Menu
What's new
By:
Filters Better Search

Can -Merlin do this?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

G

garyd9

Regular Contributor
I just purchased an AC3100, and already decided to return it and replace it with the AC5300 that I'll have to order amazon or something. (It's a long story.) Anyway, I'm fairly impressed with the flexibility of the asus firmware (kind of "tomato-lite" with a bunch of excessive eye candy.) I don't want to install merlin on the AC3100 when I know it'll be returned. However, there are three things I found wanting, and I'm wondering if Merlin's branch is capable of them:

1. Hiding of a "guest" wifi network. (In my case, it's not actually a "guest" network, but an alternate SSID I use for wifi devices that can't do EAP. Hiding the SSID doesn't make it more secure, but it does make wifi scans less spammy.) (I found I can do this via ssh on the asus firmware with "nvram set wl0.1_closed=1", but does merlin have the option in the actual UI?)

2. A better (real) vlan interface. Not everyone uses VLAN for IPTV. (I think I can actually work around this with scripts, so it's not really important... just a "would be nice" type thing.)

3. When configuring static DHCP addresses, I need to specify 2 MAC addresses for a couple different devices (but the IP number should be constant.) For example, I have a printer that can do ethernet or wifi. I generally keep it plugged in, but when it falls back to wifi, I'd like for its IP address to be the same.

4. Finally, I'd like the option to add custom options to the dnsmasq config file. This is especially useful for IPv6 specific dnsmasq options, or for handling corner cases in a net config. For example:
Code: 
# specify IPv6 DNS options:
dhcp-option=option6:dns-server,[fe80::100],[fe80::]

# specify the name of a MAC address without forcing a specific IP addr:
dhcp-host=aa:bb:cc:dd:ee:ff,MachineHostName
With #4, I think I can do it by modifying the dnsmasq.conf I see on the filesystem... and forcing dnsmasq to re-read it's config via script... I'm not sure about doing #3 as I don't see where the asus firmware is passing the static dhcp assignments to dnsmasq..

Thank you
Gary
 
garyd9 said:
2. A better (real) vlan interface. Not everyone uses VLAN for IPTV. (I think I can actually work around this with scripts, so it's not really important... just a "would be nice" type thing.)
Click to expand...
this option i would like to have also...if you have working script post it here with tutorial how to....


sent from Kodi 17 Krypton
 
garyd9 said:
2. A better (real) vlan interface. Not everyone uses VLAN for IPTV. (I think I can actually work around this with scripts, so it's not really important... just a "would be nice" type thing.)
Click to expand...

Was just talking with a family member about VLAN's and Guest Networks - he's moving his RT-AC3200 from being the primary router/AP to just being an AP only, but his use case is similar to OP's, where the Guest SSID is supporting devices that can't do WPA2 (they do support WPA/TKIP, but he wants them over on the alternate SSID).

Doing some thinking about this - it might be possible - I know that Airport's can support Guest SSID in AP/Bridge mode, as they VLAN it out to 1003, but I'm not seeing an easy way of supporting something similar on AsusWRT (he's running RMerlin's build on my advice, ftw!).

This seems to be kind of a constant question on the sub-forums here - I don't have an Asus router handy to play with, and I'm super reluctant to use his as a guinea pig to experiment with.

It should be doable - this is basic linux networking afterall, and we know that the SDK does support some level of VLAN support...

Any takers?
 
I have never tried this so I can't tell you the exact commands, but it should be possible to create a linux shell script on the Merlin jffs that runs at startup and assigns the desired vlans to the ports you want. I know the hardware supports it for IPTV and Duel WAN, so there should be no reason you couldn't do the same thing or arbitrary use. Your biggest problem is likely going to be that you would have no GUI support for the other VLAN, so you would need to set everything up via scripts, including NAT, port forwarding and Firewall.

If your plan is to have an isolated VLAN that your devices can access but has no internet access, then it is probably doable. If you want 2 VLANs that each have full access to the router's features, then it is probably a lot more trouble than it is worth. If you really need this, you might want to consider a small business router, the Cisco 891W would do it for sure, but you can probably find cheaper devices that meet your needs.
 
In regards to vlans, one objective I have is to have my cable modem connected to my managed switch (port 2, untagged vlan 90), and then a single ethernet cable connecting the switch (port 1, TAGGED vlan 80, TAGGED vlan 90, VID 80) to the router. All the other switch ports (unless I had some special need) would be untagged vlan 80.

On the router, there would be a single port used tagged for vlan 80 and vlan 90.

All WAN traffic would move, untagged, to port 2 of the switch, get tagged to vlan 90, and head to the router as vlan90. The router would see vlan90 as it's WAN port, deal with it as if it was a normal WAN port. Instead of having 4 "LAN" jacks, it would use the same physical jack as WAN traffic, but tagged as vlan80. That would head back to the switch, and be forwarded out to all the other switch ports (which are untagged vlan80.)

The end result of all this would be that I could keep my switch and cable modem tucked away in my basement, but have the router (which is also my wifi AP) in a more central location.... and only have a SINGLE ethernet wire connecting them.

(Sure, I could do this without vlan's if I wanted to use 2 ethernet cables, but where's the fun in that? If I wanted to use the thing the way it was designed to be used, I'd have bought a linksys.)

EDIT: After posting this, I got the message "This message is awaiting moderator approval, and is invisible to normal visitors." Is that normal for new users when replying here, or did I get myself in trouble after only a single post on here?
 
Stephen Becker said:
If you want 2 VLANs that each have full access to the router's features, then it is probably a lot more trouble than it is worth. If you really need this, you might want to consider a small business router, the Cisco 891W would do it for sure, but you can probably find cheaper devices that meet your needs.
Click to expand...

I was thinking maybe a managed switch in the middle perhaps - there the VLAN's can be built, as complicated as can be, and then simplify things on the primary as a couple of VLAN's, which AsusWRT claims to be capable of...
 
Yes, so then you would need to setup a trunk port to connect to the managed switch. The problem is that each VLAN is still its own subnet, and the router is not going to route those subnets without manual work.
 
I have a "needs moderation" reply that describes one of my end-goals with the vlan...

MODS, not sure why that post was flagged, but it REALLY breaks up the flow of the thread when replies keep coming without a missing and critical piece of the thread.
 
garyd9 said:
I have a "needs moderation" reply that describes one of my end-goals with the vlan...

MODS, not sure why that post was flagged, but it REALLY breaks up the flow of the thread when replies keep coming without a missing and critical piece of the thread.
Click to expand...

It's the forums antispam filter that flags messages based on specific keywords (no idea what the keyword list is, sorry). Tim or myself have to approve those suspicious messages.
 
garyd9 said:
1. Hiding of a "guest" wifi network. (In my case, it's not actually a "guest" network, but an alternate SSID I use for wifi devices that can't do EAP. Hiding the SSID doesn't make it more secure, but it does make wifi scans less spammy.) (I found I can do this via ssh on the asus firmware with "nvram set wl0.1_closed=1", but does merlin have the option in the actual UI?)
Click to expand...

No additional webui setting for it. If it works, you can manually set it through SSH (don't forget to write it back with "nvram commit").

garyd9 said:
2. A better (real) vlan interface.
Click to expand...

This is something Asus started implementing a few months ago, but looks like it's not finalized yet.

Implementing it is a bit tricky, as some models (such as the RT-AC88U) use two different network switches,with completely different (not publicly documented) APIs.

garyd9 said:
3. When configuring static DHCP addresses, I need to specify 2 MAC addresses for a couple different devices (but the IP number should be constant.)
Click to expand...

I don't allow it because it can lead to hard-to-find problems - it's generally bad practice to do such a thing. The router's DHCP server has no way of knowing if the first MAC is already using the IP on the LAN, so it can create a networking conflict. However you can still do it by customizing the dnsmasq config file, however it can cause networking issues. Moving an IP between two different MACs will confuse any existing network switch, and would require their ARP cache to be flushed to allow the switch to be aware that the IP is now associated with a different MAC.

garyd9 said:
4. Finally, I'd like the option to add custom options to the dnsmasq config file.
Click to expand...

See the documentation on how to customize numerous config files used by the router:

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files
 
RMerlin said:
I don't allow it because it can lead to hard-to-find problems - it's generally bad practice to do such a thing. The router's DHCP server has no way of knowing if the first MAC is already using the IP on the LAN, so it can create a networking conflict. However you can still do it by customizing the dnsmasq config file, however it can cause networking issues. Moving an IP between two different MACs will confuse any existing network switch, and would require their ARP cache to be flushed to allow the switch to be aware that the IP is now associated with a different MAC.
Click to expand...

That's too bad!
I was using this feature on my former Tomato by Shibby router.
 
You must log in or register to reply here.

Similar threads

X
AX68U rebooting randomly
Replies
19
Views
831
xusco
X
RMerlin
Release Asuswrt-Merlin 3006.102.1 is now available for Wifi 7 devices
4 5 6
Replies
106
Views
17K
jksmurf
J
RMerlin
  • Locked
Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices
2 3 4
Replies
70
Views
12K
RMerlin
RMerlin
saison2023
Any way to diagnose further these dnsmasq restart events?
Replies
5
Views
762
saison2023
saison2023
N
RT-AX86U-Pro, WAN disconnect every 36 hours
2
Replies
25
Views
2K
Nick24
N
Similar threads
Thread starter Title Forum Replies Date
G RT-AC2900 supported by Merlin firmware? Asuswrt-Merlin 9
kaotic2499 Please add Asuswrt-merlin to GT-BE98 (Non-pro) version Asuswrt-Merlin 22
RMerlin Release Asuswrt-Merlin 3004.388.8_4 is now available Asuswrt-Merlin 95
D L2TP client on ax88U pro running latest merlin firmware how to add device Asuswrt-Merlin 0
H RT-AX88U Merlin Parental Control not working Asuswrt-Merlin 3
A Duckdns on Asus merlin router Asuswrt-Merlin 1
P Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware Asuswrt-Merlin 9
M RT-AX86U Pro - Merlin: can't get p2p cameras available to wan. Asuswrt-Merlin 4
RMerlin Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices Asuswrt-Merlin 74
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,110 (members: 36, guests: 1,074)
Top