My ASUSWRT 5.0 AiMesh extends LAN/WLANs/VLANs (same channels, all nodes); improves roaming (802.11k,v support); maintains backhauls and a backup router; simplifies admin; and can be incrementally built/upgraded. No account, app, controller, subscription, or fee required.
cable ISP, 496/11Mbps
2.4/5.0 WiFi6 router RT-AX88U_Pro_3.0.0.6.102.33320
2.4/5.0 Smart Connect band steering/failover, same SSIDs
2.4 fixed: 20MHz bw, ch 11, -100dBm noise, 15-35% util
5.0 fixed-1,2a: 160MHz bw, ch 36, -90dBm noise (weak backhaul; not used)
5.0 fixed-1,3: 80MHz bw, ch 36, -92dBm noise, 3% util
2.4/5.0 Roaming Assistant node steering, -72/-70dBm RSSI
Custom VLANs w/DHCP for 2.4/5.0 Guest, 2.4 IoT
Cloudflare Security encrypted DNS w/malsite blocking
AiProtection Pro
2.4/5.0 WiFi6 node at 77' RT-AX86U_Pro_3.0.0.6.102.34319
MoCA 2.5 wired backhaul, 2.5GbE
5.0 wireless backhaul failover, -74dBm RSSI, ax, x4, 816Mbps
Install
* Security-related
o 2.4/5.0/6.0 = 2.4/5/6GHz bands
o AiMesh = router/AP root node + nodes (4 max; 2 daisy-chain max)
Mixing models (fw 3.0.0.6.*;
EoL)/topologies/backhauls is permitted
Root node in AP Mode is wired to LAN
o
FW Reset FAQ
Reset button/webUI Restore/node removal clears settings in NVRAM; reboot restores fw defaults from CFE
Hard Reset via WPS button/webUI Restore+Initialize also clears data logged in /jffs partition
o Confirm ISP cable shield is bonded to bilding Earth Ground at demarc*
o Use a UPS to protect data/hardware*
o
Power OFF router, modem, wait (cycle power)
o Wire router WAN to modem, LAN to PC
o Power ON modem, wait
o Power ON router, wait
Monitor LEDs; Power LED flashes ~3 times when ready
o
Hold Reset button until Power LED flashing to Reset fw, wait
o Browse router LAN IP (default 192.168.50.1) to access webUI
o
Perform Quick Internet Setup (QIS) to check/upload fw, WAIT
See new fw link to review release notes
o Browse webUI page /ajax_coretmp.asp to confirm CPU temp <86C (85% Tj max)
o
Set Restore+Initialize to Hard Reset fw, wait
o Power OFF router/open WiFi*, modem
o Repeat for node
o Disconnect node WAN, LAN; place in range of router 5.0 WLAN
o Wire router WAN to modem, LAN to PC
o Power ON modem, wait; then router
o
Perform QIS and configuration
Wireless
- enable 2.4/5.0 Smart Connect (same SSIDs); set 2.4/5.0 WLANs OE/OE
Or disable SC (different SSIDs); set 2.4/5.0 WLANs OE/OE-50 (user band steers/segregates clients)
- set 2.4/5.0 SSIDs (Aa-Zz 0-9 space,.'&()-), Hide SSID No, Wireless Mode Auto, enable 802.11ax/WiFi6 mode*
- set 2.4/5.0 Authentication Method to WPA2/WPA3-Personal*, same WPA Key (Aa-Zz 0-9), Protected Management Frames to Capable
Beware
compatibility
-
set 2.4/5.0 max Channel Bandwidth, Control Channel
Wireless Log lists noise, 5.0 DFS status, wireless client/backhaul connection detail
For fixed bw and ch range given (US region), determine ch with least noise <-84dBm and best connections >-75dBm RSSI
If radio interference persists, switch to unfixed settings to let router vary bw/ch to coexist (Auto ch can disrupt some clients reconnecting)
Clients decide/connect with their best wireless mode, authentication method, bandwidth permitted
2.4 fixed: 20MHz bw, ch 1-6-11
2.4 unfixed: 20MHz bw, ch Auto
US FCC U-NII Device Regulations
5.0 fixed-1,2a: 160MHz bw, ch 36-48,
52-64 (exclude DFS/2a)
5.0 fixed-2c: 160MHz bw, ch
100-128 (exclude DFS/2c)
5.0 unfixed-1,2a,2c,3: 20/40/80/160MHz bw, ch Auto, exclude DFS/2a,2c (36-48,
52-64,100-144,149-165)
Start with
5.0 fixed-1,2a; if ALL clients/nodes support DFS bands 2a,2c, include respective DFS/2a,2c control channels and 5.0 fixed-2c (DFS delays WLAN startup).
5.0 fixed-1,3: 80MHz bw, disable 160MHz, ch 36-48,149-161
5.0 unfixed-1,3: 20/40/80MHz bw, disable 160MHz, ch Auto, exclude DFS/2a,2c (36-48,
52-64,100-144,149-165)
If RADAR/DFS prohibits using bands 2a,2c, switch to
5.0 fixed-1,3 (no DFS; max Tx power/range; no LTE on ch 36-48)
6.0 (WiFi6e; more spectrum; no DFS; less range; not on Win10)
- disable WPS*
- confirm 2.4/5.0 Roaming Assistant enabled, -72/-70dBm
- confirm 2.4/5.0 Airtime Fairness disabled (compatibility)
- disable 2.4/5.0 Universal Beamforming (proprietary)
LAN
- set router LAN IP (192.168.1.1), DHCP server IP Pool of dynamic and manually-assigned/reserved IPs (pool .10-254 leaves IPs .1-9 for static use on clients)
WAN
- disable UPnP*
- set DNS Server1,2, DNS-over-TLS (DoT), Strict, DoT Server1,2*
(1.1.1.2, 1.0.0.2, security.cloudflare-dns.com)
Other DNSPs (9.9.9.9, 149.112.112.112, dns.quad9.net)
DNS Check
- disable SIP Passthrough (VoIP)
Firewall
- confirm firewalls enabled*
Administration
- confirm Login Captcha enabled*
- set USB Mode to USB 2.0 (shield 2.4 WLANs from USB 3.x EMI)
- set Time Zone, DST (Mar, 2nd Sun; Nov, 1st Sun)
- confirm Telnet, SSH, Web Access from WAN disabled*
- confirm Auto Firmware Upgrade disabled*
- confirm Security Upgrade enabled*
o Privacy\Withdraw disables all Trend Micro features
AiMesh
o Power ON reset node, wait
o
Confirm all WLANs are broadcasting/stable
- if wireless backhaul only, confirm WPS enabled before and disabled after adding node*
- confirm Ethernet Backhaul Mode disabled to enable wireless backhaul/failover
- search/add node, wait
- set router/node LEDs OFF
- confirm node Backhaul Connection Priority 2.5G first (wired backhaul)
- disable node USB Application media servers, Network Place Share
-
confirm/set node AiMesh Mode for any existing GNP VLANs
Guest Network Pro (GNP)
o Custom VLANs w/DHCP, 5 max
- set 2.4/5.0 WLANs OE Guest/OE Guest
VID 52, WPA2/WPA3-Personal, Access Intranet disabled*, DHCP Server enabled (192.168.52.*), AP Isolated enabled, all nodes
- set 2.4 WLANs OE IoT
VID 53, WPA2/WPA3-Personal, Access Intranet disabled*, DHCP Server enabled (192.168.53.*), DNS Server 1.1.1.2, 1.0.0.2 (DoT blocks Wyze cam setup), AP Isolated enabled, all nodes
AiProtection
- enable AiProtection*
USB Application
- disable media servers, Network Place Share
SMB 2.0 support
o Logout, wait
o Power OFF-pause-ON router, wait
o
Shields UP! to test WAN ports*
o
Speed Test
o
Deploy node high, in the clear, in range of router 5.0 WLAN; not too far <-75dBm RSSI/near >-55dBm RSSI/many; not low/behind/obstructed
Do not co-locate with other 2.4/5/6GHz EMI
Disable unused WiFi Direct APs in printers, etc.
o Tilt/tighten antennas (~2dBi gain)
\ | | / for multi-orientation coverage
o Vary node location/orientation to adjust 5.0 WLAN coverage to affect roaming/node steering (a small change can matter)
o Connect wired backhaul from router LAN to node WAN
Other scenarios
Beware
managed switches
o Adjust
SC rules to affect band steering (not likely)
o Increment RA RSSI threshold from -74dBm until stationary clients reboot to near node
o Reboot AiMesh\System, wait; reboot unhealthy nodes, wait; then reboot/reconnect clients to affect change/clear lingering conditions
o Confirm integrity of cables/connectors (RG-59/Cat5e min; respect min bend radius of cable; clean dirty contacts)
o Wire stationary clients
o Upgrade client network adapter driver
o Configure client WLAN adapter properties to affect band steering, roaming aggressiveness; forget connections to clear conditions and only make connection needed
o Let settle and use new network before adding to it, one change at a time; make notes
o Avoid app/voice admin*
o Save configuration to .cfg file for recovery (revert; Hard Reset; restore .cfg)
Upgrade
o Browse notes
o Save configuration to .cfg file
o Download/extract fw to wired PC
Verify ASUSWRT file checksum value
Review release notes
o Eject/disconnect USB storage (free RAM; secure data)*
o Reboot AiMesh\System, wait (free RAM)
o Upload fw to node(s), WAIT; then root node, WAIT
o
Reconfigure before too much troubleshooting
Reconfigure
o Remove node(s) from AiMesh to auto Reset fw, wait
- set root node Restore+Initialize to Hard Reset fw, wait
o Configure AiMesh from scratch (do not restore .cfg file)
OE