Solved: Best practice for second switch with ap

jeffsf · 2019-01-15T22:26:33.148Z

My personal preference is to use the “different” port on a router for the “different” traffic; upstream connectivity on both devices in the port that happens to be labeled “WAN”.

With devices with multiple phys (eth0 and eth1, for example), then you would want to balance the load on the two phys. While I don’t have an AR750, I believe both it and the AR300M are single-phy devices. You can confirm in the network setup if there is only one phy in use, but with two VLANs, such as eth0.1 and eth0.2 configured for “WAN” and “LAN” connectivity.

sfx2000 · 2019-01-15T23:33:56.734Z

The switch element in the QCA9531 inside the AR750 is non-blocking, so it’s sufficient and has more than enough bandwidth for all the LAN ports - if needs are simple, it’s more than good enough…

Key thing perhaps on the AR300M as an AP - plug ethernet into the WAN port vs. LAN port, otherwise you might get into a bit of a mess there…

Once set up - configure the AR300M appropriately according to your needs.

kyson-lok · 2019-01-16T02:00:03.964Z

You can connect your AR300M’s WAN to AR750’s LAN.

But you have to mind the subnet(both of them is 192.168.8.0/24 by default). You might need to change one of them.

jeffsf · 2019-01-16T03:24:35.726Z

@mikee01 I assumed, perhaps incorrectly that you were going to use the GL-AR300M as a “dumb AP” and keep all your services running on the AR750. If that’s not the case, there are advantages to only running a single NAT, rather than “daisy chaining” the devices.

At a very high level, you would, on the AR300M

Set up a management IP
Disable DHCP, DNS, NAT, IP forwarding
Bridge the wireless across all ports

This way the AR750 handles “everything” as far as services and routing goes.

If you set up the same SSID(s) on both devices, then your clients can “roam” freely between the two APs without needing to select the “other” SSID, and without the drops that might be caused by DHCP and routing changes if the two routers are using different subnets.

If you need additional help with this, please post again.

mikee01 · 2019-01-16T08:33:55.356Z

Hi to all,

i would prefer to habe the following setup.
My gl-ar750 connects with the wan interface to the dsl router and establishes the vpn connection.
VLANs 1,3 and 5 are tagged on eth1 by using interfaces eth1.3 and eth1.5 an LAN (1). Radio0 should bring up guest network for wifi devices.

Thr gl-am300m has got wan, port and radio0 port. THE GL-am300m should be placed on the second floor of the building to strenghten the wifi signal of the same ssid. The LAN or WAN port should give lan connection to a device on vlan3. But the wifi device shall be in a seperate vlan, like the vlan of gl-ar750.

The best setup for me would be, that there ks no firewalling on the gl-am300m, to enable free routing from and to the lan devices in vlan3.

jeffsf · 2019-01-16T17:18:36.485Z

My preference would be to:

Disable all services on the AR300M; all services from the AR750
Select one port on the AR750 to be the trunk to the AR300M; run everything as tagged, untagged packets to the switch’s bit bucket (VLAN 4095 or an otherwise unused VLAN)
Set up the “WAN” physical port on the AR300M as your trunk; run everything as tagged, untagged packets to the switch’s bit bucket (VLAN 4095 or an otherwise unused VLAN)
Set up the other physical ports as desired for wired connectivity to various VLANs, tagged or untagged as your clients (including any additional switches) require
Bridge the VLANs within the AR300M as desired across the wireless interfaces
Add firewall rules to prevent cross-VLAN forwarding and, if possible for your configuration, disable forwarding at the kernel level

802.11r would be an interesting later experiment, but my experience is that few clients other than iOS support it.

mikee01 · 2019-01-22T09:10:53.275Z

Hi jeffsf!

Sorry for the long pause!
I have a first question upon your statementes:

“Disable all services on the AR300M; all services from the AR750” → what do you mean in detail?

jeffsf · 2019-01-22T14:36:55.373Z

Ah, my English wasn’t very clear there. My apologies.

Goals:

Clients can get all the services they need; DHCP, DNS, NTP, gateway forwarding, …
The services that the clients need are only running on the AR750
There are no duplicates of those services (especially DHCP) on the AR300M

Let me flash one of my routers with stock so, if you need more, I can give some additional detail in the language of the GUI itself later today.

mikee01 · 2019-01-24T12:12:27.168Z

Hi jeffsf!

Thank you for the further description, it is clearer now. I will try it out and give a feedback afterwards!

Regards

mikee01 · 2019-01-24T13:46:11.330Z

I ran into config trouble.

wan interface build. eth0 as physical interface
lan interface deleted
creating interface vlan3 stucks, because I got the following error:

Form token mismatch

The submitted security token is invalid or already expired!

In order to prevent unauthorized access to the system, your request has been blocked. Click “Continue »” below to return to the previous page.

I am logged in via the WAN interface working on the luci panel.

sfx2000 · 2019-01-24T21:12:29.714Z

mikee01:

I am logged in via the WAN interface working on the luci panel.

Try clearing your page cache in the browser…

mikee01 · 2019-01-26T12:29:24.340Z

That did not the job, on a different computer the same message appears…

mikee01 · 2019-01-26T17:07:40.478Z

I did a reset.
I have got done a bridging of lan an wan port, both are participating in vlan 1 and receiving dhcp from the main router.
following up is the config of the wlan. I will report.

mikee01 · 2019-02-01T11:22:31.049Z

hi
this is my current config, but it does not work, that the device on lan2 gets an dhcp-offer over the network of lan.
Every services like fw, dnsmasq, dhcpd is disabled on the gl-m30m.

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘fdb7:7524:5251::/48’

config interface ‘lan’
option proto ‘static’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
option hostname ‘GL-AR300M-3e0’
option _orig_ifname ‘eth1 wlan0’
option _orig_bridge ‘true’
option ipaddr ‘192.168.178.100’
option gateway ‘192.168.178.1’
option dns ‘192.168.178.1’
option ifname ‘eth1.1’

config interface ‘lan2’
option type ‘bridge’
option _orig_ifname ‘eth0.1’
option _orig_bridge ‘true’
option ifname ‘eth0.1 eth1.1’
option proto ‘dhcp’

config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘1’
option vid ‘1’
option ports ‘0t 1’

alzhao · 2019-02-02T03:08:10.925Z

If you use firmware 3.x, just change network mode to AP in more settings and connect it to you AR750 and that is OK.

mikee01 · 2019-02-02T13:44:20.184Z

Hi,

I got an ar300m nand, but the image from GL.iNet download center is rejected (error firmware is not for the hardware).

mikee01 · 2019-02-02T13:49:40.813Z

could it be, that I have got a nor hardware, that is accidently flashed with nand firmware, so that this error message displayed
how do I check the arch by commandline?

→ no, i have checked the kernel log, 128 mb nand memory is active-

alzhao · 2019-02-02T15:29:08.931Z

Used the .tar file??

mikee01 · 2019-02-02T15:41:18.753Z

i used the img file, isn`t that the right one?

→ ok, , tar is fine. upgrade in progress…

mikee01 · 2019-02-02T16:42:41.578Z

wow, I am flashed about the real cool performance of the version 3 on gl-ar300m.
the gui is wonderful, the firewall configurator is very well too!

→ I am going to use the router mode for my setup with wlan ap and lan device in lan port.

many thanks to all, who have helped me in that!