What's new

[Official Release] AiMesh Firmware v3.0.0.4.384.20308 for All Supported Products

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Any idea what this line in my system log is trying to tell me? I don't use aimesh. Many thanks. Ed
upload_2018-2-3_11-56-18.png
 
I think that is way oversimplified. If AiMesh depended on Roaming Assistant to force a handoff, then why would we need AiMesh? Just name all SSIDs the same and set the WiFis to the same channel.
I have RA off and my phone still switches to the better node as I move around - even when the old node's signal is more than adequate.

That's essentially what you are doing when you turn RA off. It seems like in your situation with your distant clients that they disconnected but there wasn't a better node for them to connect to. To me that says you need another node in your mesh. -80dB might be fine for your irrigation but I doubt that would be great for streaming. If you look at the marketing page asus.com/aimesh it seems there is a lot more to the aimesh system than just two APs using the same SSID and channels.

At any rate, maybe @arthurlien can clarify if Aimesh depends on Roaming Assist since we are all just guessing.
 
Small Bug on WPS Setting

My AiMesh Devices is as below on my Signature.

Using Wireless Explorer on Mac, I observed the following behaviour for WPS Settings

(1) AiMesh Router: RT-AC5300
  • WPS On / Off works as expected for All 3 Channels 2.4 GHz, 5.0 GHz (low), 5.0 GHz (high)
(2) AiMesh Nodes: RT-AC86U
  • WPS On / Off has no effect
  • WPS on 2.4GHz Channel is always ON
  • WPS on 5.0GHz Channel is always OFF
PS: I am aware that WPS has to be turn on when searching of AiMesh Node, I am turning off only after searching. It was reported in earlier firmware.

I have a small possible bug with WPS, too. This has been over the past two firmware updates, including this one. It is disabled on my router, both bands. However, my wifi location app on my phone shows the node on 2.4 has WPS active. I know it has to be on to pair, but once it is paired, does the node need to keep it on for some reason (even though it is off on the router)?
 
That's essentially what you are doing when you turn RA off. It seems like in your situation with your distant clients that they disconnected but there wasn't a better node for them to connect to. To me that says you need another node in your mesh. -80dB might be fine for your irrigation but I doubt that would be great for streaming. If you look at the marketing page asus.com/aimesh it seems there is a lot more to the aimesh system than just two APs using the same SSID and channels.

At any rate, maybe @arthurlien can clarify if Aimesh depends on Roaming Assist since we are all just guessing.
Not at all. By turning it off and watching the signal on the phone switch on its own to a better signal, it is indeed AiMesh behind the scene triggering the switch. Otherwise, my phone would not of switched while I still had a good-enough signal.

AFA needing another node, no. The mentioned irrigation controller client is 10 ft from a node. But I only put these things on an isolated Guest network. Since only the main router supports Guest, the signal travels a much longer distance and through several interior and an exterior wall. Most distant things I have on guest net have low bandwidth requirements. Also have garage door controller and a couple thermostats. My higher bandwidth guest clients (a couple security cameras) are close enough to the base to do just fine.
 
I have a possible bug here, apologies if I'm doing this wrong or if it's already known.

I just upgraded to 20308 on my two AT-AC3100s (1 router, 1 node). This is the first firmware update I pushed to a node. I updated the router manually, went fine. I tried to update the node manually and it pops up a log-in screen. I log in using my credentials, it asks me the file to upload, which I select, but then it bounces right back to the "upload" button in the pop-up screen, and I can't do anything from there. There's no indication that it is uploading. The note says manual will only update the router, but it still gives the option to upload to the node (which is what I did).

The only way I was able to update the node was to use the "check" button, then have it auto update. That worked per usual, but the manual update isn't working for me with my node. Moving forward, I anticipate that it should update both router and node automatically when I use the check button, but I won't know until the next update gets pushed.

I did get the GUI firmware glitch once after the update, but it hasn't come back since a reboot. Hopefully it'll stay away, but if it pops back up, I'll report the issue since I know 20308 was supposed to fix it.
I thought the only purpose of 20308 was to fix the update bug. So it would make sense that the 20308 install would still be exposed to the bug. Should be better next time.
 
I thought the only purpose of 20308 was to fix the update bug. So it would make sense that the 20308 install would still be exposed to the bug. Should be better next time.
I thought it was to fix the problem where upon clicking into the firmware update page, it starts "loading" an update (i.e., it isn't actually uploading anything). Was it also supposed to fix the inability to manually update a node? If so, then I missed that and only noticed now because this was the first update I've tried to do since setting up my mesh.
 
Not at all. By turning it off and watching the signal on the phone switch on its own to a better signal, it is indeed AiMesh behind the scene triggering the switch. Otherwise, my phone would not of switched while I still had a good-enough signal.

AFA needing another node, no. The mentioned irrigation controller client is 10 ft from a node. But I only put these things on an isolated Guest network. Since only the main router supports Guest, the signal travels a much longer distance and through several interior and an exterior wall. Most distant things I have on guest net have low bandwidth requirements. Also have garage door controller and a couple thermostats. My higher bandwidth guest clients (a couple security cameras) are close enough to the base to do just fine.

Well here is what Arthur said about it. Guess he could be mistaken.

Original Question:
I know this option. Not quite sure if roaming assistant still required with AiMesh on? I saw somebody reported roaming assistant will make the connection drops, and AiMesh can steer a STA to choose a strong alternative even without Roaming assistant, is this true?

Arthur's reply:
I am not sure what happened to make somebody reported that. If you disabled Roaming Assistant, the AiMesh Router/Node will not handle the STA handoff in each Router/Node.​


Out of curiosity did you disable Roaming Assistant on only one of the radios or on all of the radios? Also, if I remember correctly before Aimesh there is no way we could have setup this type of mesh network using a wireless backhaul without using 3rd part firmwares. So in addition to the seamless roaming Aimesh also lets you create a mesh network using wireless backhauls. Previously we only had media bridge mode which would let you have a node connected wirelessly but then you could only use the ethernet ports on the node.
 
Last edited:
Well here is what Arthur said about it. Guess he could be mistaken.

Original Question:
I know this option. Not quite sure if roaming assistant still required with AiMesh on? I saw somebody reported roaming assistant will make the connection drops, and AiMesh can steer a STA to choose a strong alternative even without Roaming assistant, is this true?

Arthur's reply:
I am not sure what happened to make somebody reported that. If you disabled Roaming Assistant, the AiMesh Router/Node will not handle the STA handoff in each Router/Node.​


Out of curiosity did you disable Roaming Assistant on only one of the radios or on all of the radios?
Well it turns out I only had Roaming off on 2.4Ghz (where my problem clients live). The 5 Ghz band still has it enabled. I thought my phone was on 2.4 but checking now it was on 5. So the hand-off happened with RA on. After switching the phone to 2.4Ghz it appears that it doesn't hand-off. I have good enough wifi coverage that the signal doesn't ever get poor enough to drop on its own.
So, I guess I eat crow and have to admit that my observations agree with Arthur. I'm still leaving the 2.4GHz Roaming off due to my distant client issues.
 
Well it turns out I only had Roaming off on 2.4Ghz (where my problem clients live). The 5 Ghz band still has it enabled. I thought my phone was on 2.4 but checking now it was on 5. So the hand-off happened with RA on. After switching the phone to 2.4Ghz it appears that it doesn't hand-off. I have good enough wifi coverage that the signal doesn't ever get poor enough to drop on its own.
So, I guess I eat crow and have to admit that my observations agree with Arthur. I'm still leaving the 2.4GHz Roaming off due to my distant client issues.


Awesome discussion guys, thanks!

So it looks like RA should be on.

Dan
 
Awesome discussion guys, thanks!

So it looks like RA should be on.

Dan
It appears so, and hopefully Asus can get the guest network figured out so that it propagates to all the nodes and you won't have to turn it off due to that restriction. They mentioned they are working on it but no guarantees. Kind of sucks that Mr. Schwerer has a node 10ft from his problem client but can't use that node due to that limitation.
 
Well it turns out I only had Roaming off on 2.4Ghz (where my problem clients live). The 5 Ghz band still has it enabled. I thought my phone was on 2.4 but checking now it was on 5. So the hand-off happened with RA on. After switching the phone to 2.4Ghz it appears that it doesn't hand-off. I have good enough wifi coverage that the signal doesn't ever get poor enough to drop on its own.
So, I guess I eat crow and have to admit that my observations agree with Arthur. I'm still leaving the 2.4GHz Roaming off due to my distant client issues.

I had RA off for both 2.4G and 5G since the beta. I found it still switch without RA, the speed of switching is the same either on or off, just very slow in 20308, way slower then 10007. With RA on my note 8 had problem roaming between node, it just disconnect and reconnect to another node just like without AImesh evenRA set to -70dB, and there is at least 2~3 second my note 8 are not connect to wifi. I tried set a higher setting such as -55dBm to force the switch but this just make things worse. Due to this I keep the RA off, at least my note 8 can keep the wifi connect.

p.s. worst case signal for 2.4G and 5G in my house is -65dbm
 
Last edited:
It appears so, and hopefully Asus can get the guest network figured out so that it propagates to all the nodes and you won't have to turn it off due to that restriction. They mentioned they are working on it but no guarantees. Kind of sucks that Mr. Schwerer has a node 10ft from his problem client but can't use that node due to that limitation.
I'm not chomping at the bit to get Guest on nodes unless they can also assure isolation of node Guest traffic. I think that would require a major re-work because the main router currently doesn't know if a packet coming from a node was from a guest connection. Notice that on the router's Client List, you can't tell which clients are "normal" and which are "guest"? In fact, the router client list shows all guest clients as wired - which is impossible by definition. So the router doesn't even know anything about this traffic. Not even the receiver it came from.

<Rant On>
Should Guest be implemented on Nodes?
AiMesh Guest isn't really broken. They just don't support it on nodes. That's because it is, and always has been, a serious security hole on anything other than the primary router. But in the traditional router <-> AP model, the user/administrator had the option of maintaining LAN security by not setting up Guest on AP(s). With AiMesh, I think the best we can hope for (short term) is a config option on whether Guest settings get propagated to nodes. Then the risk/reward decision can be placed on the administrator of the LAN.
Realize that the purpose of Guest is to keep a group of users/clients out of the private LAN and still allow them internet access. Unless and until a way is implemented to support Guest isolation on mesh nodes, it defeats the primary purpose of Guest. Users who count on Guest isolation shouldn't be forced to decide whether abandon use of Guest, or live with a serious security hole. If you absolutely need Guest access in a remote location (beyond the reach of the router), get a cheap wireless AP and integrate it into your LAN with it's own SSID/password. It will still be insecure (not isolated) but that's the risk you are asking all of us to take.
<Rant Off>
 
I'm not chomping at the bit to get Guest on nodes unless they can also assure isolation of node Guest traffic. I think that would require a major re-work because the main router currently doesn't know if a packet coming from a node was from a guest connection. Notice that on the router's Client List, you can't tell which clients are "normal" and which are "guest"? In fact, the router client list shows all guest clients as wired - which is impossible by definition. So the router doesn't even know anything about this traffic. Not even the receiver it came from.

<Rant On>
Should Guest be implemented on Nodes?
AiMesh Guest isn't really broken. They just don't support it on nodes. That's because it is, and always has been, a serious security hole on anything other than the primary router. But in the traditional router <-> AP model, the user/administrator had the option of maintaining LAN security by not setting up Guest on AP(s). With AiMesh, I think the best we can hope for (short term) is a config option on whether Guest settings get propagated to nodes. Then the risk/reward decision can be placed on the administrator of the LAN.
Realize that the purpose of Guest is to keep a group of users/clients out of the private LAN and still allow them internet access. Unless and until a way is implemented to support Guest isolation on mesh nodes, it defeats the primary purpose of Guest. Users who count on Guest isolation shouldn't be forced to decide whether abandon use of Guest, or live with a serious security hole. If you absolutely need Guest access in a remote location (beyond the reach of the router), get a cheap wireless AP and integrate it into your LAN with it's own SSID/password. It will still be insecure (not isolated) but that's the risk you are asking all of us to take.
<Rant Off>

I think the router knows a lot more about where the packets come from than the UI is leading you to believe. This can easily be done with VLANs if Asus allowed it via the firmware. Tomato firmware allows it. Orbi from netgear can do it. At any rate, I agree especially in today's climate that security should be paramount.
 
I'm not chomping at the bit to get Guest on nodes unless they can also assure isolation of node Guest traffic. I think that would require a major re-work because the main router currently doesn't know if a packet coming from a node was from a guest connection. Notice that on the router's Client List, you can't tell which clients are "normal" and which are "guest"? In fact, the router client list shows all guest clients as wired - which is impossible by definition. So the router doesn't even know anything about this traffic. Not even the receiver it came from.

<Rant On>
Should Guest be implemented on Nodes?
AiMesh Guest isn't really broken. They just don't support it on nodes. That's because it is, and always has been, a serious security hole on anything other than the primary router. But in the traditional router <-> AP model, the user/administrator had the option of maintaining LAN security by not setting up Guest on AP(s). With AiMesh, I think the best we can hope for (short term) is a config option on whether Guest settings get propagated to nodes. Then the risk/reward decision can be placed on the administrator of the LAN.
Realize that the purpose of Guest is to keep a group of users/clients out of the private LAN and still allow them internet access. Unless and until a way is implemented to support Guest isolation on mesh nodes, it defeats the primary purpose of Guest. Users who count on Guest isolation shouldn't be forced to decide whether abandon use of Guest, or live with a serious security hole. If you absolutely need Guest access in a remote location (beyond the reach of the router), get a cheap wireless AP and integrate it into your LAN with it's own SSID/password. It will still be insecure (not isolated) but that's the risk you are asking all of us to take.
<Rant Off>

@Ronald Schwerer I can see what you are saying makes good sense, but just want to point out that Guest Networks have other simpler uses that don’t require Guest Isolation.

In my case in my current setup (4 X old non-ASUS, non-AIMesh AP’s with separate main router that has NO wifi) I have never had Guest Isolation, but use the Guest Network on all 4 of my AP’s merely to be able to assign short-term Guest wifi passwords which I can then change or turn off without changing the “main” wifi password for the house.

So I’d like to be able to have the same setup (but centrally managed) when I roll out my 4 X AC68P AIMesh AP’s to replace them ... which would mean Guest Networks would need to propagate to the Nodes.

I know what you want, and it’s a good aspiration, albeit much more complex I suspect ... but just pointing out the non-isolated “propagated” version of Guest would still have its place for at least some of us.

StephenH
 
@Ronald Schwerer I can see what you are saying makes good sense, but just want to point out that Guest Networks have other simpler uses that don’t require Guest Isolation.

In my case in my current setup (4 X old non-ASUS, non-AIMesh AP’s with separate main router that has NO wifi) I have never had Guest Isolation, but use the Guest Network on all 4 of my AP’s merely to be able to assign short-term Guest wifi passwords which I can then change or turn off without changing the “main” wifi password for the house.

So I’d like to be able to have the same setup (but centrally managed) when I roll out my 4 X AC68P AIMesh AP’s to replace them ... which would mean Guest Networks would need to propagate to the Nodes.

I know what you want, and it’s a good aspiration, albeit much more complex I suspect ... but just pointing out the non-isolated “propagated” version of Guest would still have its place for at least some of us.

StephenH
I know there are legitimate needs for Guest to allow limited net access without need to share the private SSID password. Cases where LAN security is not the primary concern. All I'm asking for - if not isolation, a means to allow administrators to decide if nodes handle guest logins. Preferably a checkbox in the Guest setup that said whether the Guest login should be propagated. But I'd even be happy if I could ssh into the node and disable it, as long as it persists over a reboot.
 
What's the best ASUS option other than an 86U at this point for the latest and greatest that isn't a standup unit? The 86U being standup is limiting it's placement, I might try it behind the OLED TV, not sure how bad that will kill the signal.
 
@Ronald Schwerer I can see what you are saying makes good sense, but just want to point out that Guest Networks have other simpler uses that don’t require Guest Isolation.

In my case in my current setup (4 X old non-ASUS, non-AIMesh AP’s with separate main router that has NO wifi) I have never had Guest Isolation, but use the Guest Network on all 4 of my AP’s merely to be able to assign short-term Guest wifi passwords which I can then change or turn off without changing the “main” wifi password for the house.

So I’d like to be able to have the same setup (but centrally managed) when I roll out my 4 X AC68P AIMesh AP’s to replace them ... which would mean Guest Networks would need to propagate to the Nodes.

I know what you want, and it’s a good aspiration, albeit much more complex I suspect ... but just pointing out the non-isolated “propagated” version of Guest would still have its place for at least some of us.

StephenH
In short, multi ssid, good when don't need any isolation
 
I'm not chomping at the bit to get Guest on nodes unless they can also assure isolation of node Guest traffic. I think that would require a major re-work because the main router currently doesn't know if a packet coming from a node was from a guest connection. Notice that on the router's Client List, you can't tell which clients are "normal" and which are "guest"? In fact, the router client list shows all guest clients as wired - which is impossible by definition. So the router doesn't even know anything about this traffic. Not even the receiver it came from.

This seems solvable to me, as follows:
  1. Implement VLAN support. Put guest networks on a different VLAN. While there is no support for this in the UI currently, I've seen some stuff about adding VLANs during boot from the command line, so at some level the router does support it..
  2. There needs to be some communication between the nodes and the main access point for doing DHCP IP assignment directly from the node, where it knows whether you are connecting to the guest or the main SSID, instead of always getting the DHCP assignment from the main router. Basically node having a DHCP server that proxies the main router DHCP server, with some indicator it sends to get a guest IP instead of a main LAN IP.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top