Best Firmware Combo for Primary GT-AXE1100 (Wi-Fi 6) + AP RT-AC66U_B1 (Wi-Fi 5)

[garycnew]

I think there's some confusion here over terminology. As readers of this forum would understand it an AP is not a router. A router has a WAN interface, an AP does not have a WAN interface (the WAN port is reassigned as another LAN port). An (Asus) AP can run many of the services that a router can (e.g. Samba) but it cannot run services that require it to do routing (e.g. packet filtering, NAT, QoS, etc) between the WAN and LAN interfaces, because it has no WAN interface.

When you say your AP is "routable" I suspect you simply mean it is a host device with its own local IP address, just like any other host on the LAN.

@ColinTaylor

Correct... At this point, I have only tested the Asus AP as a Host Device. However, isn't the purpose of an Asus AP to allow Client Devices to connect to it and route/bridge their traffic to the Primary Router?

Asus RT-AC66U_B1 Network Config:

# ip ad
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 00:00:bb:a8:fb:34 brd ff:ff:ff:ff:ff:ff
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 00:00:ee:6c:39:c3 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:00:3e:8d:ae:9d brd ff:ff:ff:ff:ff:ff
5: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:00:3e:8d:ae:9d brd ff:ff:ff:ff:ff:ff
7: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:00:3e:8d:ae:a1 brd ff:ff:ff:ff:ff:ff
8: vlan1@eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:00:3e:8d:ae:9d brd ff:ff:ff:ff:ff:ff
9: vlan2@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
    link/ether 00:00:3e:8d:ae:9d brd ff:ff:ff:ff:ff:ff
10: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 00:00:3e:8d:ae:9d brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.161/24 brd 192.168.0.255 scope global br0

# ip rule
0:    from all lookup local
32766:    from all lookup main
32767:    from all lookup default

The Asus RT-AC66U_B1 does show that all the ports are in vlan1. However, I suspect that this can be reconfigured on this chipset.

# robocfg showports
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:00:22:5a:07:e0
Port 1: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:00:3e:8d:ae:9d
Port 7:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 8:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00

# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.94103e8dae9d    no        vlan1
                            eth1
                            eth2

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         router01   0.0.0.0         UG    0      0        0 br0

# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
 1  router01 (192.168.0.1)  0.732 ms  0.524 ms  0.495 ms
...
 7  dns.google (8.8.8.8)  4.033 ms  3.441 ms  3.478 ms

In this case... The packets for 8.8.8.8 are routed/bridged via the default route to gateway (router01), out via the Primary Router's WAN to 8.8.8.8, and returned back to the Originating Device.

Respectfully,


Gary

P.S. The Asus RT-AC66U_B1 WebUI (in AP mode) shows the first port on the Network Map page as the WAN port. Also... I am able to manage iptables on the AP, so I should be able to create NAT policies. As I stated... Asuswrt-Merlin is a glorified Linux box.

# iptables -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 541K packets, 126M bytes)
 pkts bytes target     prot opt in     out     source               destination
   
# iptables -A OUTPUT -p udp -m multiport --dport 10000:10999 -j DROP

# iptables -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 85 packets, 31989 bytes)
 pkts bytes target     prot opt in     out     source               destination      
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 10000:10999

 

[ColinTaylor]

Routing and bridging are two different things. A router transfers packets between two different networks. The RT-AC66U_B1 is not "routing" anything. It is your gateway device (router01) that is routing. The RT-AC66U_B1 is now configured as a host and two wireless access points connected to a switch. So all the traffic can be said to be "switched".

So it doesn't matter which physical port on the RT-AC66U_B1 you connect to router01, they're all the same in AP mode.

 

[garycnew]

Routing and bridging are two different things. A router transfers packets between two different networks. The RT-AC66U_B1 is not "routing" anything. It is your gateway device (router01) that is routing. The RT-AC66U_B1 is now configured as a host and two wireless access points connected to a switch. So all the traffic can be said to be "switched".

So it doesn't matter which physical port on the RT-AC66U_B1 you connect to router01, they're all the same in AP mode.

@ColinTaylor

I agree that in default Asus AP mode, with all ports in the same vlan, a more accurate term is as a 'switched' configuration.

However, Is it impossible to assign Port 1 to a separate vlan on the Asus RT-AC66U_B1 and provide a 'routing' configuration? Add in iptables and a bit of overload NATing, etc.

I'm just saying that with Asuswrt-Merlin the Asus AP Mode isn't without routing capabilities.

Respectfully,


Gary

 

[ColinTaylor]

It is indeed possible to use robocfg etc. to separate individual ports into VLANS and networks. From there you could manually reconfigure it as a router. But AFAIK none of that was mentioned before and the result would not be what anyone here would understand to be "AP mode". AP mode is specifically what you currently have, one network interface (br0) and therefore no routing.

 

[ColinTaylor]

Update: Just seen your edit regarding iptables. Yes you can create iptables rules on the AP in just the same way as you can create firewall rules on any host device, e.g. a Windows PC.

 

[garycnew]

It is indeed possible to use robocfg etc. to separate individual ports into VLANS and networks. From there you could manually reconfigure it as a router. But AFAIK none of that was mentioned before and the result would not be what anyone here would understand to be "AP mode". AP mode is specifically what you currently have, one network interface (br0) and therefore no routing.

@ColinTaylor

You're right... Once changes to the Asus AP configuration have been made, it is no longer the default Asus AP mode.

Thank you for the correction, elaborating on the difference of Asus AP Mode, and ensuring the terminology used is accurate.

That's why you are "Part of the Furniture" and always there to set me straight.

I am simply happy that Asus AP Mode works for my needs.

Respectfully,


Gary