My ASUSWRT 4.0 AiMesh
cable ISP, 372/11Mbps
2.4/5.0 WiFi-6 router RT-AX86U_Pro_3.0.0.4.388.24199
WLANs w/Smart Connect enabled (same chs, same SSIDs, all nodes)
Guest1 WLANs enabled, same SSIDs, all nodes
2.4 Fixed, ch 11x20, -96dBm noise
5.0 Fixed-1,2a, ch 36x160, -91dBm noise
2.4/5.0 Roaming Assistant enabled, -70/-70dBm
Cloudflare encrypted DNS w/malsite blocking
AiProtection enabled
2.4/5.0 WiFi-6 node RT-AX86U_3.0.0.4.388.24231 at 77' (5.0 -64dBm)
wired backhaul,
2.5GbE MoCA 2.5, 2.5Gbps
wireless backhauls disabled
AiMesh extends coverage, improves roaming, simplifies admin, maintains backhauls and a backup router as node, and can be incrementally built/updated. No account, app, controller, subscription, fee required.
Install
* Security-related
o 2.4/5.0/6.0 = 2.4/5/6GHz bands
o AiMesh = router/AP root node + 4 nodes max (2 daisy-chained max)
Mixing models/topologies/backhauls is permitted
AP Mode root node is wired to non-AiMesh LAN
EOL
o
FW Reset FAQ
Reset button/webUI Restore/node removal clears settings in NVRAM; reboot restores fw defaults from CFE
Hard Reset via WPS button/webUI Restore+Initialize also clears data logged in /jffs partition
o Confirm ISP cable shield is grounded to electric Earth at demarc*
o Use a UPS to protect data/hardware*
o Make notes
o
Power OFF router, modem, wait (cycle power)
o Wire router WAN to modem, LAN to PC
o Power ON modem, wait
o Power ON router, wait
Monitor LEDs; Power LED flashes ~3 times when ready
o
Hold Reset button until Power LED flashing to Reset fw, wait
o Browse to router LAN IP (default 192.168.50.1) to access webUI
o
Perform Quick Internet Setup (QIS) to check/upload fw, WAIT
See new fw link to review release notes
o Browse to sub page /ajax_coretmp.asp to confirm CPU temp <86C (85% Tj max)
o
Set Restore+Initialize to Hard Reset fw, wait
o Power OFF router/open WiFi*, modem
o Repeat for node
o Disconnect node WAN, LAN; place in range of router 5.0 WLAN
o Wire router WAN to modem, LAN to PC
o Power ON modem, wait; then router
o
Perform QIS and configuration
WIRELESS
- enable Smart Connect band steering/failover; set WLANs to same SSIDs OE/OE
Or, disable SC; set WLANs to different SSIDs OE/OE-50 (user band steers/segregates clients/traffic)
- set 2.4/5.0 SSIDs (Aa-Zz 0-9 space,.'&()-); Hide SSID No; Wireless Mode Auto, enable 802.11ax/WiFi6 mode*
- set 2.4/5.0 Authentication Method to WPA2/WPA3-Personal*, same WPA Key (Aa-Zz 0-9), Protected Management Frames to Capable
Beware
compatibility
-
set 2.4/5.0 max Channel Bandwidth, Control Channel
Wireless Log lists noise, 5.0 DFS status, client/node connection detail
For Fixed bw and US ch range given, determine ch with least noise <-84dBm and best connections
If radio interference persists, switch to Unfixed settings to let router vary bw/ch to coexist
Clients decide/connect with their best wireless mode, authentication method, bandwidth permitted
2.4 Fixed = 20MHz bw, ch 1-6-11
2.4 Unfixed = 20MHz bw, ch Auto
US FCC U-NII Device Regulations
5.0 Fixed-1,2a = 160MHz bw, ch 36-48,
52-64 (exclude DFS/2a)
5.0 Fixed-2c = 160MHz bw, ch
100-128 (exclude DFS/2c)
5.0 Fixed-3,4 = 160MHz bw, ch 149-161,165-177 (exclude 4)
5.0 Unfixed-1,2a,2c,3 = 20/40/80/160MHz bw, ch Auto, exclude DFS/2a,2c (36-48,
52-64,100-144,149-165)
5.0 Fixed-1,3 = 80MHz bw, disable 160MHz, ch 36-48,149-161
5.0 Unfixed-1,3 = 20/40/80MHz bw, disable 160MHz, ch Auto, exclude DFS/2a,2c (36-48,
52-64,100-144,149-165)
Start with
5.0 Fixed-1,2a; if all clients/nodes support DFS bands U-NII-2a,2c, include respective DFS/2a,2c control channels and 5.0 Fixed-2c (DFS delays WLAN startup). If RADAR/DFS prohibits using bands 2a,2c, switch to
5.0 Fixed-1,3 (no DFS; max Tx power; no LTE on ch 36-48)
6.0 (WiFi6e; more spectrum; no DFS; less range; not on Win10)
- disable WPS*
- confirm 2.4/5.0 Roaming Assistant node steering enabled
Or, disable 2.4/5.0 RA
802.11k,v support
- confirm 2.4/5.0 Airtime Fairness disabled (compatibility)
- disable 2.4/5.0 Universal Beamforming (proprietary)
LAN
- set router LAN IP (192.168.1.1), DHCP server IP Pool of dynamic and manually-assigned IPs (pool .10-254 leaves IPs .1-9 for static use on clients)
WAN
- disable UPnP*
- set DNS Server1,2, DNS-over-TLS (DoT), Strict, DoT Server1,2
(1.1.1.2, 1.0.0.2, security.cloudflare-dns.com
9.9.9.9, 149.112.112.112, dns.quad9.net)*
Other DNSPs
DNS check
Disable DoT for Wyze client setup
- confirm Primary WAN set to 1G WAN (2.5G port defaults to LAN5 after QIS, or to WAN on a wired node)
Or, set Primary WAN to 2.5G port; wire 2.5G port to modem (default WAN becomes LAN5 after reboot)
- disable SIP Passthrough (VoIP)
FIREWALL
- confirm firewalls enabled*
ADMINISTRATION
- confirm Login Captcha enabled*
- set USB Mode to USB 2.0 (shield 2.4 WLANs from USB 3.x EMI)
- set Time Zone, DST (Mar, 2nd Sun; Nov, 1st Sun)
- confirm Telnet, SSH, Web Access from WAN disabled*
- confirm Auto Firmware Upgrade disabled*
o Privacy\Withdraw disables Trend Micro features
AiMESH
o Power ON reset node, wait
o
Confirm all WLANs are broadcasting/stable
- if wireless backhaul only, confirm WPS enabled before and disabled after adding node*
- search/add node, wait
- if all nodes are wired backhaul, enable Ethernet Backhaul Mode to disable all wireless backhauls (all WiFi for client use only; no failover)
- set router/node LEDs OFF
- confirm node Backhaul Connection Priority Auto (Ethernet-based)
- disable node USB Application media servers, Network Place Share
GUEST NETWORK
- set Guest1 WLANs (use Guest2 on standalone router) to same SSIDs OE Guest/OE Guest, WPA2/WPA3-Personal, same WPA Key, Access intranet disabled*, all nodes
Guest1 WLANs can be on all nodes; IPs 101.x/102.x (non-reserveable); VLANs 501/502
Guest2,3 WLANs are on root node only
AiPROTECTION
- enable AiProtection*
ADAPTIVE QoS
- disable UPnP control*
USB APPLICATION
- disable media servers, Network Place Share
SMB 2.0 support
o Logout, wait
o Power OFF-pause-ON router, wait
o Browse to
Shields UP! to scan port security*
o
Deploy node high, in the clear, in range of router 5.0 WLAN >-74(-64)dBm RSSI; not too near/far/many; not low/behind/obstructed/one-over-the-other
Use a mobile WiFi analyzer app to space nodes ~-64dBm apart
Do not co-locate with other 2.4/5/6GHz EMI
Disable unused WiFi Direct APs in printers, etc.
o Tilt \ | / antennas (~2dBi gain) for multi-orientation coverage
o Vary node location/orientation (a small change can matter) to adjust 5.0 WLAN coverage to affect roaming/node steering
o Connect a wired backhaul from router LAN to node WAN
Other scenarios
Beware
managed switches
o Adjust
SC rules to affect band steering (not likely)
o Increment RA RSSI threshold from -70dBm until stationary clients boot to near node
o Reboot AiMesh\System, wait; reboot unhealthy nodes/backhauls, wait; then reboot clients to affect change/clear conditions
o Confirm integrity of cables/connectors (RG-59/Cat5e min; respect min bend radius of cable; clean dirty contacts)
o Wire stationary clients
o Upgrade client network adapter driver
o Configure client WLAN adapter properties to affect band steering, roaming aggressiveness; forget connections to clear conditions and only make connection needed
o Avoid app/voice admin*
o Let settle and use a new network before adding to it, one change at a time
Upgrade (10 min)
o Browse your notes
o Save configuration to .cfg file for recovery (revert; Hard Reset; restore .cfg)
o Download/extract fw to wired PC
Verify ASUSWRT file checksum value
Review release notes
o Eject/disconnect USB storage (free RAM; secure data)*
o Reboot AiMesh\System, wait (free RAM)
o Upload fw to node(s), WAIT; then root node, WAIT
o
Reconfigure before too much troubleshooting
Reconfigure (20 min)
o Remove node(s) from AiMesh to auto Reset fw, wait
o Set root node Restore+Initialize to Hard Reset fw, wait
o Configure root node from scratch (do not restore .cfg)
OE