This article is about WLAN: everywhere in the house: on every floor, specifically about the commissioning of WLAN access points with OpenWrt as firmware. I have chosen the ZyXEL NWA50AX as the hardware for the access points: Equipped with 2 CPU cores, 128 MB flash and 256 MB RAM, the NWA50AX supports WiFi 6 (802.11ax) and can be powered with the supplied power supply unit or optionally via PoE. The ZyXEL NWA50AX is one of several available devices on which OpenWrt can be installed, see: OpenWrt hardware recommendation - available devices 2024.

For maximum speed and stability, I connect the access points directly to the main router via LAN cable. In addition to regularly updated firmware versions, OpenWrt also makes it possible to combine different devices from different manufacturers to create a WLAN mobility domain. A shared mobility domain enables the end devices to switch from one WLAN reception zone to another without any noticeable interruption.

Prerequisite: existing Internet router; goal: WLAN via additional access points

The Internet, regardless of the line technology or medium, is usually provided by the various operators in the form of a router. Although the router usually has an integrated WLAN, this is not always sufficient to cover all areas of the apartment or house. The aim of this article is to set up additional access points to improve WLAN coverage. The access points are connected to an existing switch or router with Internet access.

Unpacking: ZyXEL NWA50AX

First, the access point should be connected to the existing router using a network cable:

If it also receives some power via the supplied network cable, the access point should report to the existing router.

As the NWA50AX would also work via PoE, a switch with PoE or a PoE injector could be used as an alternative: The network cable alone would then be sufficient for the access point.

Flashing the firmware

If the access point is connected to the existing router, it assigns an IP address via the integrated DHCP server. The easiest way to read out the IP address is from the management interface of the existing router. The existing router can be determined in Windows, for example, using the "ipconfig" command in the command prompt or in the terminal. The router IP address is usually hidden behind the standard gateway:

Entered in the browser, here http://192.168.1.2, this calls up the router's administration interface. As an example, an existing router with OpenWrt as firmware shows all active DHCP leases of the connected devices on their overview page:

The router with active DHCP does not have to be an OpenWrt device; the Internet provider's router could also be used here: This should also list the IP addresses of the connected devices in its web interface.

When entering the IP address, here "http://192.168.1.139" or, depending on the router, possibly also the name "http://NWA50AX" in the browser, the administration interface of the original firmware of the access point starts:

The default user name of the NWA50AX is "admin" and the password is "1234"

Since we will overwrite the settings later anyway, the following 5 steps of the Setup Wizard can simply be confirmed with "Next":

For the flash process, the firmware can be obtained from the OpenWrt site: firmware-selector.openwrt.org/?version=23.05.3&target=ramips%2Fmt7621&id=zyxel_nwa50ax. It is best to select the latest available release and start the download using "FACTORY":

Back to the Zyxel management interface, the firmware is uploaded using "Maintenace" and "Browse":

Then click on "Upload"

At this point, a little patience is required: After approx. 3 minutes, the router first changes from a slow orange flashing to a hectic red flashing and finally to "green"

The router then restarts: after a slow green flash, it lights up green again continuously.

From now on, the access point can be reached at the OpenWrt standard IP address 192.168.1.1. If the main router happens to have the IP address 192.168.1.1 or an IP address outside 192.168.1.x, the access point can be disconnected from the router at this point and connected directly to a PC or laptop. The PC then requires a manual IP address in the subnet 192.168.1.x to access http://192.168.1.1: here as an example for Windows 11:

Settings:

If a PC with an IP address between: 192.168.1.2 - 254 is available, we can continue with the initial setup:

Initial setup of the access point (OpenWrt)

one after the other: 1) Log in: Username: root, password empty:

Of course, the empty password should be replaced with a correct password as soon as possible:

Configuration as access point:

For configuration as an access point, this does not necessarily require a static IP address, so the LAN interface can be set to "DHCP", whereby the access point receives an IP address from the main router.

It is also important to deactivate the DHCP server service at this point, as otherwise the access point will assign IP addresses to the connected devices and these may conflict with the addresses of the router.

Since the access point acts as a DHCP client, it obtains the IP address from the main router.

Another quick look at the main router reveals the IP address of the access point that has just been configured: As a rule, the router assigns the same IP address as before the flash process:

To give the access point a unique name, the host name should be adjusted in the system settings:

NTP

As the time of the access points was not always synchronized in the past, I set up a daily cron job so that the time is actively corrected every day:

30 03 * * *  ntpd -q -p 0.it.pool.ntp.org

Software packages

Certain roaming functions are only available with the full version of wpad, so I swapped the basic wpad package for the full version of wpad:

To ensure that the access points synchronize with each other and actively support WLAN roaming, I installed the roaming deamon "usteer":

To be able to import future updates more easily, or to get the installed software packages into the flash memory, I use the package Attended-Sysupgrade:

Pure access points: deactivate unneeded services:

The following 3 services are not required for a pure access point and can therefore be disabled and stopped: Firewall, udhcpd, dnsmasq:

Network / DHCP und DNS: löschen

Sysupgrade

To ensure that the memory of the additionally installed packages is transferred to the flash memory, a new system upgrade can be carried out after the software packages have been added. The easiest way to flash all packages directly into the firmware and thus save memory is via the pre-installed package: "Attended Sysupgrade":

So that the same firmware version can be flashed, we must activate "Advanced Mode" under Configuration:

Attended Sysupgrade suggests all software packages already installed and builds a new flash image from them:

The image is loaded by the browser in the background and the device is installed with it:

By selecting "Keep settings and retain the current configuration", all settings are retained.

When commissioning several access points of the same type, the following settings can be made on one AP and transferred to the other APs using Backup / Restore:

Commissioning - WLAN settings

After installing Wpad, the router should be restarted, which is also done by the system upgrade carried out earlier.

The following settings are also described in the article:"Uninterrupted WLAN: Roaming (Fast Transition)" and can also be set via terminal and SSH as an alternative to the web interface. The bash commands for the WLAN settings presented here can also be easily set via the terminal and our Online Helper which simplifies the Command generation: see:OpenWRT WLAN FT configuration - Generate online 

First, the Wi-Fi is set starting with one of the existing Wi-Fi networks:

I adjusted the country code in the Advanced Settings, as one of my access points could not activate the interfaces without the setting:

The name of the WLAN/identifier is set under "ESSID": here "WeLAN":

When using several access points, it makes sense to use different frequencies, see: WiFi in the area: Display and find the best WiFi channel.

The password for the WLAN is then set under "Wireless Security", under "Key":

The DTIM interval can be tuned in the Advanced tab. At this point, I use a DTIM interval of 3 for the 5 GHz WLAN and 1 for the 2.4 GHz WLAN:

Finally, the WLAN roaming settings: so that the devices can form a WLAN network with each other:

For 802.11r Fast Transition, I use a unique "Mobility Domain". The setting Reassociation Deadline: 20000 was able to eliminate the constant reconnection of certain devices.

If Wpad Full was installed and the router restarted, these additional options appear and the roaming behavior can be further optimized:

To ensure that the access point offers both 2.4GHz and 5GHz, all settings previously made for the 2.4GHz should also be set on the 5Ghz WLAN:

WLAN roaming settings are not listed separately here as screenshots; these should be set immediately for the first WLAN network.

If all WLAN interfaces have been set the same, they must be switched on at the end: "Enable":

Usteer settings

In order for the access points to actively intervene in the WLAN roaming, the previously installed roaming deamon should be adjusted slightly: Here are the settings I use for my setup:

see also: Uninterrupted WLAN: Roaming (Fast Transition)

Backup

Finally, I usually make a backup of the settings so that the device can be restored in the event of a fault. Alternatively, the backup can be imported to another access point so that it can be put into operation more quickly.

Conclusion

I have been using OpenWrt as firmware for my access points for several years now and have constantly optimized the settings and incorporated new available options, especially for the roaming functionality. The settings correspond to my current setup and I will adapt this or the associated articles if necessary if further optimizations arise. See also: Uninterrupted WLAN: Roaming (Fast Transition)