"AP Isolation" always active

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5  Next
Author Message
Knot.Head
DD-WRT Novice


Joined: 14 Jan 2018
Posts: 10

PostPosted: Wed Aug 29, 2018 13:54    Post subject: Reply with quote
[quote="marklg"][quote="kernel-panic69"]I'm wondering if you have to do the workarounds for this ticket to cover wired LAN and maybe WLAN will act right. There ain't no tellin'.

https://svn.dd-wrt.com/ticket/3736[/quote]

swconfig does not exist on broadcom, so can't on my E3000.

I will try enabling and disabling AP isolation. Since I have a bunch of virtual interfaces, I have a bunch of them.

Mark[/quote]


I tried enabling IP Isolation as a test and didn't get any change in behavior. I was able to access my wireless printer's web interface after enabling, but this morning it's not responding again. IP Isolation appears to have zero impact one way or the other.

I don't want to buy another device, but this is become a major issue for me. Ugh.
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7610
Location: Texas, USA

PostPosted: Wed Aug 29, 2018 14:16    Post subject: Reply with quote
I got curious on the differences between FreshTomato and DD-WRT. Of course, none of the parameters, functions, etc. in the code are identical, of course, but I found this interesting:

Code:
root@TomatoUSB:/tmp/home/root# nvram show | grep isolate
wl0_ap_isolate=0
wl1_ap_isolate=0
wl_ap_isolate=0


Code:
root@TomatoUSB:/tmp/home/root# nvram show | grep eth
lan_ifnames=vlan1 eth1 eth2
wl0_ifname=eth1
wl1_ifname=eth2
wl_ifname=eth1


Seems there is no 'redundancy' in setting isolations, i.e. isolation isn't set for wl* and eth* for the exact same interfaces. I haven't tested this issue on that device running FreshTomato yet, but. Both devices are E4200 v1s.
vzjrz
DD-WRT Novice


Joined: 08 Sep 2018
Posts: 1

PostPosted: Tue Sep 11, 2018 1:36    Post subject: Reply with quote
Don't know if this info is useful to anyone but I want to share some of my experiences. I had a Linksys E3000 router running some really really old build of ddwrt; it never gave me any problems. I decided to upgrade it to a more recent build of ddwrt (2018 or newer) and then that's when this ap isolation bug started. My chromecasts would sometimes appear and sometimes disappear and I couldn't use my wifi printer. I couldn't get them to work so I went back to different older builds but still nothing worked. I decided to give tomato firmware a try and installed tomato shibby v1.28.0000 MIPSR2-138 K26 USB VPN on it. But that still didn't fix my problem. Every afternoon I would have to restart my wifi to fix it and that would only stay fixed for a few hours.

I tried flipping various setting and doing all kinds of things to fix it and now finally think I fixed it.

First my old settings:

    DHCP for wan
    google dns
    dhcp on the lan
    2.4 and 5ghz wifi, everything auto, same ssid for both, same wpa2 aes password
    UPnP on


This is what I did:

    set ap isolation to ON for both bands, waited a minute, set it back to off (by itself this didnt fix it)
    tomato gives you the option of filling 2 dns servers, previously I only had 8.8.8.8 filled in so I added 8.8.4.4
    changed the lan dhcp range to 101-151
    changed the 2.4 wifi to B/G mixed and 5ghz to N only
    UPnP off
    disabled auto updating of NTP time except at boot up


And now somehow I don't have the bug anymore and I'm too scared to change anything less it breaks again.
DeltaWardog
DD-WRT Novice


Joined: 01 Feb 2012
Posts: 6

PostPosted: Sat Dec 01, 2018 7:34    Post subject: Reply with quote
I installed 37837 big on my RT-N66U and it still has this issue. I have 2 IP cams and a printer attached to the AP and it's completely random which I can access from the same subnet. I can access any of them, without fail, from a different subnet.

Anyone seen any progress on a fix or workaround for this issue?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6938
Location: Netherlands

PostPosted: Sat Dec 01, 2018 9:03    Post subject: Reply with quote
Just a hunch, maybe it is related to the VAP issue (as that also seems a layer 2 issue)?

To get the VAP's working there are several solutions, see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317181

or workaround startup command:
sleep 10;stopservice nas;stopservice wlconf;startservice wlconf;startservice nas

Just a long shot

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
danielwritesback
DD-WRT User


Joined: 29 Aug 2011
Posts: 239

PostPosted: Tue Jan 01, 2019 1:39    Post subject: Reply with quote
RobTheGob wrote:
...I'm running dd-wrt.v24-33525_NEWD-2_K3.x_mega-e4200 and my Chromecasts work perfectly....
Me too.
I'm running dd-wrt.v24-33525_NEWD-2_K3.x_big-WNR3500Lv2 and my Chromecasts work very nicely

I was attempting to count the number and perhaps it is holding up to 29 multicast clients. I can play a unified music program to 15 speakers simultaneously while also multicast scanning or printing, and run audio-video wifi webcams to spy on the cats on multicast wifi. Streaming never cuts off midway.

But, this is not entirely wifi related!
In fact, I can run an AP (wan port empty), realtek, mediatek, atheros, just fine... If the Router (wan port used) is Broadcom dd-wrt 33525 K3.
With the router's internal wifi off, there's the same results with only the AP's serving the clients.
Any wifi seems fine, but the part that I can't swap out is the router--the routing job is essential for multicast.

DeltaWardog wrote:
I installed 37837 big on my RT-N66U and it still has this issue. I have 2 IP cams and a printer attached to the AP and it's completely random which I can access from the same subnet...

So, does THIS work? ftp://ftp.dd-wrt.com/betas/2017/10-17-2017-r33525/broadcom_K3X/dd-wrt.v24-33525_NEWD-2_K3.x-big-RT-N66U.trx
Although that is a 2017 version, it is far more secure because it has reliable re-key. So, that could be an upgrade for both security and multicast. EDIT: If it doesn't go at first, then enable igmp snooping.
Knot.Head wrote:
...my E3000...After upgrading...I have to pull the power and cycle the raspi that controls the print jobs every time I have to access the printer via its web interface....
For 2018 and 2019 updates and working multicast, routers with BCM4718A1, BCM4717A1, BCM4716B0 need FreshTomato, because it has the right drivers for stability as well as several places in the gui to select more multicast functionality. P.S. Prop it up or wall mount to make the vent work.
EDIT! DD-WRT 33525 K2.6 rocked the multicast performance aboard the E2000.

_________________
Broadcom:
WNR3500Lv2 DD-WRT 33525 K3 Giga
3 R6300.1 mips DD-WRT 42617 Giga
E3000 5ghz multicast AP Toastman 2017 RT
E2000 5ghz multicast AP DD-WRT 33525 K2.6
WRT54GSv2 long range AP HyperWRT 15
R6250 (retired--too hot)
Atheros:
Archer C7v2 AP DD-WRT 35831
DIR-835 Gargoyle 1.11 2019
3 WR841Nv9 AP DD-WRT 33006


Last edited by danielwritesback on Thu Feb 07, 2019 21:40; edited 1 time in total
EvilJay
DD-WRT Novice


Joined: 07 Feb 2019
Posts: 1

PostPosted: Thu Feb 07, 2019 11:56    Post subject: Same issue with Netgear R8000 Reply with quote
I ran into this same issue yesterday when attempting to upgrade to the latest R8000 build. All machines could connect to the internet fine... but there was no communication between different wifi devices.

I attempted to turn AP isolation on and back off for WL0-2, to no avail.

The closest I thought I came to fixing it was when I switched around the VLAN configuration and found the 1st two wifi devices could suddenly reach each other after I had rebooted the router. Shortly thereafter, I found that the 3rd and 4th devices to join the wireless network were still isolated. So... I'm not sure the VLAN reconfiguration had anything to do with it, and it wasn't just randomly working for a couple of devices after the reboot.

I tried backleveling to a Kong build from last September... same problem.

I eventually gave up and back-leveled to the years-old Kong build I had been previously running, and the problem went away as expected.

If anyone has any other ideas, I'd be happy to test and try to get this working with a more current build.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7610
Location: Texas, USA

PostPosted: Thu Feb 07, 2019 14:35    Post subject: Reply with quote
Maybe revert whatever, "hey, let's try this" code snippets that broke the sh*t out of it might work, but you'd have to convince someone that they were wrong and that said changes need to be reverted to un-f*ck things. Good luck with that. I quit trying to convince anyone of anything.
danielwritesback
DD-WRT User


Joined: 29 Aug 2011
Posts: 239

PostPosted: Thu Feb 07, 2019 21:29    Post subject: Re: Same issue with Netgear R8000 Reply with quote
EvilJay wrote:
If anyone has any other ideas, I'd be happy to test and try to get this working with a more current build.
One time, just one, I got the AP isolation bug to go away by turning on igmp snooping from the network page.

I was just trying anything for functional multicast, to make the router valid for modern use.
EvilJay wrote:
I eventually gave up and back-leveled to the years-old Kong build I had been previously running, and the problem went away as expected.
Can you tell me what version that is? I'd like to try it on my r6250.
_________________
Broadcom:
WNR3500Lv2 DD-WRT 33525 K3 Giga
3 R6300.1 mips DD-WRT 42617 Giga
E3000 5ghz multicast AP Toastman 2017 RT
E2000 5ghz multicast AP DD-WRT 33525 K2.6
WRT54GSv2 long range AP HyperWRT 15
R6250 (retired--too hot)
Atheros:
Archer C7v2 AP DD-WRT 35831
DIR-835 Gargoyle 1.11 2019
3 WR841Nv9 AP DD-WRT 33006
marklg
DD-WRT Novice


Joined: 19 Oct 2017
Posts: 27

PostPosted: Thu Feb 07, 2019 21:50    Post subject: Reply with quote
kernel-panic69 wrote:
Maybe revert whatever, "hey, let's try this" code snippets that broke the sh*t out of it might work, but you'd have to convince someone that they were wrong and that said changes need to be reverted to un-f*ck things. Good luck with that. I quit trying to convince anyone of anything.


I am running the same rev (38326) on an Altheros based router (DIR-825) and it works correctly there. On my two E3000s, still no joy. Luckily, I have extensive gigabit wiring to most devices on another subnet. That gets routed correctly.

Regards,

Mark
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7610
Location: Texas, USA

PostPosted: Fri Feb 08, 2019 3:12    Post subject: Re: Same issue with Netgear R8000 Reply with quote
danielwritesback wrote:
EvilJay wrote:
If anyone has any other ideas, I'd be happy to test and try to get this working with a more current build.
One time, just one, I got the AP isolation bug to go away by turning on igmp snooping from the network page.

I was just trying anything for functional multicast, to make the router valid for modern use.


I haven't tested to see if it went away, but I enabled the IGMP snooping in the process of flashing yesterday's build and got the "IGMP snooping already enabled for br0" serial console message which leads me to believe that there's some weird voodoo going on....
danielwritesback
DD-WRT User


Joined: 29 Aug 2011
Posts: 239

PostPosted: Fri Feb 08, 2019 7:14    Post subject: Reply with quote
marklg wrote:
...on an Atheros...
It has been reported that this startup script enables more multicast functions for Atheros: swconfig dev switch0 set igmp_snooping 1
For some versions, an entry is required in Wireless Security: multicast_to_unicast=1 But, if that goes disaster, replace it with a #
marklg wrote:
...On my two E3000s, still no joy...
Here's an E3000 kit, with a firmware that does full multicast features and a settings list. The attached file is exactly what I'm using for E3000-AP (wan port empty).


E3000_AP_ Kit.zip
 Description:

Download
 Filename:  E3000_AP_ Kit.zip
 Filesize:  4.4 MB
 Downloaded:  67 Time(s)

lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 123

PostPosted: Tue Feb 12, 2019 10:25    Post subject: Reply with quote
I can confirm this bug.

AP Isolation is always active on my Linksys E1200v2 running DD-WRT build 38253 MEGA.

Turning the toggle on and off did absolutely nothing. AP Isolation is still active. I even powered cycled the router twice, once after turning AP Isolation off and once after turning it on.
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 123

PostPosted: Tue Feb 12, 2019 11:53    Post subject: Reply with quote
Update:
I flashed 38581.

AP Isolation was off when I just flash and connected two devices.

But then I changed 3 settings.

1. I set my connection to PPPOE and let in internet access.

2. I set router IP to 10.0.0.1

3. I setup OpenDNS with DDNS.
https://wiki.dd-wrt.com/wiki/index.php/OpenDNS

After which I did a power cycle and network sharing stopped working, AP Isolation probably turned on.
lolcocks
DD-WRT User


Joined: 31 May 2013
Posts: 123

PostPosted: Tue Feb 12, 2019 12:33    Post subject: Reply with quote
After even more testing,

AP Isolation turns on automatically when I change security mode from Open to 'WPA-PSK', 'WPA2-PSK' or 'WPA2-PSK/WPA-PSK'.

I change it back to open and AP Isolation turns off.
Goto page Previous  1, 2, 3, 4, 5  Next Display posts from previous:    Page 3 of 5
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum