What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

AI-MESH with Multiple GuestNetworkPro - Auth Failure on AX86U_Pro

C

CHDI

New Around Here
Hi all,

I've a strange behavior with the following constellation:

1 * AX88U Pro (Router)
1 * AX6000 (Node)
2 * AX86U Pro (Nodes)

When I configure the Guest Network Pro with an aditional WLAN to the normal WLAN, it's not possible to connect through the AX86U Nodes.
I've tried different WLAN Types (IOT, KIDS, OTHER).
I got only connetion through the AX88U Pro and with AX6000.
Also I've tried diffrent Backhaul: Wireless, Ethernet LAN, Ethernet WAN.

On both AX86U Pro I can only connect to the first WLAN. Wenn I try to bind a device (Samsung Phone, Harmony, Laptop, ESPEasy) to an AX86U Pro the connection is lost. On an ESPEasy it show's "auth failure" in the Moment when it tries to connect to an AX86U Pro. Connection to the AX88U_Pro and AX6000 is stable with the same auth settings.

Also the managed Switchports between the systems are configured in the same way as best practice (untagged VLAN 1 - the worst one!!) between the Router and Nodes. All tagged and the untagged VLAN's are supportet. Also the used Router and Nodeports in ASUS VLAN-Tab are set in default setting to allow all. But also when I use the 5Ghz Wifi Backhaul it's the same...

The systems has all the latest available 3.0.0.6 software installed and running. Could it be the Image on AX86U Pro is buggy? Does I have to configure something else to have VLAN / WLAN support?
Is there a way to "debug" the situation to get a solution? I also thought about ASUS Merlin, but 3.0.0.6 is not available for all named devices...
 
My guess is that you need to:
  1. Configure managed switch to pass specific VLAN IDs through to nodes (802.1Q VLAN config or the like); or
  2. Configure which node(s) Guest Network Pro networks are being pushed to via AiMesh within Network settings.
 
bennor said:
Possibly relevant Asus support documents if you haven't seen them yet/already.
Click to expand...
The configuration is done as described and it works for the AX88U_Pro and for the AX6000. But the exact same configuration does not work for the AX86U Pro. So it's not the basics to implement the Mesh and to have diffrent VLANs on the device and on the ports. Just the two Nodes AX86U can't deploy the additional WLANs correct :(
 
visortgw said:
My guess is that you need to:
  1. Configure managed switch to pass specific VLAN IDs through to nodes (802.1Q VLAN config or the like); or
  2. Configure which node(s) Guest Network Pro networks are being pushed to via AiMesh within Network settings.
Click to expand...
The Ports for the router and nodes are configured with PVID 1 and the tagged VLANs ot the aditional WLANs and it works with the AX6000.

In the Network Settings Tab for The GuestNetworkPro all WLAN's are deployed to all Nodes in the same way.
 

Attachments

  • 2025-02-19 20_20_04-ASUS WLAN-Router RT-AX88U Pro - AiMesh – Mozilla Firefox.png
    2025-02-19 20_20_04-ASUS WLAN-Router RT-AX88U Pro - AiMesh – Mozilla Firefox.png
    51.6 KB · Views: 13
  • 2025-02-19 20_20_46-ASUS WLAN-Router RT-AX88U Pro - SDN – Mozilla Firefox.png
    2025-02-19 20_20_46-ASUS WLAN-Router RT-AX88U Pro - SDN – Mozilla Firefox.png
    16.5 KB · Views: 10
  • 2025-02-19 20_22_43-ASUS WLAN-Router RT-AX88U Pro - VLAN Switch – Mozilla Firefox.png
    2025-02-19 20_22_43-ASUS WLAN-Router RT-AX88U Pro - VLAN Switch – Mozilla Firefox.png
    112.3 KB · Views: 14
CHDI said:
Hi all,

I've a strange behavior with the following constellation:

1 * AX88U Pro (Router)
1 * AX6000 (Node)
2 * AX86U Pro (Nodes)

When I configure the Guest Network Pro with an aditional WLAN to the normal WLAN, it's not possible to connect through the AX86U Nodes.
I've tried different WLAN Types (IOT, KIDS, OTHER).
I got only connetion through the AX88U Pro and with AX6000.
Also I've tried diffrent Backhaul: Wireless, Ethernet LAN, Ethernet WAN.

On both AX86U Pro I can only connect to the first WLAN. Wenn I try to bind a device (Samsung Phone, Harmony, Laptop, ESPEasy) to an AX86U Pro the connection is lost. On an ESPEasy it show's "auth failure" in the Moment when it tries to connect to an AX86U Pro. Connection to the AX88U_Pro and AX6000 is stable with the same auth settings.

Also the managed Switchports between the systems are configured in the same way as best practice (untagged VLAN 1 - the worst one!!) between the Router and Nodes. All tagged and the untagged VLAN's are supportet. Also the used Router and Nodeports in ASUS VLAN-Tab are set in default setting to allow all. But also when I use the 5Ghz Wifi Backhaul it's the same...

The systems has all the latest available 3.0.0.6 software installed and running. Could it be the Image on AX86U Pro is buggy? Does I have to configure something else to have VLAN / WLAN support?
Is there a way to "debug" the situation to get a solution? I also thought about ASUS Merlin, but 3.0.0.6 is not available for all named devices...
Click to expand...

My AiMesh configuration is noted here. I only have the AX88U Pro router and one MoCA2.5 wired AX86U Pro node, with two custom WLANs (Guest, IoT) as noted. I have not configured the VLANs beyond their defaults since I need to upgrade my unmanaged switches first... and I'm not sure VLANs will work across the MoCA adapters(?), although the MoCA backhaul is direct... does not route through any switches.

I can connect my mobile to the custom Guest WLAN at the router, walk out the other side of the house and into the garage while watching my mobile connection first drop to 'good' as I leave the house and then immediately rise back to 'excellent' as I approach the garage node, 77' from the house router. And vice-versa... it just works seamlessly.

My mobile is normally on the main WLAN (I'm no guest!) and I get the same joy roaming around my AiMesh while mowing 2 acres on a lawn tractor.

That said, I have found the Guest Network Pro code at this point to be barely there and in need of the coming overhaul by ASUS. My approach has been to only use/configure a few custom VLANs minimally to get basic Guest and IoT WLANs and then don't mess with them any further until ASUS finishes re-engineering their SDN implementation.

OE
 
Last edited:
OzarkEdge said:
My AiMesh configuration is noted here. I only have the AX88U Pro router and one MoCA2.5 wired AX86U Pro node, with two custom WLANs (Guest, IoT) as noted. I have not configured the VLANs beyond their defaults since I need to upgrade my unmanaged switches first... and I'm not sure VLANs will work across the MoCA adapters(?), although the MoCA backhaul is direct... does not route through any switches.

I can connect my mobile to the custom Guest WLAN at the router, walk out the other side of the house and into the garage while watching my mobile connection first drop to 'good' as I leave the house and then immediately rise back to 'excellent' as I approach the garage node, 77' from the house router. And vice-versa... it just works seamlessly.

My mobile is normally on the main WLAN (I'm no guest!) and I get the same joy roaming around my AiMesh while mowing 2 acres on a lawn tractor.

That said, I have found the Guest Network Pro code at this point to be barely there and in need of the coming overhaul by ASUS. My approach has been to only use/configure a few custom VLANs minimally to get basic Guest and IoT WLANs and then don't mess with them any further until ASUS finishes re-engineering their SDN implementation.

OE
Click to expand...
That's a good hint - not the wished constellation. Want to use the things pushed with the marketing anounce... :) .
I'll try to configure it.
 
I've checked the configuration - WLAN bw & ch was not fixed, but automaticly set ok. set it fixed.
Disabled UPNP, SMB etc. on router/nodes
The rest was identicly.

I've create a new Custom Guest Network Pro, also changed the one I have.
In every constellation it's not possible to bin a device in a GuestNetworkPro to any of the both AX86U_Pro. BUT it's possibly all the time to connect to AX88U_Pro and AX6000 with full access and stable.

So configuration in gui is the same for all nodes.
Switchports are identical for all nodes
Don't get the problem - seems not to be the configuration when just two equal hardware nodes work not correct, and another do!?
So WLAN seems to be send out from the failed nodes, but connection is not possible - just get the auth failure on on device - the most others just give me an error.

How is ist possible to check per ssh the relevant settings of the nodes?
What are the commands to check VLAN / WLAN / WPA / anything else needed to find the difference?
 

Attachments

  • 2025-02-20 12_28_17-ASUS WLAN-Router RT-AX88U Pro - SDN – Mozilla Firefox.png
    2025-02-20 12_28_17-ASUS WLAN-Router RT-AX88U Pro - SDN – Mozilla Firefox.png
    45.1 KB · Views: 9
My initial SDN setup experience suggested that setting one too many WLAN/VLANs does not work... they don't broadcast on the node... ASUS has posted a max limit somewhere, like 5, but that's probably too many for current firmware and less-than-purpose-built hardware. I stopped at two and the IoT WLAN is only on the 2.4GHz band. And I've seen other weird SDN firmware behavior when messing with it too much... I deleted it all and started over more than once as I discovered its limits.

Use a WiFi analyzer app to see what is being broadcast... I'm currently using the open source analyzer for Android by VREM Software (a little slow on graphing signals)... until I find something better I can trust.

It's near impossible to suggest how to troubleshoot this issue. The best I can suggest is to keep it simple and the usual... Hard Reset, configure minimally from scratch... don't build out/add more nodes until what you have works as advertised, so you know when things go wrong... and then don't touch it.

You are using a lot of strong nodes... the usual reason is dense building materials that block WiFi. Otherwise, you must be trying to cover a very very very large area. My two APs cover three 1600sqft levels and a detached 1700sqft garage, all brick facia with wood stud and drywall, not to mention the surrounding two acres.

ASUS needs to get their AiMesh act together before the competition owns the plug-and-play home WiFi market.

OE
 
Last edited:
OzarkEdge said:
My initial SDN setup experience suggested that setting one too many WLAN/VLANs does not work... they don't broadcast on the node... ASUS has posted a max limit somewhere, like 5, but that's probably too many for current firmware and less-than-purpose-built hardware. I stopped at two and the IoT WLAN is only on the 2.4GHz band. And I've seen other weird SDN firmware behavior when messing with it too much... I deleted it all and started over more than once as I discovered its limits.

Use a WiFi analyzer app to see what is being broadcast... I'm currently using the open source analyzer for Android by VREM Software (a little slow on graphing signals)... until I find something better I can trust.

It's near impossible to suggest how to troubleshoot this issue. The best I can suggest is to keep it simple and the usual... Hard Reset, configure minimally from scratch... don't build out/add more nodes until what you have works as advertised, so you know when things go wrong... and then don't touch it.

You are using a lot of strong nodes... the usual reason is dense building materials that block WiFi. Otherwise, you must be trying to cover a very very very large area. My two APs cover three 1600sqft levels and a detached 1700sqft garage, all brick facia with wood stud and drywall, not to mention the surrounding two acres.

ASUS needs to get their AiMesh act together before the competition owns the plug-and-play home WiFi market.

OE
Click to expand...
OK - I understood.
We have two buildings and one garage. I made a spot in the areas, where the signal get extreme low.

So I check to reduce the Guest networks - but actually there are 3-4 with wifi and two just wired in diffrent VLAN's
For the qired it would also be possible to have another routing instance, like a pfsense. I hoped to get everything easy in one device :( . But when you are right I've to reduce ...

BR Chris
 
CHDI said:
I've checked the configuration - WLAN bw & ch was not fixed, but automaticly set ok. set it fixed.
Disabled UPNP, SMB etc. on router/nodes
The rest was identicly.

I've create a new Custom Guest Network Pro, also changed the one I have.
In every constellation it's not possible to bin a device in a GuestNetworkPro to any of the both AX86U_Pro. BUT it's possibly all the time to connect to AX88U_Pro and AX6000 with full access and stable.

So configuration in gui is the same for all nodes.
Switchports are identical for all nodes
Don't get the problem - seems not to be the configuration when just two equal hardware nodes work not correct, and another do!?
So WLAN seems to be send out from the failed nodes, but connection is not possible - just get the auth failure on on device - the most others just give me an error.

How is ist possible to check per ssh the relevant settings of the nodes?
What are the commands to check VLAN / WLAN / WPA / anything else needed to find the difference?
Click to expand...
The primary limitation that I have discovered is that you can only push two guest networks per band (i.e. 2.4, 5, or 6 GHz) to each AiMesh node. I have the following distributed among four (4) AiMesh nodes:
  • 2.4 GHz IoT network
  • 5 GHz IoT network
  • 2.4/5/6 GHz guest network
Also, the title of the thread mentions "(and managed switch)". I don't see any details about a managed switch or its configuration. Specifically, the VLAN ID tags need to be configured/enabled for each managed switch port used as input to an AiMesh node.
 
Damn - that the solution - the AX86U Pro can't deploy the amount of Networks :( ...
When I reduce SSID on these nodes, the connection is possible.

Thanks so far - I hope the developers will fix that and raise the number - just to the five...

I remove the managed switch in thread title. So I think is solved. Do you have the document with the information of the limitation? I don't get this fact ...
 
visortgw said:
The primary limitation that I have discovered is that you can only push two guest networks per band (i.e. 2.4, 5, or 6 GHz) to each AiMesh node.
Click to expand...
This is so frustrating and just really disappointing. I do not want to throw brickbats unnecessarily, but really, this is poor. I have been following this (lack of) implementation of AImesh to Nodes across the various threads (and @Tech9 has commented often, on the same).
visortgw said:
I have the following distributed among four (4) AiMesh nodes:
  • 2.4 GHz IoT network
  • 5 GHz IoT network
  • 2.4/5/6 GHz guest network
Also, the title of the thread mentions "(and managed switch)". I don't see any details about a managed switch or its configuration. Specifically, the VLAN ID tags need to be configured/enabled for each managed switch port used as input to an AiMesh node.
Click to expand...
Can I assume you do not need a managed switch to actually make the TWO GNs work, only that IF you have a managed switch, you must configure the VLAN ID Tags for each? And that if you have an unmanaged switch, it (GN propagation) will still work, no configuration needed?
 
Last edited:
jksmurf said:
This is so frustrating and just really disappointing. I do not want to throw brickbats unnecessarily, but really, this is poor. I have been following this across the various threads (and @Tech9 has commented often, on the same)

Can I assume you do not need a managed switch to actually make the TWO GNs work, only that IF you have a managed switch, you must configure the VLAN ID Tags for each? And taht if you have an unmanaged switch, it (GN propogation) will still work, no configuration needed?
Click to expand...
It apparently depends on brand of unmanaged switch. My experience shows that TP-Link unmanaged switches work, and TRENDnet do not -- for whatever reason, TRENDnet unmanaged switches do not pass along VLAN ID tags. I cannot speak to other brands.
 
visortgw said:
It apparently depends on brand of unmanaged switch. My experience shows that TP-Link unmanaged switches work, and TRENDnet do not -- for whatever reason, TRENDnet unmanaged switches do not pass along VLAN ID tags. I cannot speak to other brands.
Click to expand...
Goodness me...the plot thickens...

Maybe as time goes on, this forum can build up a list of "Unmanaged Switches that work with ASUS Pro Network Propagation to AIMesh Nodes...." :-).
 
Last edited:
OzarkEdge said:
Search ASUS Support FAQs.

This FAQ (see content A.) mentions the limit of five I was referring to:

OE
Click to expand...
I mean the documentation of the SSID Limit per device... seems I'm blind. I don't se the limit for the amount of SSID per hardwaremodels just the hint for the wifi bands... And yes I can't do a 6GHz on a node without the capability for 6GHz.

AX86U Pro runs with 3 SSID without Problems as expected - don't use 4 SSID or more on this model (with actual firmware 3.0.0.6.102_34336-gc04af06_403-gd851b)
AX88U Pro and AX6000 can run more than 3 SSID without problems (don't testet the limit - yet)

But good to know in all tests the primary SSID (configured by WLAN not by Guest Network Pro) is always reachble! So I was not sure if it's an VLAN problem between the nodes, cause the untagged VLAN with BASE WLAN works.
 
You must log in or register to reply here.

Similar threads

S
Looking for a new AI mesh node to pair with my new GT-BE98 Pro base
Replies
10
Views
554
Jbennett360
J
P
AI Mesh on RT-BE88U with 3006_102.2_beta1
Replies
3
Views
628
Wisiwyg
W
J
Solved *SOLVED* Asus RT-AX86U Pro on latest Merlin 3004.388.4, cannot get RT-AC68U (on any firmware) to connect as a AI Mesh Node
Replies
3
Views
2K
jamesnmandy
J
drinkingbird
Tutorial How to use VLANs on your non-pro Asus router with 386 or 388 code (no scripting required)
2 3
Replies
59
Views
22K
YRTFS
Y
L
"Fun" with SAMBA on XT8 Mesh LAN (It's not working!)
2
Replies
24
Views
3K
LouisRedux
L
Similar threads
Thread starter Title Forum Replies Date
E AX92u Mesh and rDevices roaming ASUSWRT - Official 3
R Guest WiFi Pro on GT-AX11000 Pro & RT-AX88U Mesh System ASUSWRT - Official 15
M Main vs mesh nodes with different firmware (guest network pro) ASUSWRT - Official 5
W Asus Main Router & Mesh Node Country Setting ASUSWRT - Official 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 622 (members: 21, guests: 601)
Back
Top