Does aimesh use a tagged VLAN for wired backhaul?

[jea101]

While setting up aimesh I found that a smart switch blocks the wired connection between the node and
the main router. Does this connection use a tagged VLAN? If it is using a tagged VLAN what is the VLAN ID/number?

I did find that in another post that guest SSID apparently use IDs 501, 502 and 503.

 

[OzarkEdge]

While setting up aimesh I found that a smart switch blocks the wired connection between the node and
the main router. Does this connection use a tagged VLAN? If it is using a tagged VLAN what is the VLAN ID/number?

I did find that in another post that guest SSID apparently use IDs 501, 502 and 503.

This is not common knowledge. Some switches can interfere... a simple switch may not.

OE

 

[bbunge]

While setting up aimesh I found that a smart switch blocks the wired connection between the node and
the main router. Does this connection use a tagged VLAN? If it is using a tagged VLAN what is the VLAN ID/number?

I did find that in another post that guest SSID apparently use IDs 501, 502 and 503.

The 501, 502 and 503 are the VLANs for the guest networks. They are used regardless of WIFI or Ethernet backhaul.

Oops! Since there is only one guest propagated to the nodes there should only be two VLANs. Others may have a better answer.

 

[OzarkEdge]

The 501, 502 and 503 are the VLANs for the guest networks. They are used regardless of WIFI or Ethernet backhaul.

Oops! Since there is only one guest propagated to the nodes there should only be two VLANs. Others may have a better answer.

Perhaps for guest1 2.4, 5-1, and 5-2; or 2.4, 5.0, and 6.0 (?).

OE

 

[jea101]

The fact that someone found 501, 502 and 503 are used for guest suggests/implies they are using Ethernet backhaul through a smart/managed switch.
Running the backhaul through a smart switch is the problem I am trying to solve.
Running a cable across the floor, down the stairwell and across the floor again is not an acceptable long term solution.

 

[bbunge]

The fact that someone found 501, 502 and 503 are used for guest suggests/implies they are using Ethernet backhaul through a smart/managed switch.
Running the backhaul through a smart switch is the problem I am trying to solve.
Running a cable across the floor, down the stairwell and across the floor again is not an acceptable long term solution.

Partly true. I believe someone has used the Asus Guest VLAN through a managed switch. I tried for several months and failed then I moved on to other adventures.
If you read my prior post you will see that I stated the Asus VLANs were used for WIFI or Ethernet backhaul. Not just Ethernet alone.

 

[OzarkEdge]

The fact that someone found 501, 502 and 503 are used for guest suggests/implies they are using Ethernet backhaul through a smart/managed switch.
Running the backhaul through a smart switch is the problem I am trying to solve.
Running a cable across the floor, down the stairwell and across the floor again is not an acceptable long term solution.

Maybe this FAQ suggests some things to try.

[AiMesh] How to set up ASUS AiMesh or ZenWiFi Mesh Ethernet backhaul under different conditions ? (Advanced setup with network switch) | Official Support | ASUS Global

OE

 

[jea101]

I have found that what appeared to be a smart switch problem was actually related to trying to use an AC1900P with an AC66U_B1.
Aimesh only uses VLAN tags for the guest network
After I setup Aimesh between two AC1900Ps using an Ethernet cable I was able to connect the node through smart switches.
If not using guest network all you need is two switch ports marked as untagged in the same VLAN (I used VLAN ID 14).
For the guest network to work you must add VLAN 501 and 502 to each switch and mark the Aimesh as tagged in 501 and 502 and untagged in an something other than 501 or 502.
My configuration
Aimesh router (master) "LAN" switch port untagged in 14 and tagged in 501 and 502.
Aimesh node "WAN" switch port untagged in 14 and tagged in 501 and 502.

I am actually connecting through four smart switches with a MOCA 2.5 link between two of the switches.

Router robocfg show

admin@RT-AC1900P-57C8:/tmp/home/root# robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 2 jumbo: off mac: 74:ac:b9:a4:df:f9
Port 1: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 9c:fc:e8:f1:99:bf
Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 5: 1000FD enabled stp: none vlan: 2 jumbo: off mac: b0:6e:bf:32:57:c8
Port 7:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 8:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 1 2 3 4 5t
   2: vlan2: 0 5
 501: vlan501: 1t 2t 3t 4t 5t
 502: vlan502: 1t 2t 3t 4t 5t
admin@RT-AC1900P-57C8:/tmp/home/root#

Node robocfg show

admin@RT-AC1900P-2480:/tmp/home/root# robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 2 jumbo: off mac: b0:6e:bf:32:57:c8
Port 1:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 9c:fc:e8:f1:99:bf
Port 7:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 8:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 1 2 3 4 5t
   2: vlan2: 0 5t
 501: vlan501: 0t 1t 2t 3t 4t 5t
 502: vlan502: 0t 1t 2t 3t 4t 5t
admin@RT-AC1900P-2480:/tmp/home/root#

 

[truglodite]

Yesterday I spend some time setting up aimesh between my ax86u and ac86u, and noticed it won't work through my hp smart switch. Fortunately I have structured wiring so it was easy for me to make a direct connection, but learning how to configure vlans on my router with robocfg has been a long time goal for me. So I'm watching this thread...

 

[SirusTheVirus]

I have actually got this running. But only needing 1 vlan for guests.

Asus router does guest 2.4ghz on vlan501. I tagged ports on my managed switch where the Asus connects and where I have 2 ubiquiti ap's connected.

I then setup exactly the same ssid on my ubiquiti ap's as my Asus guest and set it to use vlan501. Works perfectly. So I have a complete solution with separate ap's with an ssid for guest users on vlan501 across all devices (different vendors).

And all this was achieved without touching the cli where the commands starts getting messy.

And when I had the managed switch with aimesh, the guest network wouldn't work on the node unless I tagged it on the managed switch.

 

[jaboda]

Thanks for all the tips on this thread - I also got our AiMesh working with a couple of Smart Switches connected together.
We're using one guest network so the trick is to add VLAN 501 as a tagged VLAN to the relevant ports.

You can see what VLANs are needed on the stock firmware by running 'brctl show' in SSH/Telnet.

 

[woodward98]

I have found that what appeared to be a smart switch problem was actually related to trying to use an AC1900P with an AC66U_B1.
Aimesh only uses VLAN tags for the guest network
After I setup Aimesh between two AC1900Ps using an Ethernet cable I was able to connect the node through smart switches.
If not using guest network all you need is two switch ports marked as untagged in the same VLAN (I used VLAN ID 14).
For the guest network to work you must add VLAN 501 and 502 to each switch and mark the Aimesh as tagged in 501 and 502 and untagged in an something other than 501 or 502.
My configuration
Aimesh router (master) "LAN" switch port untagged in 14 and tagged in 501 and 502.
Aimesh node "WAN" switch port untagged in 14 and tagged in 501 and 502.

I am actually connecting through four smart switches with a MOCA 2.5 link between two of the switches.

Router robocfg show

admin@RT-AC1900P-57C8:/tmp/home/root# robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 2 jumbo: off mac: 74:ac:b9:a4:df:f9
Port 1: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 9c:fc:e8:f1:99:bf
Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 5: 1000FD enabled stp: none vlan: 2 jumbo: off mac: b0:6e:bf:32:57:c8
Port 7:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 8:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 1 2 3 4 5t
   2: vlan2: 0 5
501: vlan501: 1t 2t 3t 4t 5t
502: vlan502: 1t 2t 3t 4t 5t
admin@RT-AC1900P-57C8:/tmp/home/root#

Node robocfg show

admin@RT-AC1900P-2480:/tmp/home/root# robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 2 jumbo: off mac: b0:6e:bf:32:57:c8
Port 1:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 9c:fc:e8:f1:99:bf
Port 7:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 8:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 1 2 3 4 5t
   2: vlan2: 0 5t
501: vlan501: 0t 1t 2t 3t 4t 5t
502: vlan502: 0t 1t 2t 3t 4t 5t
admin@RT-AC1900P-2480:/tmp/home/root#

Thank you so much. I spent like 10 hours on this and finally got it working. Without your post, I would have had to buy a new switch. I configured it similar to what you did, although I might have added needless VLANs. Many people simply said that AiMesh won't work with a managed switch.

System: ASUS GT-AX11000, XT-8 AiMesh Nodes, Netgear GS324TP POE Managed switch for cameras, Ring, etc. All brought down to the cabinet in the basement. It's a cool basement and the temps are fine even in summer. The AiMesh nodes are Wired Backhaul (only).

I'm using the latest ASUS Firmware from the company. (Not Merlin)

I had to create 5 VLANs:
Three Tagged VLANs (IDs 501, 502, and 503) for the three Guest wireless bands (2.4Ghz, 5Ghz-1, and 5Ghz-2). The wireless backhaul is OFF because my system is wired.
One Untagged VLAN (ID 14 like you chose) for the AiMesh to talk to itself on the wired backhaul
One Untagged VLAN (ID 1) with everything on it for the Main wireless, Guest, and wired networks to talk to each other. (Unnecessary?) I couldn't get the Guest Networks to use the mesh otherwise.

Thanks!

 

[drinkingbird]

Thank you so much. I spent like 10 hours on this and finally got it working. Without your post, I would have had to buy a new switch. I configured it similar to what you did, although I might have added needless VLANs. Many people simply said that AiMesh won't work with a managed switch.

System: ASUS GT-AX11000, XT-8 AiMesh Nodes, Netgear GS324TP POE Managed switch for cameras, Ring, etc. All brought down to the cabinet in the basement. It's a cool basement and the temps are fine even in summer. The AiMesh nodes are Wired Backhaul (only).

I'm using the latest ASUS Firmware from the company. (Not Merlin)

I had to create 5 VLANs:
Three Tagged VLANs (IDs 501, 502, and 503) for the three Guest wireless bands (2.4Ghz, 5Ghz-1, and 5Ghz-2). The wireless backhaul is OFF because my system is wired.
One Untagged VLAN (ID 14 like you chose) for the AiMesh to talk to itself on the wired backhaul
One Untagged VLAN (ID 1) with everything on it for the Main wireless, Guest, and wired networks to talk to each other. (Unnecessary?) I couldn't get the Guest Networks to use the mesh otherwise.

Thanks!

If you have two untagged VLANs on one port, one is doing nothing. On the netgear switch, whatever vlan you have set as the PVID on the port is the one that is being used. The other is doing nothing.

The reason stuff wasn't working until you added VLAN 1 back in is likely because you had the port set to PVID 1, but did not have that VLAN allowed on the trunk. If you change the PVID to 14 you could remove 1, or you can leave it at 1 and remove 14.

1 untagged and 501/502 tagged (possibly 503 tagged on some setups) should be all you need. PVID of all ports in the path should be 1.

Note that you can now put other switch ports in 501/502/503 UNtagged (and matching 501/502/503 PVID) and they will be guest wired ports without access to your main LAN. They will fall into the subnet of the corresponding guest wireless.

 

[woodward98]

Whoa. Thanks. When I have a chance to sit down and try all this, I’ll report back to you. I clearly have no idea what I’m doing and probably just got it to work by accident. I honestly scoured the web for my “solution” and figured that there was probably a better configuration. I know nothing about network VLANS, tagging ID, and switch management. I’m a pediatric anesthesiologist and my one network administrator friend (a top tier network manager / super user at a huge company) couldn’t help cause his dad got sick. Thanks so much. I’ll get back to you with the update asap.

I bet these posts will help others with the same issues.

 

[Bschmabo]

While setting up aimesh I found that a smart switch blocks the wired connection between the node and
the main router. Does this connection use a tagged VLAN? If it is using a tagged VLAN what is the VLAN ID/number?

I was able to get AIMesh working with an Aruba InstantOn 1930 48-port POE managed switch. The issue is some sloppy code in Asus’s router software, but which can be worked around as follows (with steps 4/5 depending on whether you will use all wired backhaul, or a combination of wired and wireless backhaul):

1. Create a VLAN on the switch that includes all ports you will use for the Ethernet backhaul, with those ports UNTAGGED. I used default VLAN 1 for this.

2. Connect the Asus router via Ethernet from a switch port on VLAN 1 to a LAN port on the router.

3. Connect the Asus wired nodes via Ethernet from a switch port on VLAN 1 to each node’s 2.5G WAN port.

4. (Only if all nodes wired): If ALL your Asus nodes are connected via Ethernet, go to the ASUS router web portal, navigate to General>AIMesh>System Settings>Ethernet Backhaul Mode, and check the enable toggle switch. Once enabled, you are done, and all nodes should now recognize the Ethernet backhaul. Wallah!

5. (Some nodes wired, some nodes wireless): If ANY of your Asus nodes will use wireless backhaul, the Ethernet Backhaul Mode toggle will be greyed out by Asus’s software. Instead, you have to manually set the Backhaul Connection Priority for each node. For each node, go to the ASUS router web portal, navigate to General>AIMesh>Topology>Node Name>Management>Backhaul Connection Priority. For each Ethernet backhaul node, set the priority to “2.5G WAN first.” For each wireless backhaul node, set the priority to either “6GHz WiFi first,” “5GHz WiFi first,” or “Auto.” Done.

Ultimately, the problem is Asus’s “Auto” Backhaul Connection Priority setting. If a node’s priority is “Auto,” it will correctly default to Ethernet backhaul when connected directly to the router or through an unmanaged switch. However, the “Auto” setting will incorrectly default to wireless backhaul when the Ethernet connection is through a managed switch’s VLAN. The Asus router and nodes can still see the Ethernet connection through the VLAN, but the “Auto” setting incorrectly prioritizes wireless backhaul instead. Asus could likely fix this with a few lines of code. But until they patch this, do not use the “Auto” setting for any nodes connected to a managed switch. Either enable the Ethernet Backhaul Mode (all nodes wired), or set the connection priority for each wired node to explicitly prioritize your Ethernet connection (2.5G WAN) first.