settings for AX11000 pro

[1a2a3a]

Hi all

Im on merlin firmware - 3004.388.4_0_rog
recently changed my router from ax58u to ax11000 pro. while i noticed some 'minor' improvement such as speed and coverage range (i was expecting more actually), at certain times im experiencing a network 'hang' for a couple of seconds before resumption of service. Im not exactly sure how to explain it but it goes something along the lines of going to surf a web, showing full connection, but loading without showing images and loading bar is like 1/4 stuck there.

im currently running my connection through a single lan trunk and router on a stick. this is my diagram with vlan and pvid setting. In the diagram, ONT stands for optical network terminal.

Few questions here:
1) am i setting it up correctly? the network runs fine but not sure if i set it correctly. could this setup cause the 'hang' issue?
2) is there an optimal setting for the ax11000 pro? otherwise what could be the reason for the intermittent 'hang' issue?
3) i have also attached a HDD to the usb 3.0 page and i have downgrade the connection to 2.0 as the 3.0 will have interference with 2.4ghz. but... my ram is showing 95% usage ever since i attached a HDD, is that normal?

 

[drinkingbird]

Hi all

Im on merlin firmware - 3004.388.4_0_rog
recently changed my router from ax58u to ax11000 pro. while i noticed some 'minor' improvement such as speed and coverage range (i was expecting more actually), at certain times im experiencing a network 'hang' for a couple of seconds before resumption of service. Im not exactly sure how to explain it but it goes something along the lines of going to surf a web, showing full connection, but loading without showing images and loading bar is like 1/4 stuck there.

im currently running my connection through a single lan trunk and router on a stick. this is my diagram with vlan and pvid setting. In the diagram, ONT stands for optical network terminal.

Few questions here:
1) am i setting it up correctly? the network runs fine but not sure if i set it correctly. could this setup cause the 'hang' issue?
2) is there an optimal setting for the ax11000 pro? otherwise what could be the reason for the intermittent 'hang' issue?
3) i have also attached a HDD to the usb 3.0 page and i have downgrade the connection to 2.0 as the 3.0 will have interference with 2.4ghz. but... my ram is showing 95% usage ever since i attached a HDD, is that normal?

First go through and remove VLAN 1 from all your untagged ports. You should not have two untagged VLANs on a port, that will cause issues. That may resolve it.

Every "trunk" port should have VLAN 1 untagged, PVID 1, and the other VLANs (10,20,100, whatever) tagged.
Every "access" port should have one and only one untagged VLAN, and no tagged vlans. PVID should be the same as the VLAN.

Does the hang happen wired, wireless, using all APs, etc? Or only when connected to the Asus?

 

[1a2a3a]

First go through and remove VLAN 1 from all your untagged ports. You should not have two untagged VLANs on a port, that will cause issues. That may resolve it.

Every "trunk" port should have VLAN 1 untagged, PVID 1, and the other VLANs (10,20,100, whatever) tagged.
Every "access" port should have one and only one untagged VLAN, and no tagged vlans. PVID should be the same as the VLAN.

Does the hang happen wired, wireless, using all APs, etc? Or only when connected to the Asus?

i cant seem to delete vlan 1. its default and it doesnt allow me to 'delete' it as its grey out.
the hang seems to happen on only my iphone 12 mini.
streaming devices like Nvidia shield (wifi) has no issue.
pc via wired has no issue.
no one else in the family complain hang on their iphone/andriod (but i suspect im more sensitive to such matters as compared to them. they would probably be in the region of 'oh loading, lets wait'). but im very certain the hang is not normal.

 

[drinkingbird]

i cant seem to delete vlan 1. its default and it doesnt allow me to 'delete' it as its grey out.
the hang seems to happen on only my iphone 12 mini.
streaming devices like Nvidia shield (wifi) has no issue.
pc via wired has no issue.
no one else in the family complain hang on their iphone/andriod (but i suspect im more sensitive to such matters as compared to them. they would probably be in the region of 'oh loading, lets wait'). but im very certain the hang is not normal.

Not delete it, just make all ports that are a member of another untagged vlan "not member" of VLAN 1. Every port should only have one "untagged" vlan showing in the table right below that. So in the case of your living room switch, only port 1 (trunk port) should have VLAN 1 untagged. To put it another way, your PVID should be the only untagged VLAN on a port.

If the hang is only on one device, I would focus on that device. Does it also hang when connected to your other APs? If so that's starting to point to the phone itself. If you can do a network reset (you will lose all saved wifi networks and bluetooth pairings), that is the best action, if not, "forget" your network and re-join it, second best thing to try.

 

[1a2a3a]

ok is this correct with the revised? is so, i will monitor them for abit. let me know if i did them wrongly.

there are no ap connected to it currently.

also, are there any settings for the router wireless that i need to be aware of?
lastly, hdd attached to router and ram usage is 95%... thats fine?

 

[drinkingbird]

ok is this correct with the revised? is so, i will monitor them for abit. let me know if i did them wrongly.

there are no ap connected to it currently.

also, are there any settings for the router wireless that i need to be aware of?
lastly, hdd attached to router and ram usage is 95%... thats fine?

I think you may be confusing ports and VLANs in the tables. Port 2 should be PVID 1 and untagged vlan 1 on both since it is a trunk port, right now you have no untagged vlan on it and one of them has PVID 10 for that port.

In reality, you can make VLAN 1 a member of NO ports but some devices do not like having no untagged (Native) vlan so for compatibility it is best to leave it there. Technically you could eliminate VLAN 100 and just use VLAN 1 for that, but leaving VLAN 1 only as your native VLAN with nothing else on it is technically more secure, just adds a bit of complexity which is throwing a bit of a curve for you right now.

Again, only one untagged vlan per port, but you can have the same untagged vlan on multiple ports.

Every port with tagged vlans should only have vlan 1 untagged and should be PVID 1.
Every port with an untagged VLAN should only have one untagged vlan and the PVID should be the same as the untagged VLAN.

For example in your first picture, VLAN 1 should say member ports 1-2 and untagged ports 1-2. That's because 1 and 2 are both trunk ports with VLAN 10 and 20 tagged.

I'm not that familiar with the HDD/RAM thing but I believe some have said it is normal. Not positive, maybe someone else can chime in on that.

Really the only wireless settings I'd look at are under professional, disable universal beamforming on both bands. You may want to try disabling MU-MIMO and TX Bursting too. On the main wireless, 5ghz make sure you have 160mhz channel and DFS unchecked, with auto channel and 20/40/80 for channel width. For 2.4ghz set it to 20mhz only and leave other stuff at auto.

If you've enabled roaming assistant make sure you haven't set it too aggressive, the default -75 is a good starting point. With only one AP you shouldn't need it enabled at all.

 

[1a2a3a]

sorry not very well versed in this so i hope this is correct now.

universal beamforming and tx bursting disabled on 2.4ghz, 5-1 ghz, 5-2 ghz.

disabled 160mhz and dfs for 5-1 ghz.. <- can i just check any reason for unchecking 160mhz?
disabled 160mhz for 5-2 ghz but there is no option appearing for dfs (the dfs option itself does not appear), not sure why.

yes roaming assistant is off cause this is the only router in the house.

 

[drinkingbird]

sorry not very well versed in this so i hope this is correct now.

universal beamforming and tx bursting disabled on 2.4ghz, 5-1 ghz, 5-2 ghz.

disabled 160mhz and dfs for 5-1 ghz.. <- can i just check any reason for unchecking 160mhz?
disabled 160mhz for 5-2 ghz but there is no option appearing for dfs (the dfs option itself does not appear), not sure why.

yes roaming assistant is off cause this is the only router in the house.

You may want to call VLAN 10 something like "WAN-Internet" but doesn't really matter. I'm assuming that's the VLAN for internet with your ISP, and 20 is the one they use for IPTV?

Looks good
DB Switch
Port 3 technically doesn't need VLAN 10 but I see you mention it is a backup port to optionally connect the router to so that's fine.
4-7 you show APs connected but you said you don't have any other APs, so I guess that is future use?

Living port 2 doesn't need vlan 10 tagged on it but not hurting anything, just need to reconfigure it if you want to use something else. May want to just put it in VLAN 100, or vlan 1 untagged only (which will make it a dead port until you configure it).

Optional, something to consider:
If you wanted to have guest wireless, you can use Guest #1 with intranet access disabled, which will create VLANs 501, 502, and 503 tagged on the ASUS LAN ports. If you configure those same VLANs in the switches you can then have wired devices on them. Or you can use Guest 2 or 3 and those do not create VLANs, they just use your main subnet with firewall rules to block LAN access, and you can't have wired ports in them (nor can you extend them to other APs). If you then add VLAN aware APs you could extend VLAN 501/502/503 to them and have the same SSID configured on those. VLAN 100 (which is actually VLAN 1 on the asus but since it is untagged it doesn't matter) would continue to be your main LAN.

Disabling 160 and DFS ensures you don't run into issues with radar, and I've seen reports here of some iphones not liking 160mhz, since yours doesn't support it, could potentially be something to do with it, maybe the freeze is every time a 160mhz device connects, the router bumps up the bandwidth and the phone gets interrupted (just a random scenario, there are plenty of other reasons to avoid 160). Maintaining a 160mhz channel is very difficult for most people and unless you're trying to get >1G on wireless it isn't necessary.

I'm not sure on the 5G-2, maybe it just automatically enables/disables DFS as necessary. 160mhz will always use DFS. Depending on your location, it may not be possible to have two 80mhz channels outside of DFS too, so it may be a regional thing, it just knows it has to use DFS so doesn't give the option. Are you using 5G-2? If not just disable that radio.

With 80mhz and DFS disabled, what channels is the router picking for each 5ghz radio? If you're in North America, it should hopefully be picking 36-48 for one and 149-161 for the other (doesn't matter which channel, as long as it falls in those ranges). If you're in Europe then likely it is picking 36-48 for 5G-1 and a DFS range for the other one (which would be why it doesn't let you disable DFS, since you only have one non-DFS 80mhz channel available). If you're in Europe and need the second 5Ghz radio, it may take the router a while to find a range that isn't getting radar interference (or there may not be any range, they could all have radar). 52-64, 100-112, 116-128, and 132-144 are the other ranges. 116-144 can have weather radar on them so may be worse. I'm not sure if asus can use 144, UK allows it, some other parts don't. There are also different power limits on the different channels so that may come into play when it picks a channel (however the power limits should be sufficient for indoor use).

I'd test with the iphone connected to 5G-1, 20/40/80mhz, DFS unchecked and see how it does. If there is a reason you want it on 5G-2 then once you've confirmed the issue is gone, you can try moving it to that and see if the issue returns. If so it is possibly related to DFS (though those interruptions are usually longer).

EDIT - sorry realized you're using a pro router, so you can assign whatever VLANs you want to guest networks in the asus, you don't have to use the 501/502/503. But the rest applies, you can extend those through your switches to have wired guests and also feed other APs.

 

[1a2a3a]

You may want to call VLAN 10 something like "WAN-Internet" but doesn't really matter. I'm assuming that's the VLAN for internet with your ISP, and 20 is the one they use for IPTV?

Looks good
DB Switch
Port 3 technically doesn't need VLAN 10 but I see you mention it is a backup port to optionally connect the router to so that's fine.
4-7 you show APs connected but you said you don't have any other APs, so I guess that is future use?

Living port 2 doesn't need vlan 10 tagged on it but not hurting anything, just need to reconfigure it if you want to use something else. May want to just put it in VLAN 100, or vlan 1 untagged only (which will make it a dead port until you configure it).

Optional, something to consider:
If you wanted to have guest wireless, you can use Guest #1 with intranet access disabled, which will create VLANs 501, 502, and 503 tagged on the ASUS LAN ports. If you configure those same VLANs in the switches you can then have wired devices on them. Or you can use Guest 2 or 3 and those do not create VLANs, they just use your main subnet with firewall rules to block LAN access, and you can't have wired ports in them (nor can you extend them to other APs). If you then add VLAN aware APs you could extend VLAN 501/502/503 to them and have the same SSID configured on those. VLAN 100 (which is actually VLAN 1 on the asus but since it is untagged it doesn't matter) would continue to be your main LAN.

Disabling 160 and DFS ensures you don't run into issues with radar, and I've seen reports here of some iphones not liking 160mhz, since yours doesn't support it, could potentially be something to do with it, maybe the freeze is every time a 160mhz device connects, the router bumps up the bandwidth and the phone gets interrupted (just a random scenario, there are plenty of other reasons to avoid 160). Maintaining a 160mhz channel is very difficult for most people and unless you're trying to get >1G on wireless it isn't necessary.

I'm not sure on the 5G-2, maybe it just automatically enables/disables DFS as necessary. 160mhz will always use DFS. Depending on your location, it may not be possible to have two 80mhz channels outside of DFS too, so it may be a regional thing, it just knows it has to use DFS so doesn't give the option. Are you using 5G-2? If not just disable that radio.

With 80mhz and DFS disabled, what channels is the router picking for each 5ghz radio? If you're in North America, it should hopefully be picking 36-48 for one and 149-161 for the other (doesn't matter which channel, as long as it falls in those ranges). If you're in Europe then likely it is picking 36-48 for 5G-1 and a DFS range for the other one (which would be why it doesn't let you disable DFS, since you only have one non-DFS 80mhz channel available). If you're in Europe and need the second 5Ghz radio, it may take the router a while to find a range that isn't getting radar interference (or there may not be any range, they could all have radar). 52-64, 100-112, 116-128, and 132-144 are the other ranges. 116-144 can have weather radar on them so may be worse. I'm not sure if asus can use 144, UK allows it, some other parts don't. There are also different power limits on the different channels so that may come into play when it picks a channel (however the power limits should be sufficient for indoor use).

I'd test with the iphone connected to 5G-1, 20/40/80mhz, DFS unchecked and see how it does. If there is a reason you want it on 5G-2 then once you've confirmed the issue is gone, you can try moving it to that and see if the issue returns. If so it is possibly related to DFS (though those interruptions are usually longer).

EDIT - sorry realized you're using a pro router, so you can assign whatever VLANs you want to guest networks in the asus, you don't have to use the 501/502/503. But the rest applies, you can extend those through your switches to have wired guests and also feed other APs.

Thank you so much for the tips and advice so far!

yes that is correct, vlan 10 is for the ISP and vlan 20 is for the iptv. im actually in singapore and our ISP (Singtel) need a specific vlan separated from the main WAN for their IPTV hence 20 was created.

i created a guest ssid wifi network for guests, i dont have any guests that requires LAN. will that suffice enough?

i have about 20-30 clients connected to the main network (not including any guests).
2.4ghz i use them for legacy devices and those low powered device like camera, echo, etc.
5g-1 i use them for streaming devices. like shield etc.
5g-2 i asked everyone that has a modern phones/tablets to use this bandwidth.
The reason i get the triband is to segregate them in this manner so as not to overload the bandwidth but it seems like the 5g-2 is a 'fake' marketing band?

After turning off 160mhz and dfs, i use a wifi analyser on a android device and this is what i have picked:
5g-1 i have 36 to 64 and i selected 48.
5g-2 i have 100 to 165 and i selected 149.

i have also set both switch gateway to 0.0.0.0 but leave the ip address to be in the same domain as the isp. should be enough as there would not be any internet flow since gateway is off? someone did tell me to change the domain to out of the isp domain, but the problem is whenever i need to configure it, its a pain.

 

[Tech9]

but it seems like the 5g-2 is a 'fake' marketing band?

Technically - yes. Your router is dual-band with 2x radios on 5GHz band. This "third" band is usable when you have high-bandwidth device like VR set and you want to run it on it's own radio/channel. It's also usable for dedicated wireless backhaul to another "tri-band" router.

 

[1a2a3a]

Technically - yes. Your router is dual-band with 2x radios on 5GHz band. This "third" band is usable when you have high-bandwidth device like VR set and you want to run it on it's own radio/channel. It's also usable for dedicated wireless backhaul to another "tri-band" router.

should i then disable it to improve my range? sounds like they will interfere with each other?

i suppose the 3rd band we are talking here is the 5g-2. if it is set aside for vr set or backhaul, what happens when i connect normal devices like phone and tablet to it?

 

[Tech9]

should i then disable it to improve my range?

The range per radio won't improve. The 5GHz band is split and 2x radios work on lower and upper channels. If you disable one of the radios the channels choice will be limited. This is the catch with "tri-band" routers.

What country do you live in? I some countries lower channels are limited to 200mW, upper allow 1000mW.

what happens when i connect normal devices

Aggregate throughput on wireless will be higher when using multiple radios. In most home environments though there will be no much of a difference in user experience. Perhaps "dual-band" router like RT-AX86U Pro will work the same way for you, on much lower price and with much smaller footprint.

 

[1a2a3a]

The range per radio won't improve. The 5GHz band is split and 2x radios work on lower and upper channels. If you disable one of the radios the channels choice will be limited. This is the catch with "tri-band" routers.

What country do you live in? I some countries lower channels are limited to 200mW, upper allow 1000mW.



Aggregate throughput on wireless will be higher when using multiple radios. In most home environments though there will be no much of a difference in user experience. Perhaps "dual-band" router like RT-AX86U Pro will work the same way for you, on much lower price and with much smaller footprint.

im in singapore. what is the mW in this country and where and how do i set those?

i was caught in a dilemma between this router and the ax6000. the situation was that ax6000 was going for $386. but my credit card was having a promo where you spend $599 and you get back $500. the ax11000 pro cost me $553. i was not sure what i need to purchase if i do the ax6000 as ill need >$200 to hit the $599 target, hence i went with ax11000 pro and bought the 2 managed switch to get me across the line. All prices are denominated in SGD.

that said.....since it has been done and dusted, what should i do now?
1) disable 5g-2 and route all 20+ client to 2.4 and 5g-1.
2) do not disable anything, but route all client to 2.4 and 5g-1 and leave 5g-2 untouched.
3) do not disable anything, and leave the connection within 2.4, 5g-1 and 5g-1 as mentioned in the earlier post.
4) is there a 4th option? haha

 

[Tech9]

I would use all 3 bands. 2.4GHz for all slower low bandwidth IoTs, one 5GHz radio for phones, tablets, laptops, etc. mobile devices, one 5GHz radio reserved for high bandwidth and lower latency game consoles, VR sets, Wi-Fi connected desktop PCs, etc. If you already have 3-band router - use everything available on it. You can also run 3-band Smart Connect with single SSID and the devices will connect to whatever band they are compatible with, has stronger signal and/or more available bandwidth.

 

[Treadler]

im in singapore. what is the mW in this country and where and how do i set those?

i was caught in a dilemma between this router and the ax6000. the situation was that ax6000 was going for $386. but my credit card was having a promo where you spend $599 and you get back $500. the ax11000 pro cost me $553. i was not sure what i need to purchase if i do the ax6000 as ill need >$200 to hit the $599 target, hence i went with ax11000 pro and bought the 2 managed switch to get me across the line. All prices are denominated in SGD.

that said.....since it has been done and dusted, what should i do now?
1) disable 5g-2 and route all 20+ client to 2.4 and 5g-1.
2) do not disable anything, but route all client to 2.4 and 5g-1 and leave 5g-2 untouched.
3) do not disable anything, and leave the connection within 2.4, 5g-1 and 5g-1 as mentioned in the earlier post.
4) is there a 4th option? haha

List of WLAN channels - Wikipedia

en.wikipedia.org

 

[Tech9]

This list doesn't mention Tx power allowed on lower and higher 5GHz channels. I see conflicting information online and therefore did not comment on the location. I guess, @1a2a3a has to experiment.

 

[drinkingbird]

im in singapore. what is the mW in this country and where and how do i set those?

i was caught in a dilemma between this router and the ax6000. the situation was that ax6000 was going for $386. but my credit card was having a promo where you spend $599 and you get back $500. the ax11000 pro cost me $553. i was not sure what i need to purchase if i do the ax6000 as ill need >$200 to hit the $599 target, hence i went with ax11000 pro and bought the 2 managed switch to get me across the line. All prices are denominated in SGD.

that said.....since it has been done and dusted, what should i do now?
1) disable 5g-2 and route all 20+ client to 2.4 and 5g-1.
2) do not disable anything, but route all client to 2.4 and 5g-1 and leave 5g-2 untouched.
3) do not disable anything, and leave the connection within 2.4, 5g-1 and 5g-1 as mentioned in the earlier post.
4) is there a 4th option? haha

If your router is showing 36 to 64 and 100 to 165 then you are able to have two 80mhz 5ghz radios without having DFS involved so you're good, use both in the fashion that @Tech9 mentioned. The two channels you've chosen are outside of DFS so that is good. The only question is what power levels those channels are able to use. In most cases even 200mw is plenty but you can compare the signal strength between the 5Ghz-1 and 5Ghz-2, you may want your "high performance" devices on the channel with more power (if one in fact has more power). If you're comfortable with SSH you can go into the CLI of the router and see what power the radios are operating at.

 

[drinkingbird]

i created a guest ssid wifi network for guests, i dont have any guests that requires LAN. will that suffice enough?

It may be sufficient, but you won't be able to extend that isolation to wired ports or other APs unless you assign another VLAN to guest and trunk that to your switches and future APs. For now it is probably fine. If you're using Guest Wireless 1, then it has already created some VLANs for you and you can extend those or change it to your own number.

i have also set both switch gateway to 0.0.0.0 but leave the ip address to be in the same domain as the isp. should be enough as there would not be any internet flow since gateway is off? someone did tell me to change the domain to out of the isp domain, but the problem is whenever i need to configure it, its a pain.

IP addresses of the switches should be in your LAN subnet (VLAN 100). I don't believe those TP-Link switches let you define a management VLAN but pretty sure they will listen on all VLANs for management traffic. That's one of the reasons it is easier to just use VLAN 1 for your "trusted" LAN as all devices will be compatible. But you can try either giving them a static IP from the Asus LAN subnet (VLAN 100) and the gateway is just the asus router IP. Then you should be able to manage them from any main LAN device. In actuality they may even work with DHCP, you'll have to try and see. I use TP-Links too but my trusted VLAN is 1 so I haven't tried to see how they'd operate when using a different VLAN ID for management. I do think I recall seeing complaints that they listen for management traffic on all VLANs and that can't be disabled, so it may work via VLAN 100.

Don't give them an ISP IP, while it may work, it could aggravate your ISP and possibly get you shut off. Some ISPs just ignore people attempting to set statics (and filter that traffic out) others will notice. It is also a potential security risk.

 

[drinkingbird]

router on a stick.

Just FYI what you have isn't router on a stick, it is just a standard router setup with 2 interfaces.

 

[1a2a3a]

It may be sufficient, but you won't be able to extend that isolation to wired ports or other APs unless you assign another VLAN to guest and trunk that to your switches and future APs. For now it is probably fine. If you're using Guest Wireless 1, then it has already created some VLANs for you and you can extend those or change it to your own number.



IP addresses of the switches should be in your LAN subnet (VLAN 100). I don't believe those TP-Link switches let you define a management VLAN but pretty sure they will listen on all VLANs for management traffic. That's one of the reasons it is easier to just use VLAN 1 for your "trusted" LAN as all devices will be compatible. But you can try either giving them a static IP from the Asus LAN subnet (VLAN 100) and the gateway is just the asus router IP. Then you should be able to manage them from any main LAN device. In actuality they may even work with DHCP, you'll have to try and see. I use TP-Links too but my trusted VLAN is 1 so I haven't tried to see how they'd operate when using a different VLAN ID for management. I do think I recall seeing complaints that they listen for management traffic on all VLANs and that can't be disabled, so it may work via VLAN 100.

Don't give them an ISP IP, while it may work, it could aggravate your ISP and possibly get you shut off. Some ISPs just ignore people attempting to set statics (and filter that traffic out) others will notice. It is also a potential security risk.

Yea so I have setup static ip which is within the router and isp domain so that I can configure them from any pc which is within the network. Only the gateway is set to 0.0.0.0.

If I were to set a ip outside of the isp range, every time I need to configure the switch, I will have to manually connect the switch to pc, change pc ip to be within the switch domain (which is outside isp range) then configure, then after change the pc ip once I’m done