Guest network 2 fails with bandwidth limiter

[ssm1234]

I have a GT-AX11000-Pro with Merlin 3004.388.8_4 with two guest networks: id 1 for iot devices and id 2 for human guests. I also bandwidth limiter QoS turned on.

Guest network 2 doesn’t allow any connections. That is, if you try to connect nothing happens; on my phone the clock keeps going around.

Guest network 1 for iot devices works fine.

Other QoS methods—Cake, traditional QoS—don’t have any issues. I haven’t tried disabling QoS.

It’s not a password issue. I’ve tried having it be an open network with no password.

Any ideas?

 

[bennor]

Guest network 2 doesn’t allow any connections. That is, if you try to connect nothing happens; on my phone the clock keeps going around.

Post a screen shot of your guest network settings and your general wireless settings so others can review to see if anything should be changed. Redact any sensitive information like passwords if visible.

Do you have other devices other than your phone you can test with?
Does the issue persist if you turn off QoS?
What other settings have you changed from default on the router?
Are you running any add-on scripts (like YazFi for guest networks)?
What does the router log indicate around the time you try to connect wifi clients to guest network #2?

 

[degrub]

Try using WPA 2 instead of 3/2.
@ssm1234

 

[ssm1234]

(Reply to @bennor )

Tried with computer and phone; in both cases can’t connect to guest network #2. NOTE: iot network (id #1) works fine.

Tried with guest network #2 password enabled and as open system: same issue.

See attached screen shot of guest network settings. Global bandwidth limiter is on, but not on guest network specifically.

See attached file for log from the point of initiating connection to guest network #2 and to the time when it timed out.

No issues if QoS turned off. (I believe I have no issues if Cake turned on or traditional QoS turned on but I need to check again—can’t reboot now.)

Settings changed from default: have one open VPN clients (although it was failing before I added the client); enabled port forwarding rule; added iot and guest networks; added QoS, added inbound UDP firewall rule; changed DNS servers

No add on scripts

 

[bennor]

No issues if QoS turned off. (I believe I have no issues if Cake turned on or traditional QoS turned on but I need to check again—can’t reboot now.)

Apparently "bandwidth limiter" causes issues in both Asus stock firmware and on Asus-Merlin firmware when enabled based on a search of the forum:
https://www.snbforums.com/search/13...t&c[child_nodes]=1&c[nodes][0]=37&o=relevance

What is your reason or use case for enabling/using QoS and using Bandwidth Limiter specifically?
You may want to post a screen shot of the bandwidth limiter settings for others to review to see if they see anything wrong.

 

[ssm1234]

Apparently "bandwidth limiter" causes issues in both Asus stock firmware and on Asus-Merlin firmware when enabled based on a search of the forum:
https://www.snbforums.com/search/13...t&c[child_nodes]=1&c[nodes][0]=37&o=relevance

What is your reason or use case for enabling/using QoS and using Bandwidth Limiter specifically?
You may want to post a screen shot of the bandwidth limiter settings for others to review to see if they see anything wrong.

Why do I use bandwidth limiter? Because Cake limits the bandwidth to ~350Mbps (and I get gigabit speeds due to a screwup at Xfinity!). And I do certain things that require very low latency (not gaming) and I don't want other devices to start some massive download that'll blow up the router queue.

Attached is the limiter settings.

 

[ssm1234]

I've thought about getting a prosumer model but they have their own issues (I don't feel like spending hours on command line settings). I've retired from my 25 years of working on command line and don't want to go back.

Also I'd have to find one that supports exactly my use model. But mainly VLANs and >350Mbps QoS (ideally in hw). So it's the devil you know...

 

[KingBravery]

Why do I use bandwidth limiter? Because Cake limits the bandwidth to ~350Mbps (and I get gigabit speeds due to a screwup at Xfinity!). And I do certain things that require very low latency (not gaming) and I don't want other devices to start some massive download that'll blow up the router queue.

Attached is the limiter settings.

If you have 1000Mbps Download and 1000Mbps Upload, no need to use any sort of bandwith control. Other devices affect latency is not much ( only +- 10ms difference )

 

[bennor]

Because Cake limits the bandwidth to ~350Mbps

That is apparently due to NAT Acceleration being disabled when certain forms of QoS is enabled. The link I provided above has a bunch of posts where others talk about the QoS/NAT Acceleration issue reducing speed. As the previous poster indicated, when you have 1GB or close to it broadband speed, using bandwidth control (or QoS in general) may not provide any appreciable benefit.

 

[Tech9]

Why do I use bandwidth limiter? Because Cake limits the bandwidth to ~350Mbps

The same does Bandwidth Limiter. Both are incompatible with NAT acceleration.

 

[ssm1234]

If you have 1000Mbps Download and 1000Mbps Upload, no need to use any sort of bandwith control. Other devices affect latency is not much ( only +- 10ms difference )

10ms of latency odds HUGE for me since I can’t really afford >30ms to the server. I have computer/gear/router latency down to 14ms. I can’t make it worse.

 

[ssm1234]

The same does Bandwidth Limiter. Both are incompatible with NAT acceleration.

No. When I do a speed test on my machine with bandwidth limiter on, I easily get 800Mbps to 1Gbps.

If I do it with cake I get 300

This is all with a wired connection of course.

 

[Tech9]

No. When I do a speed test on my machine with bandwidth limiter on, I easily get 800Mbps to 1Gbps.

Do you have IPv6 enabled?

 

[ssm1234]

Do you have IPv6 enabled?

No.

 

[Tech9]

In this case Bandwidth Limiter is not working.

 

[ssm1234]

In this case Bandwidth Limiter is not working.

What makes you say that? I thought I had tested that it was limiting another device…

 

[Tech9]

What makes you say that?

Because I know for sure Bandwidth Limiter is part of Traditional QoS, requires CPU traffic processing, NAT acceleration incompatible.

I don't feel like spending hours on command line settings

UCG-Ultra example, UniFi Network Application.

 

[ssm1234]

The screenshot above from a Ubiquiti, but which one are you using? I wish I could find hardware-accelerated QoS (without getting enterprise hardware); even the edge router 4 maxes out speed at around 350Mbps for hw QoS (I can't remember where I read that now).

 

[Tech9]

but which one are you using?

The one mentioned above - UCG-Ultra. Just replying to "spending hours" in CLI. Many business oriented routers have quite nice UI these days. If not built-in, through the Network Controller. For your case OPNsense/pfSense on x86 hardware will perhaps work best. UCG-Ultra/Max don't use NAT acceleration, but have Smart Queues as the only QoS option. It uses FQ-CoDel, works for Gugabit as per user feedback, but not recommended on >300Mbps ISP lines as per Ubiquiti. The good thing - you can set it on download or upload only. You can do the same in pfSense with traffic shapers.

VLAN configuration:

You can also do multiple VLANs on single SSID with Private Keys. All settings in the UI, no CLI.

 

[ssm1234]

For your case OPNsense/pfSense on x86 hardware

I was doing a bit of research on building an OPNsense machine over the weekend. The x86 hardware doesn't have hardware CTF etc, but still will be better than an Ubiquiti at 800M-1G speeds? My main concern is minimizing latency for the bit I can control: my machine, gear and the router. Thanks very much for your help