Asus in Router mode with external DHCP?

[busch09]

Hi,

My Mikrotik Internet Gateway Router with DHCP Server is at 192.168.1.1, serving 192.168.1.1/24 IPs. Is it possible to run the ASUS in router mode (with parental controls active) yet receive wifi client IPs from the miktrotik dhcp server?

I tried various configs with setting the lan gateway and DNS but it's not working...

 

[drinkingbird]

Hi,

My Mikrotik Internet Gateway Router with DHCP Server is at 192.168.1.1, serving 192.168.1.1/24 IPs. Is it possible to run the ASUS in router mode (with parental controls active) yet receive wifi client IPs from the miktrotik dhcp server?

I tried various configs with setting the lan gateway and DNS but it's not working...

Routers block DHCP. The only way to get it to work would be to create a DHCP scope on the mikrotik other than 192.168.1.0 and use that for the LAN off the asus, then create a script to do "IP Helper" statements on the LAN interface of the asus to forward DHCP queries upstream via the WAN port (disable NAT and disable DHCP on the Asus) to the Mikrotik. You will need some static routes too. It is a complex setup and not even positive how you would create the IP Helper, probably forwarding rules in the iptables. Scripts would require you to use Merlin software.

In reality you should just use the asus as an Access point, or if you want it in router mode, do a double NAT or run it in router mode without NAT, with the Asus doing DHCP to your LAN clients.

 

[tgl]

I'd think about letting the Asus serve DHCP to its wireless clients while the Mikrotik serves DHCP to whatever wired clients connect directly to the Mikrotik. Just set the two DHCP servers to give out non-overlapping address ranges.

 

[Tech9]

All the client IPs must be reserved in this case because the clients with automatic DHCP assignment will pick up an IP on first response from either DHCP. Asus in router mode will work with DHCP disabled, but with limited functionality. Built-in DHCP gives IPs to Guest Network clients and AiMesh nodes.

 

[tgl]

All the client IPs must be reserved in this case because the clients with automatic DHCP assignment will pick up an IP on first response from either DHCP.

That's only a problem if the Asus allows DHCP assignment traffic to pass through it, which it shouldn't in router mode. (You also have to be sure that it's not offering DHCP to stuff outside its WAN port, but that shouldn't happen either in a normal configuration.)

 

[drinkingbird]

All the client IPs must be reserved in this case because the clients with automatic DHCP assignment will pick up an IP on first response from either DHCP. Asus in router mode will work with DHCP disabled, but with limited functionality. Built-in DHCP gives IPs to Guest Network clients and AiMesh nodes.

As long as the mikrotik is off the WAN it won't have any conflicts, two different DHCP segments that won't see each other. Putting the mikrotik off the LAN would work if you disabled DHCP in the Asus but then you aren't getting the stuff he wants (parental controls etc), it would essentially just be an AP at that point.

 

[Tech9]

As long as the mikrotik is off the WAN

I see now what @busch09 wants to do. I was thinking 2x DHCP servers on the LAN side.

 

[drinkingbird]

I see now what @busch09 wants to do. I was thinking 2x DHCP servers on the LAN side.

Technically it would probably work since any properly functioning DHCP server pings the IP before handing it out, but it would be a confusing mess (and not all IPs are pingable). But yeah sounds like they want cascaded routers in order to use some of the asus features. Though I would think most of those features are supported in the Mikrotik, other than the somewhat useless trend micro stuff.

 

[Tech9]

Though I would think most of those features are supported in the Mikrotik

Yes.

Manual:Kid-control - MikroTik Wiki

wiki.mikrotik.com

How to use block lists (ad-blocking example, replace with adult content lists)

Recommend way to block Ads with Mikrotik - MikroTik

forum.mikrotik.com

 

[busch09]

Thanks for the many responses!
What I am actually trying to achieve is have the Asus in router mode so I can use the parental controls in the Asus. Through the Asus app access to tweaks are easier / quicker and I can add screen time on the fly per kid's device, Mikrotik router OS doesn't do that.
I also want to have Asus mesh nodes going through a mikrotik ethernet/wired backbone of two CRS309 (living room with the main Asus, garage with a Asus mesh node) routers.

ONT-4011-CRS309-CRS309
           |      |
      ASUS88Mstr Asus88Node

I am able to setup the dual dhcp succesfully. all wifi clients go through the Asus dhcp with .50.x/24 IPs. all world clients get an IP form the mikrotik on 1.x/24. Problem is with this dual dhcp setup, the Asus wired mesh doesn't work...

 

[drinkingbird]

Thanks for the many responses!
What I am actually trying to achieve is have the Asus in router mode so I can use the parental controls in the Asus. Through the Asus app access to tweaks are easier / quicker and I can add screen time on the fly per kid's device, Mikrotik router OS doesn't do that.
I also want to have Asus mesh nodes going through a mikrotik ethernet/wired backbone of two CRS309 (living room with the main Asus, garage with a Asus mesh node) routers.

ONT-4011-CRS309-CRS309
           |      |
      ASUS88Mstr Asus88Node

I am able to setup the dual dhcp succesfully. all wifi clients go through the Asus dhcp with .50.x/24 IPs. all world clients get an IP form the mikrotik on 1.x/24. Problem is with this dual dhcp setup, the Asus wired mesh doesn't work...

You need to add VLANs 501 and 502 Tagged to the mikrotiks since Asus uses those for wired Aimesh. On some routers 503 is needed also (just set up all 3, can't hurt). Tag those VLANs on the ports that go to each Asus and also the link between the mikrotiks. Leave the native vlan1 untagged on the ports also. You only need it at layer 2 on the switch portion, no IPs or DHCP etc needed.

 

[Tech9]

What I am actually trying to achieve is have the Asus in router mode so I can use the parental controls in the Asus. Through the Asus app access to tweaks are easier / quicker and I can add screen time on the fly per kid's device, Mikrotik router OS doesn't do that.

Very few business class routers have Parental Controls. Some have the tools to re-create what parental controls do in home routers. If you're more comfortable with Asuswrt GUI - just make the Asus router your main and save yourself the trouble. What is this MikroTik router doing there?

 

[ali.]

Technically it would probably work since any properly functioning DHCP server pings the IP before handing it out, but it would be a confusing mess (and not all IPs are pingable). But yeah sounds like they want cascaded routers in order to use some of the asus features. Though I would think most of those features are supported in the Mikrotik, other than the somewhat useless trend micro stuff.

I have a different reason for running in router mode: Airplay does not work in AP mode. My connection is as follows: PfSense --> LAN Port of GT-AX11000.

I have disabled WAN, DHCP, and firewall and set PfSense as the DNS server.

The issue I am facing is that I can access the router management console if I am connected to WiFi. However, the management console is inaccessible if I am connected to a wired connection on another VLAN.

Any help is appreciated.

 

[Tech9]

Your home router as AP to VLAN capable firewall is kind of wrong hardware and the issue you have has nothing to do with it. On your pfSense firewall you have to allow this traffic to pass in firewall rules from the initiating the traffic network to the destination network or where the AP is in your case.

 

[ali.]

Your home router as AP to VLAN capable firewall is kind of wrong hardware and the issue you have has nothing to do with it. On your pfSense firewall you have to allow this traffic to pass in firewall rules from the initiating the traffic network to the destination network or where the AP is in your case.

I have done that already. Previously, everything ran smoothly on AP mode, except for AirPlay. This is why I am doing this whole routine, and ironically, now even the router mode does not seem to be helping.

Note that all my devices are part of one subnet and that is the subnet broadcasting on the WiFi

 

[Tech9]

This issue may be related to the firewall on the device you are trying to access the different network with. Your configuration looks like finding workaround for something not working correctly to begin with and hoping it will start working with trial and error. Time to get a proper VLAN capable AP perhaps?

 

[ali.]

This issue may be related to the firewall on the device you are trying to access the different network with. Your configuration looks like finding workaround for something not working correctly to begin with and hoping it will start working with trial and error. Time to get a proper VLAN capable AP perhaps?

My use case does not require me to transmit multiple VLANs, and I have too much money sunk into the Asus ecosystem. But maybe in future.

 

[Tech9]

In your previous posts you are mentioning AiMesh. In AP Mode it will work, but you have your main node in Router Mode now.

How is this even working with external DHCP when AiMesh requires main node (when in Router Mode) with DHCP server enabled?

 

[ali.]

In your previous posts you are mentioning AiMesh. In AP Mode it will work, but you have your main node in Router Mode now.

How is this even working with external DHCP when AiMesh requires main node (when in Router Mode) with DHCP server enabled?

PfSense is handling all the DHCP assignments. So far, all my Wi-Fi devices are connecting just fine.