FW Gold SE + Wifi SD: No IP address (169.254.x.x APIPA)
ISSUE: WiFi SD subnet doesn't give out IP addresses.
SETUP
I bought a Gold SE and added WiFi SD to create a "Guest" network. Gold is used in Router mode with a Linksys Velop set in Bridge mode. DHCP is handled by FW (Firewalla).
The Gold's eth ports are grouped into 10.1.1.1/24 subnet ("LAN Main"), and the WiFi SD was set to 10.2.1.1/24 ("LAN Guest"). "LAN Guest" has DHCP enabled with 90 available IPs. IPv6 is turned off. In the app, the Guest subnet is assigned to the "Wi-Fi" interface. The 4 ethernet ports are not selected as they are taken by "LAN Main".
Internet <> Modem <> FW Gold SE + WiFi SD <> Linksys Velop WiFi mesh
When users connect via eth or Linksys WiFi, they are assigned 10.1.1.1/24 ("LAN Main"). When users connect to WiFi SD, they SHOULD be assigned 10.2.1.x/24 ("LAN Guest"), but instead, they time out and receive the APIPA address of 169.254.x.x.
Guests are thus not able to go onto the Internet. Any idea why DHCP does not work for "LAN Guest"?
-
Yes, I did:
- Network Type: LAN. Interface: Wi-Fi
- Wi-Fi Settings: SSID, Password, Hide SSID: Off
- Max Compatibility: Off
- Channel Selection: Auto
- Network Settings: IP 10.2.1.1/24
- DHCP: On. Range: 10.2.1.10 - 10.2.1.100. Primary DNS: 10.2.1.1
- Search domain: "guest"
- IPv6: Off
Every single device connected to that SSID gets a 169.254.x.x
-
Update on the issue after a couple weeks of back-and-forth with Support via email:
1. Turning on Max Compatibility indeed allowed the devices to get an IP address associated with the DHCP scope configured for WiFi-SD.
2. Note that turning on Max Compatibility enables just the 2.4GHz radio and disables 5GHz. It also lowers the WPA2 WiFi security level to one that is not secure (it can be cracked within minutes with readily available hacking tools). Firewalla prides itself with taking security seriously. It surprised me that Max Compatibility had to be enabled to make it work for an iPhone Xr, Samsung Galaxy S21+, and Microsoft Surface Pro 9 -- all perfectly capable, modern devices that support 5GHz and newer WiFi standards.
3. With or without Max Compatibility on, WiFi-SD was unreliable where some or all devices would not be able to go out onto the Internet for minutes at a time -- for my family or guests. Support then stated that WiFi-SD was not designed to be a 24/7 solution (a fact not mentioned anywhere on the website for the product) and that if a certain number of devices was exceeded (I forgot what was mentioned... 7?), that reliability could not be guaranteed. In other words, WiFi-SD is a crap product that is inferior to even the cheapest WiFi access points. I was so surprised by the performance issues, I asked whether I had received a defective product and asked if a replacement could be sent instead (this request was denied as there was no indication that it was defective, according to support.) Mind you, I bought the Gold and WiFi-SD less than a month ago.
In the end, I decided to not use WiFi-SD, eat the cost I paid for it, and split up my 4-node WiFi mesh to two networks of 2 nodes each. It has been reliable since.
Do not buy WiFi-SD.
-
Max compatibility is just forcing the connection to 2.4 GHz.
The WiFi-SD is not a great Access Point device; it was built to do "WISP" or WiFi WAN type of connection to your phone as a backup. So it is not perfect to operate both in the 2.4 and 5ghz range; this is likely the issue you are hitting while running it in AP mode.
Please sign in to leave a comment.
Comments
6 comments