802.11s Based Wireless Mesh Networking

802.11s is an open-source standard for connecting wireless devices without having to set up infrastructure. It operates on Layer 2 and makes sure that all nodes can see each other on a bridged Layer 2 network (as if they were all plugged into a switch). Any Layer 3 infrastructure will work on top of this. An IP router and DHCP clients will work well. More sophisticated infrastructure can be implemented depending upon the use case. (eg Batman, Bird, OLSR etc.)

802.11s works reliably with OpenWrt 19.07 and later, including authentication and encryption, assuming that there is hardware/driver support and that wpad-mesh-openssl (or equivalent) has been installed.

A possible ARP relay bug was reported that supposedly prevented mesh nodes more than a single hop from each other from converging into a single mesh.
This was however a configuration issue where it was not possible to set the mesh_gate_announcements parameter in the wireless config file.
This parameter had to be set manually using the iw utility, after startup and again after a network restart.
The mesh11sd package is now available to dynamically set and reset mesh parameters using the UCI config.
See: The Mesh11sd Project

If you want to run an encrypted mesh, you must install a version of wpad that supports mesh encryption.

At the time of writing, one of the following versions of wpad is required:

  • wpad-mesh-openssl (stripped down version to save space)
  • wpad-openssl (the full large version)
  • wpad-mesh-wolfssl (stripped down version to save space)
  • wpad-wolfssl (the full large version)

It may be necessary to remove the non-mesh version of wpad, depending which one is installed by default:

opkg update
opkg remove wpad-mini
opkg remove wpad-basic
opkg remove wpad-basic-wolfssl

Install the mesh supporting version:

opkg install wpad-mesh-openssl


opkg install wpad-openssl


opkg install wpad-mesh-wolfssl


opkg install wpad-wolfssl


  1. From September 2019, wpad-openssl or wpad-wolfssl became capable of 802.11s encyption.
  2. wpad-basic-wolfssl only has 802.11r and 802.11w support.
  3. wpad-mesh-openssl and wpad-mesh-wolfssl only have 802.11r/w and 802.11s support.
  4. wpad-openssl and wpad-wolfssl are the full version of wpad and have 802.11k/v/r/w and 802.11s support.
  5. The full version of wpad means that nothing was trimmed to reduce its size.

The /etc/config/wireless file should have a mesh section added along these lines:

config wifi-iface 'mesh'
        option network 'mesh'
        option device 'radio0'
        option disabled '0'
        option mode 'mesh'
        option ifname 'mesh0'
        option network 'lan'
        option mesh_id 'my-mesh-id'
        option encryption 'sae' # or 'none' if you do not want encryption
        option key 'your-secret-password'

Note: option network 'lan' bridges the the 'mesh' interface to the 'lan'.

This configuration should be sufficient to bring up the mesh network so you can now reinitialize wifi and see if it worked:

iw dev mesh0 info

You should see an output similar to:

Interface mesh0
	ifindex 10
	wdev 0x3
	addr 12:34:56:78:9a:bc
	type mesh point
	wiphy 0
	channel 2 (2417 MHz), width: 20 MHz, center1: 2417 MHz
	txpower 28.00 dBm
	multicast TXQ:
		qsz-byt	qsz-pkt	flows	drops	marks	overlmt	hashcol	tx-bytes	tx-packets
		0	0	129166	0	0	0	0	9107016		129167

Every device you want to participate in the mesh must be configured in the same way ie same mesh_id, same channel, same key.

This wireless UCI configuration may be sufficient for a “mesh” of two or possibly three meshnodes that are fairly close together. But an organic, autonomously self managing mesh network of many meshnodes requires additional configuration.

There are many mesh parameters available, some of which are essential for a reliable mesh network.

The majority of these however, require the mesh interface to be up and established before setting.

If these parameters were to be set in the wireless UCI config file, they would fail, as of course the wireless UCI config is used to start/restart the wireless system and the mesh interface only becomes established after UCI has completed its tasks.

Parameters can be set manually using the IW utility, but any settings done this way will only persist as long as the mesh interface is up. Rebooting, restarting the network, or reinitialising the wireless interface (“wifi” command) will set parameters back to default.

For permanently setting parameters, the Mesh11sd package should be installed:

opkg update
opkg install mesh11sd

The default parameters set and maintained by Mesh11sd (in /etc/config/mesh11sd) are:

    option mesh_fwding '1'
    option mesh_rssi_threshold '-80'
    option mesh_gate_announcements '1'
    option mesh_hwmp_rootmode '3'
    option mesh_max_peer_links '150'

These parameters are a good general set for an autonomously managed mesh network with many mesh peers.

Note: Parameters must be set in the Mesh11sd UCI config file (and not the Wireless UCI config file) to prevent errors being reported in the system log.

For full details of the Mesh11sd package see: mesh11sd

:!: Support for 802.11s (type mesh) depends on wireless driver. Most up to date open source drivers work. Note that some drivers may advertise they support mesh but have problems with it.

For example, at the time of writing, the ath10k-ct driver doesn't support mesh very well, resulting in errors and random dropping of wireless interfaces. It is recommended that you remove both ct module and ct firmware and install non-ct versions to get reliable mesh support.

Use the following to determine if your hardware supports 802.11s mesh.

iw list | grep "Supported interface modes" -A 9

      Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * WDS
                 * monitor
                 * mesh point
                 * P2P-client
		 * P2P-GO

Example: ath9k in router

iw list
valid interface combinations:
		 * #{ managed, WDS } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1, #{ IBSS } <= 1,
		   total <= 2048, #channels <= 1, STA/AP BI must match
		 * #{ IBSS, AP, mesh point } <= 1,
		   total <= 1, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz }

Example: ath9k_htc USB Stick

iw list
valid interface combinations:
		 * #{ managed, P2P-client } <= 2, #{ AP, mesh point, P2P-GO } <= 2,
		   total <= 2, #channels <= 1

It is possible to configure a mesh interface manually using the IW utility and this is how a mesh interface would be configured in a non-OpenWrt, generic Linux envirnoment.

iw is a nl80211 based CLI configuration utility for wireless devices.Read more...

Create a new interface “mesh0”

iw phy phy0 interface add mesh0 type mp mesh_id mymesh

Confirm that the new interface exists

ifconfig -a | grep mesh0

     mesh0      Link encap:Ethernet  HWaddr 00:18:39:14:48:B5

Bring up your mesh0 interface

ifconfig mesh0 up

Assign the interface an IP address, e.g.

ifconfig mesh0

By default, mesh points will use channel 1 and automatically attempt to create peer links with mesh nodes with the same mesh ID and channel.

Use the iw command to display peer links or a table of reachable nodes in your mesh

iw dev $MESH_IFACE station dump
iw dev $MESH_IFACE mpath dump


iw dev $MESH_IFACE station dump
    Station 00:15:6d:84:14:10 (on mesh)
         inactive time:  1320 ms
         rx bytes:   352
         rx packets: 4
         tx bytes:   174
         tx packets: 2
         signal:     -61 dBm
         tx bitrate: 1.0 MBit/s
         mesh llid:  32577
         mesh plid:  15969
         mesh plink: ESTAB
    Station 00:15:6d:84:14:09 (on mesh)
         inactive time:  3370 ms
         rx bytes:   1064
         rx packets: 12
         tx bytes:   545
         tx packets: 7
         signal:     -53 dBm
         tx bitrate: 1.0 MBit/s
         mesh llid:  41036
         mesh plid:  24435
         mesh plink: ESTAB

This may require the iw-full package! Block a peer from meshing using its MAC address

iw dev $MESH_IFACE station set $MAC_TO_BLOCK plink_action block

Verify using section above (iw dev $MESH_IFACE station dump)

	mesh plink:	BLOCKED


iw dev $MESH_IFACE station set $MAC_TO_UNBLOCK plink_action open

according to this source plink_action is not persisted across reconnects of mesh links.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/06/14 05:19
  • by bluewavenet