Asus Multi-SSIDs, VLAN flash questions

[RBJ32]

(Old retired) Newbee questions. I recently installed a new router (Asus RT-AC68P) which as I understand is the RT-AC68U version 2). Anyhow I have one guest SSID setup for visitor smartphone WiFi and one for Roku. Also a regular LAN 2.4 setup. I'm curious about a few things, I realize my curiosities may encompass proprietary hardware info that is not available. But you guys are pretty knowledgeable and I'm interested in your input.

(1)How do these routers implement the multi-SSIDs (?) do they actually have more than one AP inside the router broadcasting to each SSID (?). Are they on the same channel within each frequency.

(2a)If I check not to allow intranet (LAN) access then I surmise this is somewhat as effective but not as effective as what VLAN wired switches do?

(2b)I read that VLANs are implemented with a tag for each port and there seems to be some firewall rules added also (correct?).

(3)If I wanted to experiment with VLAN I surmise I'd have to flash the router with a third party firmware with dd-wrt ability (?) and be sure it's compatible or end up with a brick.

(4)I read (somewhere) of a dd-wrt flash for the RT-AC68U but do they have one for the RT-AC68P ? Maybe I should just buy a used RT-AC68U for the flash (?)
If it works I could NAT it behind 68P.

Appreciate just whatever input anyone has time to give, for a curious learner.

 

[ColinTaylor]

(1) Guest networks are virtual interface created from the primary interface. As such they operate on the same channel as the primary does.
(2a) The router uses netfilter to block/allow traffic to the intranet.
(2b,3,4) Asus doesn't use VLANs (at least not in the way you're talking about). Try Tomato instead. Or just buy a cheap managed switch.

 

[Grisu]

(4)I read (somewhere) of a dd-wrt flash for the RT-AC68U but do they have one for the RT-AC68P ? Maybe I should just buy a used RT-AC68U for the flash (?)

as far as I know 68P got different (newer) hardware and is not supported by DD-WRT (easy to be left with a brick), dont know about Tomato.

 

[RMerlin]

as far as I know 68P got different (newer) hardware and is not supported by DD-WRT (easy to left with a brick), dont know about Tomato.

Tomato doesn't support the BCM4709C0 used by newer RT-AC68U revisions.

 

[RBJ32]

as far as I know 68P got different (newer) hardware and is not supported by DD-WRT (easy to be left with a brick), dont know about Tomato.

Tomato doesn't support the BCM4709C0 used by newer RT-AC68U revisions.

Thanks for the replies, looking at the DD-WRT supported list most Asus had a hyphen - for the H.W. ver.
Model || H.W. Rev || Chip data || ------------------- Min usable DD-WRT Ver.
RT-AC68P || - || Broadcom BCM4709 @1000 || rt-ac68u build 22490 20131008 (same file 68P and 68U)
RT-AC68U || - || Broadcom BCM4708A0 @800 || rt-ac68u build 22490 20131008
(1) What exactly does that mean when the H.W. version is blank with a hypen?

But as it turns out I want to leave my RT-AC68P with the Asus firmware update, it runs great and there aren't many new RT-AC68P for sale anymore.
(2) I looked up my old Linksys (WRT54G v2.2) on the DD-WRT supported list and it does show the H.W. ver, but has a blank space in the DD-WRT firmware file. So I guess that's not supported then?

Was looking at some older cheaper Asus models to play around with DD-WRT,
(3) At https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices#Asus,
At top of list is says, Recommended: use ASUS Firmware Restoration Tool for ASUS router initial flash (*.TRX file)
So I surmise that means to do the DD-WRT flash as if you were restoring the DD-WRT firmware file and not to use the Asus manual select firmware update?

 

[ColinTaylor]

Unless you can find a recent discussion about a specific DD-WRT release on your exact hardware I wouldn't trust anything on the DD-WRT wiki.

My personal experience of DD-WRT from a couple of years ago was that the wiki is hopelessly out of date, there's no interest in fixing bugs unless they're applicable to every router, they're happy to leave up router-bricking firmware builds, and the forums tend to be hostile. But YMMV.

 

[RBJ32]

Unless you can find a recent discussion about a specific DD-WRT release on your exact hardware I wouldn't trust anything on the DD-WRT wiki.

My personal experience of DD-WRT from a couple of years ago was that the wiki is hopelessly out of date, there's no interest in fixing bugs unless they're applicable to every router, they're happy to leave up router-bricking firmware builds, and the forums tend to be hostile. But YMMV.

Thank you Colin, I will heed your warning on that. However after I left here this morning I had a bit of tussle there this morning. I had read somewhere this user had success flashing the WRT54G v2.2 with the "dd-wrt.v24_mini_wrt54g.bin"
So I went to https://wiki.dd-wrt.com/wiki/index.php/Linksys_WRT54G_v2.2 and there downloaded the said file with no issues.

Then I proceeded to attempt to download the recover file (which I presume is an OEM flash?) in case I might need that. It was listed under "Reverting to OEM", Download and unzip OEM firmware WRT54G_v4.21.1_fw.zip

----- but as soon as I clicked on the highlighted line there as,
Go to Administration->Firmware Upgrade and select WRT54G_v4.21.1_fw.bin

---- I got Norton popup warning here which basically said,
Norton has detected a large amount of suspicious outbound traffic, your computer may be infected. Do you want to run Norton Eraser?
--
Uh . . well I set my coffee down and immediately closed the browser and disabled my network adapter.
Then I ran MalwareBytes with rootkits and it found nothing.
Then I ran CCleaner and cleaned everything except the registry.
Then I ran AdwCeaner and it found nothing.
So then enabled the network adapter and ran Norton Eraser and it found nothing.
But evidently there is some activity going on at the IP of that recovery file link at 162.210.196.166.

I will hold off for now on any further recreational activity of dd-wrt for now (lol).
Below is the full Norton report
-----------------------------------------
Norton Report:
Activity, An intrusion attempt by 162.210.196.166 was blocked.
Date & Time, 04/18/2019 9:30:39 AM
Status, Blocked
Recommended Action, No action required
-Advanced Details,
IPS Alert Name, Web Attack: Malicious Redirection 21
Default Action, No Action Required
Action Taken, No Action Required (but it popped up the Norton Eraser prompt)

Attacking Computer, "162.210.196.166, 80"

Attacker URL, "downloads.linksysbycisco.com/downloads/firmware/1224638367382/WRT54G_v4.21.1_fw.zip?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=2024fbda-61de-11e9-b0f9-bb0345b0b91d"

Destination Address,"192.168.1.16, 59526"

Source Address, 162.210.196.166

Traffic Description, TCP, www-http

Network traffic from, downloads.linksysbycisco.com/downloads/firmware/1224638367382/WRT54G_v4.21.1_fw.zip?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=2024fbda-61de-11e9-b0f9-bb0345b0b91d

matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE.

 

[ColinTaylor]

Well that's good isn't it!

Looks like the linksysbycisco.com domain has been hijacked by scammers (or maybe they bought it after it expired). I hope when you tried to download the OEM file you didn't agree to install any of the "extensions" that pop up.

 

[RBJ32]

Well that's good isn't it!

Looks like the linksysbycisco.com domain has been hijacked by scammers (or maybe they bought it after it expired). I hope when you tried to download the OEM file you didn't agree to install any of the "extensions" that pop up.

No I wouldn't have done that but I never had a chance anyhow before Norton Popped up and did it's job. I run both Norton and Malwarebytes. They each catch their share of crap looking at their logs but Norton was the first out of the shute yesterday.

I will try looking at Tomato and see if my Linksys WRT54G v2.2 is supported there. Otherwise I'll keep looking for a good deal on an older supported Asus router for Tomato. I scanned the Asuswrt-Merlin briefly but did not see any references to having Vlan features (?) which is mainly what I want to play around with.

Thanks again everyone's help that I've gotten from this forum.

 

[RBJ32]

With my limited knowledge not going to rush this still reading docs I find and even though it's my old router will probably wait till I get battery backup for router before doing flash.
But have a question on the firmware download.

At Shibby's router list at, http://tomato.groov.pl/?page_id=69

It had my wrt54g v2.2 router in it's supported list. (firmware)
Model |CPU Type|CPU Freq | LAN | Flash/RAM | Version | Notes
-------------------------------------------------------------------------------------------
Linksys WRT54G/GL/GS v1-v4 | R1 | 200-240 | 100 Mbps | 4-8/32-64MB | K24 or K26 |

On downloads I chose to download the K24 at,
http://tomato.groov.pl/download/K24/build5x-124-EN/
and I see this,
-------- Name ----------------------------------Last modified------ Size
extras.tar.gz---------------------------------2014-12-25 00:00----1.9 MB
fileMD5SUM -----------------------------------014-12-25 00:00---0.577 B
filetomato-ND-1.28.5x-124-SD-VPN.trx----------2014-12-25 00:00----3.7 MB
filetomato-ND-1.28.5x-124-VPN.trx------------ 2014-12-25 00:00----3.5 MB
filetomato-NDUSB-1.28.5x-124-Big-VPN.trx----2014-12-25 00:00----4.7 MB
filetomato-NDUSB-1.28.5x-124-BT-VPN.trx---- 2014-12-25 00:00--- 4.9 MB
filetomato-NDUSB-1.28.5x-124-BTgui.trx ------- 2014-12-25 00:00-----4.2 MB
filetomato-NDUSB-1.28.5x-124-Nocat-VPN.trx---2014-12-25 00:00----4.6 MB
filetomato-NDUSB-1.28.5x-124-VPN.trx-----------2014-12-25 00:00----4.5 MB

( ? ) Don't care about USB so looking at http://tomatousb.org/doc:build-types it looks like I want either
filetomato-ND-1.28.5x-124-SD-VPN.trx or filetomato-ND-1.28.5x-124-VPN.trx
(Not sure what the SD is for (?) also what exactly are the extras and how to install)

But will keep looking around.

 

[ColinTaylor]

This is the wrong sub-forum for your questions now, as you aren't using an Asus router and it isn't about Merlin's firmware.

 

[RBJ32]

This is the wrong sub-forum for your questions now, as you aren't using an Asus router and it isn't about Merlin's firmware.

Oh thanks did not realize SNB was limited to Asus & Merlin, will make a note. I did find out the SD-VPN includes support for SDHC cards so all I need is the image/tomato-ND-1.28.5x-124-VPN.trx

 

[L&LD]

Oh thanks did not realize SNB was limited to Asus & Merlin, will make a note. I did find out the SD-VPN includes support for SDHC cards so all I need is the image/tomato-ND-1.28.5x-124-VPN.trx

It's not limited to Asus and RMerlin.

But this thread is in the 'Asuswrt-Merlin' subforum though.

 

[RBJ32]

It's not limited to Asus and RMerlin.

But this thread is in the 'Asuswrt-Merlin' subforum though.

Oh thanks, duh I was so busy searching links today I didn't catch the sub delineation. Sloppy of me (sorry) it's past due time for new eyeglass prescription. You gotta watch old guys like me sometimes.