[support]

First of all, do not tag any ports unless you’re connecting another router (with a tagged port) to the ports you’re tagging.

There are 5 preconfigured VLANs on the router, they are named: “LAN”, “Guest”, “X1”, “X2”, and “X3”. By default, “LAN” has the highest privilege and it can initiate communication to any other VLAN (thus all boxes with source “LAN” are ticked). And, only devices connected to “LAN” can log in the router management console.

In your case, assign Port 1 to X1, assign Port 2 to X2, leave Port 3 on LAN. Only computer connected to Port 3 can log in the router. No tagging!

Create SSIDs for Guest, X1, X2, X3 as you need, but you have to keep the SSIDs for LAN as they cannot be deleted. You can have up to 4 SSIDs per band, so you can’t run all SSIDs on both bands.

[support]

@strima We just released a fix for AP mode upgrade (v2.8.1). Follow the steps below:

1. Put the AP router back to Router mode
2. Change the LAN IP address of the router to be different from the main router (e.g., 192.168.11.1 if the main router has 192.168.10.1).
3. Connect the WAN port of this router to a LAN port on the main router
4. Click the “Check for updates” button on the System Settings page to upgrade
5. After upgrading, change the operating mode back to Access Point

You should be able to directly upgrade in AP mode after upgrading.

[support]

@strima Upgrade in AP mode is broken. We’ll fix this in the next release, coming in the next few days.

[support]

You can restore full backup files across hardware models since v2.6.2. VPN passwords, Cloud management key and DDNS password will be scrambled and you need to manually fix them. You may also want to inspect Network and Wireless settings to make sure they are OK.

[support]

The max speed with WireGuard for the AX1800 is 500Mbps. You should be able to get that if the VPN server is fast enough.

[support]

The certificate for the local website is self-signed. Browsers will complain that it’s not signed by a trusted certificate store. You can choose to proceed regardless of the warning since you know it’s your local router site.

[support]

What is your measured speed?

[support]

@strima Thanks for the additional info. We’re still looking into this.

[support]

2. You set it up once. Take it to location 2 and it should work. You can test it with your smartphone on mobile connection while at location 2. If you put it behind another router at location 2, you might need to set up port forwarding on that router for the UDP port used by remote control. But in most cases you don’t need to do that, it’ll just work.

3. If you put the ISP router in bridge mode, then the pcWRT router will have a direct Internet facing interface, just like it’s directly connected to your ISP.

[support]

What’s your hardware model and what VPN protocol are you using? What’s your speed measurement by the way?

[support]

To get a baseline, start with Access Control completely disabled. Compare the speeds of connecting the pcWRT directly to the ONT and pcWRT to Verizon router to ONT.

[support]

What are the speeds over Ethernet, 5GHz Wifi and 2.4GHz Wifi? Enforced Access Control will have an impact on speed but other settings do not.

[support]

There are two ways to remote control a pcWRT router:
1. Via pcWRT Cloud control (see the first post in the current topic)
2. Set up a VPN server on the pcWRT router and log back in your home network via VPN.

Method 1 is more secure than the normal way of opening up the web server port on your router and using DDNS to access the router. After you set it up, you’ll log in to pcwrt.com to manage the router. The pcwrt.com web server is used as a relay to send messages between your browser and the router. No data is saved on the server. And there’s no open port on your router (which you can use ShieldsUP to verify).

If you want to use method 2, here’s how to set up a VPN server on the router: https://portal.pcwrt.com/blog/2021/01/the-complete-guide-to-setting-up-a-wireguard-vpn-server-at-home-with-pcwrt/. Make sure the LAN box under “Network Access” is checked when you configure the VPN server.

Method 2 allows full functionality since it’s using the local web server on the router, while method 1 lacks some functionality (notably VPN management).

[support]

Glad it worked out.

[support]

Thanks for the suggestion. We’ll get some white colored inventory.

[Author]

Posts