My ASUSWRT 5.0 AiMesh extends LAN/WLANs/VLANs (same band channel on all nodes); improves roaming (802.11k,v support); maintains backhauls and a backup router; simplifies admin; and can be incrementally built/upgraded. No account, app, controller, subscription, or fee required.
cable ISP, 372/11Mbps
2.4/5.0 WiFi6 router RT-AX88U_Pro_3.0.0.6.102.33308
WLANs w/Smart Connect band steering/failover, same SSIDs
2.4 Fixed, ch 11/20, -100dBm noise, 15-35% util
5.0 Fixed-1,2a, ch 36/160, -90dBm noise (not used)
5.0 Fixed-1,3, ch 36/80, -92dBm noise, 3% util
2.4/5.0 Roaming Assistant node steering, -70/-70dBm
Cloudflare Secuity encrypted DNS w/malsite blocking
GNP custom VLANs for Guest, IoT
AiProtection
2.4/5.0 WiFi6 node at 77' RT-AX86U_Pro_3.0.0.6.102.34313
MoCA 2.5 wired backhaul only, 2.5GbE
Install
* Security-related
o 2.4/5.0/6.0 = 2.4/5/6GHz bands
o AiMesh = router/AP root node + 4 nodes max (2 daisy-chain max)
Mixing models (fw 3.0.0.6.*) (
EoL)/topologies/backhauls is permitted
AP Mode root node is wired to other LAN
o
FW Reset FAQ
Reset button/webUI Restore/node removal clears settings in NVRAM; reboot restores fw defaults from CFE
Hard Reset via WPS button/webUI Restore+Initialize also clears data logged in /jffs partition
o Confirm ISP cable shield is grounded to electric Earth at demarc*
o Use a UPS to protect data/hardware*
o
Power OFF router, modem, wait (cycle power)
o Wire router WAN to modem, LAN to PC
o Power ON modem, wait
o Power ON router, wait
Monitor LEDs; Power LED flashes ~3 times when ready
o
Hold Reset button until Power LED flashing to Reset fw, wait
o Browse router LAN IP (default 192.168.50.1) to access webUI
o
Perform Quick Internet Setup (QIS) to check/upload fw, WAIT
See new fw link to review release notes
o Browse webUI page /ajax_coretmp.asp to confirm CPU temp <86C (85% Tj max)
o
Set Restore+Initialize to Hard Reset fw, wait
o Power OFF router/open WiFi*, modem
o Repeat for node
o Disconnect node WAN, LAN; place in range of router 5.0 WLAN
o Wire router WAN to modem, LAN to PC
o Power ON modem, wait; then router
o
Perform QIS and configuration
Wireless
- enable Smart Connect; set WLANs to same SSIDs OE/OE
Or, disable SC; set WLANs to different SSIDs OE/OE-50 (user band steers/segregates clients/traffic)
- set 2.4/5.0 SSIDs (Aa-Zz 0-9 space,.'&()-); Hide SSID No; Wireless Mode Auto, disable 11b; enable 802.11ax/WiFi6 mode*
- set 2.4/5.0 Authentication Method to WPA2/WPA3-Personal*, same WPA Key (Aa-Zz 0-9), Protected Management Frames to Capable
Beware
compatibility
-
set 2.4/5.0 max Channel Bandwidth, Control Channel
Wireless Log lists noise, 5.0 DFS status, wireless client/backhaul connection detail
For US Region Fixed bw and ch range given, determine ch with least noise <-84dBm and best connections >-74dBm RSSI
If radio interference persists, switch to Unfixed settings to let router vary bw/ch to coexist
Clients decide/connect with their best wireless mode, authentication method, bandwidth permitted
2.4 Fixed = 20MHz bw, ch 1-6-11
2.4 Unfixed = 20MHz bw, ch Auto
US FCC U-NII Device Regulations
5.0 Fixed-1,2a = 160MHz bw, ch 36-48,
52-64 (exclude DFS/2a)
5.0 Fixed-2c = 160MHz bw, ch
100-128 (exclude DFS/2c)
5.0 Unfixed-1,2a,2c,3 = 20/40/80/160MHz bw, ch Auto, exclude DFS/2a,2c (36-48,
52-64,100-144,149-165)
5.0 Fixed-1,3 = 80MHz bw, disable 160MHz, ch 36-48,149-161
5.0 Unfixed-1,3 = 20/40/80MHz bw, disable 160MHz, ch Auto, exclude DFS/2a,2c (36-48,
52-64,100-144,149-165)
Start with
5.0 Fixed-1,2a; if ALL clients/nodes support DFS bands U-NII-2a,2c, include respective DFS/2a,2c control channels and 5.0 Fixed-2c (DFS delays WLAN startup). If RADAR/DFS prohibits using bands 2a,2c, switch to
5.0 Fixed-1,3 (no DFS; max Tx power; no LTE on ch 36-48)
6.0 (WiFi6e; more spectrum; no DFS; less range; not on Win10)
- disable WPS*
- confirm 2.4/5.0 Roaming Assistant enabled
Or, disable 2.4/5.0 RA
- confirm 2.4/5.0 Airtime Fairness disabled (compatibility)
- disable 2.4/5.0 Universal Beamforming (proprietary)
LAN
- set router LAN IP (192.168.1.1), DHCP server IP Pool of dynamic and manually-assigned/reserved IPs (pool .10-254 leaves IPs .1-9 for static use on clients)
WAN
- disable UPnP*
- set DNS Server1,2, DNS-over-TLS (DoT), Strict, DoT Server1,2*
(1.1.1.2, 1.0.0.2, security.cloudflare-dns.com)
Other DNSPs (9.9.9.9, 149.112.112.112, dns.quad9.net)
DNS Check
- disable SIP Passthrough (VoIP)
Firewall
- confirm firewalls enabled*
Administration
- confirm Login Captcha enabled*
- set USB Mode to USB 2.0 (shield 2.4 WLANs from USB 3.x EMI)
- set Time Zone, DST (Mar, 2nd Sun; Nov, 1st Sun)
- confirm Telnet, SSH, Web Access from WAN disabled*
- confirm Auto Firmware Upgrade disabled*
- confirm Security Upgrade enabled*
o Policy\Withdraw disables Trend Micro features
AiMesh
o Power ON reset node, wait
o
Confirm all WLANs are broadcasting/stable
- if wireless backhaul only, confirm WPS enabled before and disabled after adding node*
- if ALL nodes are wired backhaul only, enable Ethernet Backhaul Mode to disable all wireless backhauls (all WiFi for client use only; no failover)
- search/add node, wait
- set router/node LEDs OFF, if not needed
- confirm node Backhaul Connection Priority Auto (Ethernet-based)
- disable node USB Application media servers, Network Place Share
- update AiMesh Mode for existing GNP VLANs
Guest Network Pro
o GNP (SDN) VLANs w/DHCP, 5 max
o Predefined
Guest Portal defective on node
o Custom
- set 2.4/5.0 WLANs OE Guest/OE Guest; VID 52; WPA2/WPA3-Personal; Access Intranet disabled*; DHCP Server enabled (192.168.52.*); AP Isolated enabled; all nodes
- set 2.4 WLANs OE IoT; VID 53; WPA2/WPA3-Personal; Access Intranet disabled*; DHCP Server enabled (192.168.53.*); DNS Server 1.1.1.2, 1.0.0.2 (DoT blocks Wyze cam setup); AP Isolated enabled; all nodes
AiProtection
- enable AiProtection*
USB Application
- disable media servers, Network Place Share
SMB 2.0 support
o Logout, wait
o Power OFF-pause-ON router, wait
o
Shields UP! to test WAN ports*
o
Speed Test
o
Deploy node high, in the clear, in range of router 5.0 WLAN >-74dBm RSSI; not too near >-54dBm/far <-74dBm/many; not low/behind/obstructed/one-directly-over-the-other
Do not co-locate with other 2.4/5/6GHz EMI
Disable unused WiFi Direct APs in printers, etc.
o Tilt/tighten antennas (~2dBi gain)
\ | | / for multi-orientation coverage
o Vary node location/orientation to adjust 5.0 WLAN coverage to affect roaming/node steering (a small change can matter)
o Connect a wired backhaul from router LAN to node WAN
Other scenarios
Beware
managed switches
o Adjust
SC rules to affect band steering (not likely)
o Increment RA RSSI threshold from -70dBm until stationary clients reboot to near node
o Reboot AiMesh\System, wait; reboot unhealthy nodes/backhauls, wait; then reboot/reconnect clients to affect change/clear conditions
o Confirm integrity of cables/connectors (RG-59/Cat5e min; respect min bend radius of cable; clean dirty contacts)
o Wire stationary clients
o Upgrade client network adapter driver
o Configure client WLAN adapter properties to affect band steering, roaming aggressiveness; forget connections to clear conditions and only make connection needed
o Avoid app/voice admin*
o Let settle and use new network before adding to it, one change at a time; make notes
o Save configuration to .cfg file for recovery (revert; Hard Reset; restore .cfg) before experimenting
Upgrade (10 min)
o Browse notes
o Save configuration to .cfg file
o Download/extract fw to wired PC
Verify ASUSWRT file checksum value
Review release notes
o Eject/disconnect USB storage (free RAM; secure data)*
o Reboot AiMesh\System, wait (free RAM)
o Upload fw to node(s), WAIT; then root node, WAIT
o
Reconfigure before too much troubleshooting
Reconfigure (20 min)
o Remove node(s) from AiMesh to auto Reset fw, wait
o Set root node Restore+Initialize to Hard Reset fw, wait
o Configure AiMesh from scratch (do not restore .cfg file)
OE