Connecting 2 VLANS for 2 Guest Wifi

[grifo]

No, the first script on your OP is a separate one and needs to be in jffs to be run at boot, create it and call it services-start. Then create the 2 more called service-event-end and bridge-reset, this will be run only when the wireless gets restarted so it doesn't need the robocfg/vconfig/ifconfig lines.

 

[WifiGhost]

No, the first script on your OP is a separate one and needs to be in jffs to be run at boot, create it and call it services-start. Then create the 2 more called service-event-end and bridge-reset, this will be run only when the wireless gets restarted so it doesn't need the robocfg/vconfig/ifconfig lines.

Got it, just finished editing the ones you posted to match my AP

So I will run the OP script once and then save it as service-start in jffs
Also will add 2 new scripts service-event-end which is a copy of what you posted
Here is the script I will add to jffs called bridge-reset:

#!/bin/sh
brctl delif br0 wl0.1
brctl addif br1 wl0.1
brctl delif br0 wl0.2
brctl addif br2 wl0.2

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"

nvram set lan1_ifnames="vlan5 wl0.1"
nvram set lan1_ifname="br1"

nvram set lan2_ifnames="vlan6 wl0.2"
nvram set lan2_ifname="br2"

nvram commit

killall eapd
eapd

My only question is do I need these lines in bridge-reset?
nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"

I ask as when I ran ifconfig I saw no eth2, only 0 and 1

Appreciate the help and your patience with a system I have never had to dig into before, wish I've done it sooner so I could have had vlans when i wanted them over a year ago

 

[ColinTaylor]

BTW on your updated script on the OP you still have the wifi interfaces mistyped as w10.1 and w10.2 instead of wl0.1 and wl0.2 as pointed out by Colin earlier, it's worth fixing that to avoid them ending up on your live script.

@WifiGhost You've still got these typo's even in your latest post. I'm curious as to why you're having this problem as none of the sources you're copying from have them mistyped. And whilst to a human "l" and "1" are visually similar they are completely different characters to a computer (which would seem to rule out a copy and paste issue).

 

[WifiGhost]

@WifiGhost You've still got these typo's even in your latest post. I'm curious as to why you're having this problem as none of the sources you're copying from have them mistyped. And whilst to a human "l" and "1" are visually similar they are completely different characters to a computer (which would seem to rule out a copy and paste issue).

It has been fixed directly on my computer so no need to worry, anything on here is just to verify the wonderful help Grifo has given me.

 

[WifiGhost]

@WifiGhost You've still got these typo's even in your latest post. I'm curious as to why you're having this problem as none of the sources you're copying from have them mistyped. And whilst to a human "l" and "1" are visually similar they are completely different characters to a computer (which would seem to rule out a copy and paste issue).

I just went through the thread and checked all my post so you can stop posting "typo" posts.

 

[WifiGhost]

No, the first script on your OP is a separate one and needs to be in jffs to be run at boot, create it and call it services-start. Then create the 2 more called service-event-end and bridge-reset, this will be run only when the wireless gets restarted so it doesn't need the robocfg/vconfig/ifconfig lines.

I was looking at the output to brctl show again and saw that for br0 I show only these interfaces(directly copied and pasted from SSH client):
vlan1
eth1
wl0.1
wl0.2

I updated the bridge reset line from:
nvram set lan_ifnames="vlan1 eth1 eth2"
to
nvram set lan_ifnames="vlan1 eth0 eth1"

I add eth0 since it shows traffic under ifconfig, but not sure to add it since it does not show under brctl show.

I will await your confirmation so I dont cause a weird issue by accident.

 

[grifo]

eth0 refers to the WAN interface so you shouldn't add it there. eth2 I think it's specific to the AC68U that the original script on that thread was based on, so you can take it off, I've just taken it off mine too.

EDIT: I forgot you're running in AP mode so that may be different, not sure, the AC68U on that old post was also running in AP mode and didn't have eth0 on the script either, eth0 exists on the AC68U also. Anyways do some tests and don't worry you won't break anything.

 

[WifiGhost]

I did some research and found the article below so maybe I need eth2 as ifconfig shows eth0 and eth1, and then per the article listed below I ran the following:

#nvram get lan_ifnames
vlan1 eth1 wifi0 wl0.1 wl0.2

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.38d20              yes             vlan1
                                                       eth1
                                                       wl0.1
                                                       wl0.2

Article: https://wiki.dd-wrt.com/wiki/index.php/Enabling_VLAN_Support_for_BCM4704#Configure_the_LAN_Bridge

So since I see lan_ifnames has eth1 and so does brctl and the article says eth0 will no longer be usable after the changes, I am assuming in AP it uses eth1 so that will become unusable, BUT does not say if there is a diff between AP and Router mode I think eth2 on that one line with vlan1. I guess worse case I can rerun that one command " nvram set lan_ifnames="vlan1 eth2" " without eth2. Have all the scripts saved and named so excited I am close to giving this a whirl.

 

[WifiGhost]

eth0 refers to the WAN interface so you shouldn't add it there. eth2 I think it's specific to the AC68U that the original script on that thread was based on, so you can take it off, I've just taken it off mine too.

EDIT: I forgot you're running in AP mode so that may be different, not sure, the AC68U on that old post was also running in AP mode and didn't have eth0 on the script either, eth0 exists on the AC68U also. Anyways do some tests and don't worry you won't break anything.

About to run this for the first time, been sick for most of the week so just been sleeping, when I run services-start before putting it into scripts, the orig scipt has lan_ifnames while mine does not, if you look above you can see 0.1, 0.2 is part of lan_ifnames so do I need to set that as well?

Edit: services start only has ifnames for lan1 and lan2 which if I remember per all our messages I will run once then put into scripts, while bridge-reset has all 3

 

[grifo]

No need to run the script once manually, just create the scripts in /jffs/scripts/, make them executable with chmod a+rx /jffs/scripts/* and then reboot the AC87U so you can confirm that your services-start script does run correctly at boot and you're seeing the vlans and the bridges the way you want them to be.

Then configure your other box to match and test the guest wlans with your PC. If they work as expected make some changes to the radios like change the channel number or turn one of the guest wlans off and on and then check that the guest wifi interfaces have been reassigned to the correct bridges, to prove that the service-event-end script is working.

I have lan_ifnames for all 3 on both my scripts.

 

[WifiGhost]

No need to run the script once manually, just create the scripts in /jffs/scripts/, make them executable with chmod a+rx /jffs/scripts/* and then reboot the AC87U so you can confirm that your services-start script does run correctly at boot and you're seeing the vlans and the bridges the way you want them to be.

Then configure your other box to match and test the guest wlans with your PC. If they work as expected make some changes to the radios like change the channel number or turn one of the guest wlans off and on and then check that the guest wifi interfaces have been reassigned to the correct bridges, to prove that the service-event-end script is working.

I have lan_ifnames for all 3 on both my scripts.

I added it back to services, sadly the firwewall has had VLANS setup for over a year, since when I ran that command above per the article and got to see what the current lan_ifnames where I decided to add wifi0 to it and see how that does, I am guessing its the main wifi since I only see the 2 guest nets.

 

[WifiGhost]

NVM I removed wifi0 after going through that post again and seeing no one else adding anything else other then vlan1, eth1, and eth2 so I will start with that.

EDIT: first reboot nothing actually ran, setting permissions again and rebooting

EDIT2: just remembered why they didnt run, admin setting

EDIT3: After 2 more tries nothing changes, have the scripts in /jffs/scripts, just names and no .sh at the end, enabled in admin menu to allow custom scripts and configs and none of them run

EDIT4: Went over the logs and they did run, but when running manually get errors about the vlan numbers being invalid and other errors about commands

EDIT5: To test the commands I ran the ones for one of the vlans and no issues, running the script gives errors so no idea why I can do one and not the other

EDIT6: issue solved and now just some testing to do

 

[WifiGhost]

No need to run the script once manually, just create the scripts in /jffs/scripts/, make them executable with chmod a+rx /jffs/scripts/* and then reboot the AC87U so you can confirm that your services-start script does run correctly at boot and you're seeing the vlans and the bridges the way you want them to be.

Then configure your other box to match and test the guest wlans with your PC. If they work as expected make some changes to the radios like change the channel number or turn one of the guest wlans off and on and then check that the guest wifi interfaces have been reassigned to the correct bridges, to prove that the service-event-end script is working.

I have lan_ifnames for all 3 on both my scripts.

Current issue is devices connecting to guest wifi cannot pull an IP, I actually see no request in the logs, when a smart plug connecting to the main wifi I saw that request just non from the guest wifi, what is the WAN port number?

 

[WifiGhost]

I made progress and can now see the DHCP requests and responsese, but device is still not accepting the IP being offererd from what I can see in the logs, device connects and auths, DHCP sees the device, DHCP offers an IP(tried static as well), but device just says "obtaining IP address".

Oh and while working on this I was able to actually break everything, I tested tagging different ports and somehow a port got tagged with the VLAN being tested and caused all devices to disconnect and could not reconnect. Since the scripts were there I just rebooted since I like to upgrade/work on my ASUS via cable and it returned back to its original state from earlier.

 

[grifo]

Are you sure you're running your AC87U in AP mode and not in router mode? Could you post the output of robocfg show and brctl show after a reboot?

 

[WifiGhost]

Are you sure you're running your AC87U in AP mode and not in router mode? Could you post the output of robocfg show and brctl show after a reboot?

So at this point I can see the requests, but after more testing last night I saw a slight difference when using any device to connect to the guest I am testing then back to the main wifi where both show log entries for DISCOVER and OFFER, but when the device connects to the main wifi I see one more REQUEST. The device is not doing a request, brctl and robocgf show good, I think its the DHCP server unless you think otherwise. Here is what you requested.

bridge name     bridge id               STP enabled     interfaces
br0             8000.38d                yes             vlan1
                                                        eth1
br1             8000.38d                no              wl0.1
                                                        vlan200
br2             8000.38d                no              wl0.2
                                                        vlan100

Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 1 jumbo: off mac:
Port 1:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac:
Port 7: 1000FD enabled stp: none vlan: 1 jumbo: off mac:
Port 8: 1000FD enabled stp: none vlan: 1 jumbo: off mac:
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 0 1 2 3 5 8t
   2: vlan2: 8t
  200: vlan200: 0t
  100: vlan100: 0t
1045: vlan1045: 1t 2t 3t 5
1046: vlan1046: 4t 7
1047: vlan1047: 2t 4 8u
1099: vlan1099: 1 3t 5 7t
1100: vlan1100: 1t 2t 8u
1101: vlan1101: 0 1t 8t
1102: vlan1102: 7
1103: vlan1103: 0t 4t

I am curious why my 0t is showing under vlan1103.

 

[WifiGhost]

Found this great article about using brctl and example commands, figure i post it in case it helps someone:
https://www.thegeekstuff.com/2017/06/brctl-bridge/

 

[WifiGhost]

Are you sure you're running your AC87U in AP mode and not in router mode? Could you post the output of robocfg show and brctl show after a reboot?

After some reading and reading and then a quick test, BAM success with the first new tweak! I thought I would have to try a few. I will let you know once I confirm it works on both guest nets.

 

[grifo]

Looking at the robocfg show command, the CPU port (port 8) doesn't have the new vlans configured on it, so the robocfg commands should be:

robocfg vlan 100 ports "0t 8t"
robocfg vlan 200 ports "0t 8t"

and not have "0t" only as I wrote a few posts back, I overlooked this as I adapted my script running in router mode to yours in AP mode.

As you wrote it's working now I guess you've already figured it out.

 

[WifiGhost]

Looking at the robocfg show command, the CPU port (port 8) doesn't have the new vlans configured on it, so the robocfg commands should be:

robocfg vlan 100 ports "0t 8t"
robocfg vlan 200 ports "0t 8t"

and not have "0t" only as I wrote a few posts back, I overlooked this as I adapted my script running in router mode to yours in AP mode.

As you wrote it's working now I guess you've already figured it out.

I tried 7t per a post I found about guest nets and 87U and looked at their script and it worked, i thought I would have to try a couple but 7 works.