What's new

Release ASUS RT-AX86U Pro Firmware version 3.0.0.6_102_34312 - 2024/05/09

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

thanks - i should've worded my situation better: currently not on either firmware but getting this model soon; sounds like latest stock firmware should work for me as I do not have ipv6; thanks again!

You should be able to move forward now with this current stock firmware... install it, Hard Reset it, and configure it from scratch.

OE
 
Some comments and observations after spending some time playing with the basic 3.0.0.6_102_34312 firmware settings on an RT-AX86U Pro (no AiMesh, no VPN, no USB drive attached). Some of which has been reported/commented on already by others.

The Asus Privacy Notice in the QIS setup section is very troubling after taking a read through it. While you can decline it and proceed to setup the router, Asus makes it clear that they CAN and WILL push updates (note text in Section #2) if they feel it's warranted.
ASUS PRIVACY NOTICE (for firmware/security upgrades)

Welcome to use ASUS router (“this router”)! Please read this Notice carefully:

1. In order to provide you with firmware and security upgrades on this router and to analyze user experience for the purpose of development and evaluation of new products and services of ASUS, by clicking “Agree” below, you agree to share your following data related to this router, including IP address, hashed MAC address, the country of manufacture, model name, firmware and software module version, manufacture date and version of hardware, firmware update data (such as execution method, time and numbers of firmware update), system status (such as usage status of fan, CPU, RAM, flash memory and voltage), numbers and time of boot-ups, the time and network you use to connect to this router, crash history, product name and code, login status of ASUS router app and the number of times of security events with ASUS.

2. Please kindly note: If you click “Disagree” below or disable the sharing of the above data with ASUS through “Administration” page, it may result in the inability to update to the latest firmware version and unable to receive the most up-to-date security protection on this router; However, to protect the security of your router and ensure the compliance with laws, for upgrades addressing important security issues or meeting legal/regulatory requirements, those upgrades will still be downloaded and installed automatically. In this case, ASUS will collect your IP address, hashed MAC address, the country of manufacture, model name, firmware and software module version, which is necessary data for ASUS to deliver these important upgrades to your router.

3. ASUS is committed to protecting and respecting your privacy; you may visit “Administration->Firmware Upgrade/ Privacy” page to enable/disable the sharing of your above data with ASUS at all times. To know more about how ASUS protects your privacy, please visit ASUS’ Privacy Policy. (ASUS’ Privacy Policy)


[] I am above the age of 16 years.

To protect your privacy, please proceed with the age check. If you are a child under the age of 16, to protect your privacy, generally we will not collect the above data in paragraph 1 through this router except when providing you with upgrades addressing important security issues or meeting legal/regulatory requirements as mentioned above in paragraph 2.
When you hit the Disagree button you get the following dialog with the options "Read Again" or "I understood the risk":
Please be advised that disagreeing with ASUS PRIVACY NOTICE (for firmware/security upgrades) may result in the inability to update to the latest firmware version and unable to receive the most up-to-date protection on your ASUS Router; However, to protect the security of your router and ensure the compliance with laws, for upgrades addressing important security issues or meeting legal/regulatory requirements , those upgrades will still be downloaded and installed automatically.

Read Again I understood the risk
When one selects "I understood the risk" after previously hitting Decline; the following options are turned off on the Administration > Firmware Upgrade page.
  • Auto Firmware Upgrade
  • Security Upgrade
Unknown what other options are turned off in addition to those two.

So even with those options turn off apparently Asus can still push updates. That will be very concerning to say the least to those who want control over how their router is updated. In particular to prevent issues that have plagued Asus in the past when they pushed files that borked the router, in some cases rendered the router unusable.

There appears to be a possible typo on the Administration > Firmware Upgrade page.
5. Regarding data collection for firmware/security upgrades, please refer to “ASUS PRIVACY NOTICE (for firmware/security upgrades) at “Administration -> Privacy” page.
There doesn't appear to be a "Privacy" page under Administration unless I missed it. There is a "Policy" page.

In LAN > LAN - DHCP Server > DNS and WINS Server Setting section there is now the following option that one finds in Asus-Merlin firmware.
Advertise router's IP in addition to user-specified DNS
Don't remember if it was there in earlier stock firmware. This will be a benefit for some (like Pi-Hole users) if this is new in the stock firmware.

It appears, at least in my testing, for Guest Network Pro IoT; if you enable "Use the same subnet as main network" option it doesn't appear the Guest Network WiFi clients are isolated from the main LAN clients, even if you select the Custom Network option and set "Access Intranet" to off.

When "Use the same subnet as main network" is set to off it appears Guest Network Pro IoT WiFi clients are isolated from main LAN and cannot access main LAN clients. Same when using Custom Network.

When using Customized Network with "Use the same subnet as main network" option disabled and with "Access Intranet" set to off, then assign Pi-Hole server in manual DNS entry section, Guest Network Pro WiFi clients cannot access Pi-Hole servers on main LAN. If "Access Intranet" is enabled then Guest Network Pro WiFi clients could access Pi-Hole servers.

When the Guest Network Pro gives the option to set the DNS, if set to Default it assigns the Guest Network Pro Gateway IP address (ex: 192.168.52.1 or 192.168.53.1 in my testing) as the Guest Network Pro WiFi clients DNS server.

It appears you can manually set the Guest Network Pro WiFi client IP addresses on LAN > DHCP Server section provided you have "Use the same subnet as main network" enabled. When that option is disable the Guest Network Pro WiFi clients pull random IP addresses from the Gateway IP address network pool (in my testing of two Guest Network Pro custom networks they used 192.168.52.x for 5ghz network and 192.158.53.x for 2.4Ghz network). Did not see any way to manually set IP addresses for Guest Network Pro WiFi clients when "Use the same subnet as main network" is disabled. That may be a problem for some who want more granular control like they can get with Asus-Merlin and YazFi's custom scripting to set Guest Network WiFi IP addresses.

The firmware will be fine for those who just need the basics. I didn't test AiMesh or VPN so cannot comment on those features in the firmware. The Guest Network Pro will take some experimenting to get right for the individual use case once people understand how it works.

Personally I rolled back to Asus-Merlin 3004.388.7 (with YazDHCP and YazFi) to regain some more granular control over certain settings not offered (that I could see) in the stock Asus 3.0.0.6_102_34312 firmware. Will be interesting to see how the Asus-Merlin version of the 3006 firmware will stack up against the stock Asus 3006 firmware when (if) a version for the RT-AX86U Pro is released. And if various add-on scripts like YazDHCP and YazFi will work or if they'll need (probably extensive) rewriting to make them work.
 
Last edited:
That will be very concerning to say the least

After Disagree this router has to stay quiet and never contact Asus update website. Manual updates only and user initiated. If it still checks for firmware update every day as usual - it violates the agreement. If Asus auto upgrades the router regardless or the user's choice - this action also violates the agreement. I don't understand the point of it. I know why it appeared all of a sudden, but means nothing in current form. Asus is offering ExpertWiFi "professional" routers with the same data sharing agreements to Asus and Trend Micro. The moment a real professional sees it - back for refund. For home use is perhaps okay, depending on the user.
 
... Asus is offering ExpertWiFi "professional" routers with the same data sharing agreements to Asus and Trend Micro. The moment a real professional sees it - back for refund. For home use is perhaps okay, depending on the user.

Can you elaborate on what you mean?
 
Can you elaborate on what you mean?

I mean very few businesses will agree to data sharing and forced automatic firmware upgrades.

Asus ExpertWiFi products are marketed as business network solution, but in fact the same Asuswrt, AiMesh, Trend Micro, etc.


They display exactly the same data collection agreements.
 
Wasn't there a government action in the past couple of years forcing hardware providers to provide urgent security and firmware updates should an event such as a large netbot infestation (or other nefarious acts) occur?
Or have I ventured off the trail again?
 

That link defines SDN as "Self-defined Networks".. what happened to Software-define Networking. :)

OE
 
Wasn't there a government action in the past couple of years forcing hardware providers to provide urgent security and firmware updates should an event such as a large netbot infestation (or other nefarious acts) occur?
Or have I ventured off the trail again?
In the UK, yes. Or something along those lines
 
Wasn't there a government action in the past couple of years forcing hardware providers to provide urgent security and firmware updates should an event such as a large netbot infestation (or other nefarious acts) occur?
Or have I ventured off the trail again?
I'd assume either the EU or maybe Great Britain mandated it.
 
That link defines SDN as "Self-defined Networks"

This is correct. Networks have rights too.

 
Since the upgrade I'm experiencing following error:
miniupnpd[18158]: accept(http): Too many open files

It even happened than 4th CPU core had 100% load all the time because of that.

Disabling UPNP works as temporary fix.
 
Is there a bug with setting a custom DNS server? I have Adguard home on a rpi3 that isn't showing any DNS queries after I set it. Works for a few minutes then logs on Adguard home show no updates...I am on the latest stock firmware
 
There seems to be a bug with the SSID password (as least for the IoT SSID), as it strips out spaces.
 
Is there a bug with setting a custom DNS server? I have Adguard home on a rpi3 that isn't showing any DNS queries after I set it. Works for a few minutes then logs on Adguard home show no updates...I am on the latest stock firmware
Just where do you set the address for the RPI? If it is in the WAN it likely will not work. The RPI address needs to be set in LAN/DHCPServer/DNS Server 1 Yes, that means the router will be set at the client as the second DNS Server.
 
There seems to be a bug with the SSID password (as least for the IoT SSID), as it strips out spaces.
Spaces and special characters are not recommended in WIFI passphrases.
 
Spaces and special characters are not recommended in WIFI passphrases.
I understand. But 'not recommended' is not the same as 'automatically stripped out for you then you can't connect because you didn't know they were stripped out' or 'not supported'. :)

So much for using the same stuff from the old router to save config on the devices ...
 
Just where do you set the address for the RPI? If it is in the WAN it likely will not work. The RPI address needs to be set in LAN/DHCPServer/DNS Server 1 Yes, that means the router will be set at the client as the second DNS Server.
Yup it's set on lan; it might be an Adguard home issue as I see the query log is giving delayed info so seems all good on the router end
 
Is there a bug with setting a custom DNS server? I have Adguard home on a rpi3 that isn't showing any DNS queries after I set it. Works for a few minutes then logs on Adguard home show no updates...I am on the latest stock firmware
Didn't have any problem setting two Raspberry Pi Pi-Hole IP addresses in the LAN > DHCP Server > DNS and WINS Server Setting > DNS Server 1 and 2 fields. Make sure to set "Advertise router's IP in addition to user-specified DNS" to off or no.
 
Might have found some bugs on this firmware; ax86u pro hard reset and setup from scratch on this latest stock:

-2.4 GHz channel won't stick. No matter how many times I manually set and click apply the page resets but it shows auto

-Led lights don't stay off all the time. For whatever reason even if I use the hardware button to toggle and make any changes in the firmware settings the 5 GHz light LED solely ligjts up again and I have to manually toggle the led button again

-Not able to actually reboot the router either using the reboot button within the firmware settings or using the Asus app on iOS
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top