabled vlan_filtering? It should probably be disabled unless there is a specific need.

Remove the option type 'bridge' line from your IOT network

eth0 should not be part of the bridge... only eth0.3. Remove eth0 and also delete bridge_empty

Same deal here... remove eth0, bridge_empty and vlan_filtering (unless the filtering is needed).

I would highly recommend turning off 802.11r. Many devices just don't play well with this standard. But you can do this as a last resort after fixing the other issues.

You're missing country codes on both radios... and for the 2G radio, you should use channels 1, 6, and 11. Don't use channel 5 or any of the intermediate channels.

You have wifi client isolation turned on for your lan... if both the Chromecast and your phone are on this AP, they will not be able to communicate. Turn isolation off.

Now, on the dumb AP...

remove eth0 and bridge_empty from these bridges:

Typically, the non-management networks (i.e. the guest and IOT in your case) do not have an address. Change them to proto none (i.e. unmanaged) and remove the hostnames.

This is overlapping with the other AP when using VHT80. Take a look at the channel assignments and make sure you select non-overlapping ranges. You should also try to avoid DFS channels in your location.

1 Like

Wow, that's a lot to take in!

I need to map these settings to the LUCI configuration so I understand what I got wrong. The only place I can find "Bridge VLAN filtering" in LUCI is the configuration of each of the six bridge devices (three on each router), and in LUCI they all show as off, so I don't see how that config is set in the config file. Is there somewhere else in LUCI that would turn it on?

I followed One Marc Fifty's videos and some other tutorials for OpenWrt 21 to set things up, assuming that since the devices are Archer C7s that don't support DSA, I would have do do things the old way using bridges. The interface setup in LUCI requires you to choose a Device, and I understood that a bridge device should be set up for the VLAN and that should then be chosen as the device in the Interface setup; I don't know how the option type 'bridge' setting relates to the LUCI interface there. My basic understanding was that VLAN functionality requires:

  • The VLAN setup itself on the switch, along with port assignment and tagging as needed;
  • A bridge device for the wired ports;
  • An interface mapped to the bridge device; and
  • A wireless network attached to the interface.

And this is working very well for all three VLANs and for wifi, except for the problem with the devices on the Guest network losing track of each other. But if there's a simpler way to do it for these C7 devices (I have two v5s, two v4s and a v2), then I'd be glad to know how.

bridge_empty I guess comes from the setting "Bring up empty bridge", which I figured couldn't do any harm and might do some good; the explanation "Bring up the bridge interface even if no ports are attached" suggested to me that I should do that for any bridge device that didn't have any physical ports mapped to it (which, except for the trunk port, is the case for the Guest network).

The recommendation to use 802.11r is at the heart of One Marc Fifty's tutorial on setting up WLAN roaming, and it is working with the devices I've tested with, but it's possible it's problematic for the old Chromecast. I can experiment with that.

I'm very puzzled about the option isolate '1' setting, because in LUCI, the LAN wifi does not have this option selected on either router. More importantly, neither does Guest on either router. So there's something screwy going on here. LUCI settings don't appear to be reflected in the config files unless there's some other place to set this that I haven't been able to find.

Lots to ponder...

Thanks again,
Martin

The only place I know of in LuCI for this setting is Network > Interfaces > Devices > Configure < Bridge VLAN Filtering -- make sure it is off for all of your devices.

DSA uses bridge-vlan as its method or handling the ports. But swconfig just uses the switch stanzas to define the VLANs themselves. If you'll be associating a network interface with more than one physical device (i.e. ethernet + wifi or two wifi interfaces), you need to setup a bridge with list ports 'ethx.y'. Then, the interface will use the newly defined bridge device.

The option type 'bridge' option should not be used anymore in a network interface stanza. I'm not sure where the LuCI option is for that, so I'm not sure how it ends up in some users' config files.

802.11r (and k and v) are not required for high performance roaming. Proper tuning of your wifi radios is required, though. And this is true regardless if you use 802.11k/r/v or not. I like this video that explains the process (it's done with Unifi, but the same concepts apply to all wifi APs as long as the settings are exposed to the user). The additional standards are supposed to improve the performance... and sometimes they do. But other times they cause problems when a client device doesn't have the features implemented (or if they are poorly implemented).

AFAIK, it's pretty hard to get LuCI out of sync with the underlying config files, but I presume it could happen under certain circumstances. You can direcctly edit the text files and/or use UCI syntax on the command line to fix issues for which you cannot find the LuCI option.

Thank you again for all this really helpful info. I'll spend a few hours at the weekend experimenting to see what effects each of the changes make, and report back on what I learn in case anyone else is in the same situation.

@psherman This solved my problem. I'm not sure which of the changes was the crucial one, but I worked through each of them. The only thing I didn't change was the setting for vlan_filtering, because a) although it's set to on in the configuration files, it's not checked in the LuCI interface. I'm not sure exactly what it does, so I don't know whether I need it or not. I found another post on the forum in which a user suggested that this setting in was decoupled from the LuCI interface (Luci VLAN filtering), so I suspect this is a bug.

If anyone knows of a good explanation of what vlan_filtering actually does, I'd be glad to know; then I can decide if I need it or not. :slight_smile:

Awesome. Glad it helped!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.