Tutorial Optimized settings for XT12 / XT8

[leventozler]

I've been using two XT12s and one XT8 with old firmware as AP, until I decided to move from Edgerouter to Opnsense, and add multiple VLANs via latest firmware.

I spent days messing around settings, noticed I had horrible 2.4Ghz performance, clients were jumping around nodes, nodes were disconnecting etc.

Just wanted to share my settings and what I've learned, while stuff is fresh in my head.

2.4 GHz

Wireless Mode: Leave Auto. Changing it to N-only doesn't do anything, but when you leave Auto and Disable 11b, it sets wl0_rateset=ofdm and you end up with g/n/ax. ofdm becames default, minimum rate increases to 6Mbps. There is no other way to change/increase rates or turn off legacy modes.

WiFi Agile Multiband: Used to enable it, can't see any difference it makes.

Target Wake Time: Not used in Apple products, now keeping it disabled.

Channel bandwidth: 20 MHz

Control channel: Get "Wifi Explorer" app, it has trial version. Check channel utilization and select an empty one.

Authentication Method: Used to enable WPA3, now keeping WPA2 to keep Protected Management Frames off.

Roaming assistant: Disabled, never saw any benefits.

Bluetooth Coexistence: Disable

Enable IGMP Snooping: Enable

Multicast Rate(Mbps): Auto, some sources say changing it affects Basic Rate, but it does not.

Preamble Type: Short

DTIM Interval: 1, some recommend 3 for Apple, but I opted to increase Beacon Interval instead.

Beacon Interval: 300

Using guest network pro creates huge number of ssids multiplied by nodes. So if you have 3 guest networks (iot, guest, bonjour) + 1x 2.4 standard + 1x 5GHz-1 standard + 1x 5GHz-2 backhaul + 1x hidden asus ssid X 3-nodes = 21 SSID. So I opted to increase the beacon interval.

Enable TX Bursting: Disable

Airtime Fairness: Disable

Multi-User MIMO: Disable, I don't have that many concurrently active devices.

OFDMA/802.11ax MU-MIMO: Disable

Explicit/Universal Beamforming: Disable, I think this was the major reason for high-latency, disabling improved latency a lot on 2.4 GHz

5 GHz-1

Mostly same except OFDMA/802.11ax MU-MIMO set to DL/UL OFDMA.

Other Notes

These settings helped a lot with latency, connection problems etc. If you're using more than one nodes, some settings don't sync with them.

For example, beacon interval, WPS button setting, or gtk rekey interval don't sync. You need to exec following on nodes to set them.

# WPS button to light
nvram set btn_ez_mode=1

# Beacon Interval
nvram set wl0_bcn=300
nvram set wl1_bcn=300
nvram set wl2_bcn=300

# Frame Bursting
nvram set wl0_frameburst=off

# Disable Mu-MIMO
nvram set wl0_mu_features=0
nvram set wl0_mumimo=0
nvram set wl1_mu_features=0
nvram set wl1_mumimo=0
nvram set wl2_mu_features=0
nvram set wl2_mumimo=0

# Short Preamble
nvram set wl0_plcphdr=short

# Save
nvram commit

And some last modifications for main node. Remember, I'm using them AP mode.

# Disable Firewall
nvram set fw_enable_x=0

# LAN spanning tree protocol
nvram set lan_stp=0

# Disable Band Steer Daemon - Default 3
# 0:Disable, 1:Primary, 2:Helper, 3:Standalone
nvram set bsd_role=0

# Unlock Region
nvram set location_code=#a

# Disable Samba
nvram set enable_samba=0

# Disable Asus Tunnel
nvram set aae_disable_force=1

# Disable Agile Multiband
nvram set mbo_enable=0

# Disable Samba Deamon
nvram set smbd_enable=0

# Disable UPNP
nvram set upnp_enable=0

# Disable USB
nvram set usb_enable=0

The one last little quirk is, nodes (not the main unit) do some scan every 5mins

Apr 29 14:35:45 AMAS_SSD: [do_site_survey] [pid:30594] unit(2) Scan failed, total scan results counts = 0
Apr 29 14:40:43 AMAS_SSD: [do_site_survey] [pid:31726] unit(2) Scan failed, total scan results counts = 0
Apr 29 14:45:42 AMAS_SSD: [do_site_survey] [pid:328] unit(2) Scan failed, total scan results counts = 0

It seems to have something to do with "amas_wlc_action" but couldn't figure it out.

 

[leventozler]

Couple more things, if you're using Philips Hue or other Zigbee devices, check the freq chart and change the channels; https://haade.fr/en/blog/interference-zigbee-wifi-2-4ghz-to-know

If you're using eufy cameras, they kill the 2.4 connections.

I also have an LG speaker system that's using/killing unii-4 bands. WiFi Explorer was great help to figure this one out by watching utilization while turning the sound bar on/off.

 

[Tech9]

Disable Firewall, UPnP, USB... in AP Mode and XT12? Unlock Region... good luck.

 

[leventozler]

I know the less you change the better it will be, and I read tons of your posts. Thanks for all the info.

The most important thing for me was disabling both beamforming settings. That was creating huge latency spikes every 5-10 seconds on 2.4 and some on 5 Ghz.

Forcing ofdm on 2.4 Ghz and increasing beacon interval also helped with latency.

Firewall, upnp, samba, asus tunnel, usb stuff didn't help with anything, never used them, but it didn't hurt to set them disabled.

The last hurdle was that AMAS_SSD stuff, running (or logging) only on nodes. Without region unlock, every 300 seconds it was knocking down 5 GHz radios only on nodes, and turning them back on after 60 seconds. Same with the latest Merlin beta. Now, nodes run a site survey every 5 minutes, it fails without any problems.

Everything is as stable as it can be. No latency spikes, no disconnects, no roaming problems.

 

[Tech9]

XT12 doesn't have USB port and Firewall, UPnP (and all routing related features) are disabled in AP Mode anyway. Region lock on this router is at least in 3 different places and is applied before Asuswrt even loads. You are not unlocking anything with this NVRAM value.

 

[leventozler]

XT12 doesn't have USB port and Firewall, UPnP (and all routing related features) are disabled in AP Mode anyway. Region lock on this router is at least in 3 different places and is applied before Asuswrt even loads. You are not unlocking anything with this NVRAM value.

I also have XT8s as standalone APs, and these settings apply both models, as the title of this post suggests.

 

[Tech9]

The same applies to XT8 in AP Mode. The only difference is the USB, but you don’t need to do anything with it.

 

[2301]

XT12 doesn't have USB port and Firewall, UPnP (and all routing related features) are disabled in AP Mode anyway. Region lock on this router is at least in 3 different places and is applied before Asuswrt even loads. You are not unlocking anything with this NVRAM value.

What is region lock?

 

[OzarkEdge]

What is region lock?

Google 'router region lock' and read about it.

OE

 

[paul85eng]

What settings do you suggest for 5ghz-2 when its used for back haul.

Do you still suggest disabling all beamforming and mu-mimo?

 

[leventozler]

What settings do you suggest for 5ghz-2 when its used for back haul.

Do you still suggest disabling all beamforming and mu-mimo?

mu-mimo is useless for backhaul, and beamforming was creating huge latency spikes on my setup.

I'm currently moving to unifi, which is not great with wireless backhaul, but at least it's more stable.

As for recommended settings, at the end I started to setup everything (except the initial wizard and guest networks) via SSH.

Initial wizard, add nodes, add guest networks, just run the setup commands, reboot. Makes it so much easy to upgrade/reset/setup and try different firmware/merlin etc.

# If you are using multiple nodes, setup with one SSID (don't select different SSID for 2.4/5 during setup - it wouldn't reserve 5Ghz-2 as backhaul.)
# Add all the nodes before setting anything up. Merlin: Add SSH keys before adding nodes, otherwise you won't be able to ssh to nodes.

# Disable Smart Connect
nvram set smart_connect_x=0

# Change SSIDs (Optional)
# nvram set wl0_ssid=SSID-Legacy

# Static IP (for AP Mode, set correct local dns address)
nvram set lan_dns1_x=10.0.1.1
nvram set lan_dnsenable_x=0
nvram set lan_domain=wireless.internal
nvram set lan_proto=static
nvram set lan_hostname=SSID-Office

# Enable 160
nvram set wl1_bw_160=1
nvram set wl2_bw_160=1
# 1: 20 3: 80 5: 160
nvram set wl0_bw=1
nvram set wl1_bw=5
nvram set wl2_bw=5
# Channels
nvram set wl0_chanspec=13
nvram set wl1_chanspec=60/160
nvram set wl2_chanspec=124/160

# Disable 11b
nvram set wl0_rateset=ofdm

# WPS button to light
nvram set btn_ez_mode=1

# Frame Bursting
nvram set wl0_frameburst=off

# Multicast Rate (Optional)
nvram set wl0_mrate=6000000
nvram set wl0_mrate_x=4
nvram set wl1_mrate=12000000
nvram set wl1_mrate_x=7

# Disable MIMO
nvram set wl0_mu_features=0
nvram set wl0_mumimo=0
nvram set wl1_mu_features=0
nvram set wl1_mumimo=0
nvram set wl2_mu_features=0
nvram set wl2_mumimo=0

# Disable All Beamforming (fixes random latency spikes)
nvram set wl0_itxbf=0
nvram set wl0_txbf=0
nvram set wl0_txbf_bfe_cap=0
nvram set wl0_txbf_bfr_cap=0
nvram set wl0_txbf_imp=0
nvram set wl1_itxbf=0
nvram set wl1_txbf=0
nvram set wl1_txbf_bfe_cap=0
nvram set wl1_txbf_bfr_cap=0
nvram set wl1_txbf_imp=0
nvram set wl2_itxbf=0
nvram set wl2_txbf=0
nvram set wl2_txbf_bfe_cap=0
nvram set wl2_txbf_bfr_cap=0
nvram set wl2_txbf_imp=0

# Disable Roaming Asistant
nvram set wl0_user_rssi=0
nvram set wl1_user_rssi=0
nvram set wl2_user_rssi=0

# Disable OFDMA (AX Disabled: ofdma 0 he_features 0, OFDMA Disabled: ofdma 0 he_features 3, DL/UL OFDMA: ofdma 2 he_features 15)
nvram set wl0_ofdma=0
nvram set wl0_he_features=3
nvram set wl1_ofdma=2
nvram set wl1_he_features=15
nvram set wl2_ofdma=2
nvram set wl2_he_features=15

# Preamble Short
nvram set wl0_plcphdr=short

# WMM APSD
nvram set wl0_wme_apsd=off
nvram set wl1_wme_apsd=off
nvram set wl2_wme_apsd=off

# WPS
nvram set wl0_wps_mode=disabled
nvram set wl0_wps_reg=disabled
nvram set wl1_wps_mode=disabled
nvram set wl2_wps_mode=disabled
nvram set wps_enable=0
nvram set wps_enable_x=0

# Beacon Interval
nvram set wl0_bcn=300
nvram set wl1_bcn=300
nvram set wl2_bcn=300

# GTK Rekey - Covers Guest networks & backhaul
nvram set wl0.1_wpa_gtk_rekey=86400
nvram set wl0.2_wpa_gtk_rekey=86400
nvram set wl0.3_wpa_gtk_rekey=86400
nvram set wl0.4_wpa_gtk_rekey=86400
nvram set wl0.5_wpa_gtk_rekey=86400
nvram set wl0.6_wpa_gtk_rekey=86400
nvram set wl0.7_wpa_gtk_rekey=86400
nvram set wl0_wpa_gtk_rekey=86400
nvram set wl1.1_wpa_gtk_rekey=86400
nvram set wl1.2_wpa_gtk_rekey=86400
nvram set wl1.3_wpa_gtk_rekey=86400
nvram set wl1.4_wpa_gtk_rekey=86400
nvram set wl1.5_wpa_gtk_rekey=86400
nvram set wl1.6_wpa_gtk_rekey=86400
nvram set wl1.7_wpa_gtk_rekey=86400
nvram set wl1_wpa_gtk_rekey=86400
nvram set wl2.1_wpa_gtk_rekey=86400
nvram set wl2.2_wpa_gtk_rekey=86400
nvram set wl2.3_wpa_gtk_rekey=86400
nvram set wl2.4_wpa_gtk_rekey=86400
nvram set wl2.5_wpa_gtk_rekey=86400
nvram set wl2.6_wpa_gtk_rekey=86400
nvram set wl2.7_wpa_gtk_rekey=86400
nvram set wl2_wpa_gtk_rekey=86400

# Asus Tunnel
nvram set aae_disable_force=1

# LAN spanning tree protocol
nvram set lan_stp=0

# Unlock Country
nvram set location_code=#a


# Turn OFF Radios (Optional)
# nvram set wl1_radio=0

# Isolate (Optional)
# nvram set wl0_ap_isolate=1
# nvram set wl1_ap_isolate=1
# nvram set wl2_ap_isolate=1

At this point only solid advice I have (based on my network/experience) disable all beamforming, increase gtk rekey, disable smart connect, disable roaming assistance, and disable APSD. Don't use any wpa3.

Try changing as little as possible, if you don't know the nvram values, compare before and after nvram dump. And also AI mesh doesn't sync some of the settings to nodes, so if you change the beacon interval, you need to ssh to nodes and run these commands on them too (including the country unlock)

Also ssh to your nodes and watch their system logs. (tail -f /tmp/syslog.log)