Menu
What's new
By:
Filters Better Search

Getting vlans to work on an RT-AC88U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

tjhastings91

New Around Here
Hardware: RT-AC88U
Firmware: 382.1_beta3

After expending a whole lot of effort, I thought I might be able to block wired IoT smart devices at the port level from being able to access the local network. After reading 24 threads on this website, I cobbled together a script that was similar to what others had created. I think only one of those threads mentioned the same router. The script commands complete successfully, but wired devices can't connect to the router.

This wan-start script is supposed to allow the device connected to port 2 to access the Internet without access to the local network.
Code: 
ip link add link eth0 name vlan20 type vlan id 20
ip addr add 192.168.20.1/24 brd 192.168.20.255 dev vlan20
ip link set dev vlan20 address 00:00:00:00:00:20
ip link set dev vlan20 up
brctl addif br0 vlan20
robocfg vlan 1 ports "0 1 3 5 7 8t"
robocfg vlan 20 ports "2t 8t"
ebtables -t broute -I BROUTING -p IPv4 -i vlan20 --ip-src 192.168.20.0/24 -j DROP
ebtables -t broute -I BROUTING -p ARP -i vlan20 --arp-ip-src 192.168.20./24 -j DROP
ebtables -I FORWARD -i vlan20 -o ! eth0 -j DROP
ebtables -I FORWARD -i ! eth0 -o vlan20 -j DROP

This dnsmasq.postconf script supports DHCP on the isolated network.
Code: 
interface=vlan20
dhcp-range=vlan20,192.168.20.2,192.168.20.254,255.255.255.0,6h
dhcp-option=vlan20,3,192.168.20.1
dhcp-option=vlan20,6,208.67.222.222

Can you see what is blocking this setup from working ?
 
Could the problem be with using the ip command instead vconfig ?

I also notice that if an IP address and MAC address is not assigned to the vlan, the brctl command will cause the router to become unresponsive.
 
@Praveen Reddy :
I have a working solution with ac88u for my network...:)
I am not too good at english,
I can provide the scripts.
I have several networks / VLans provided, including iot devices and guest network ...
and they work!:)..
various tests are still pending..
before I post publicly, give me your e-mail adress if you want ..

best regards R. Hellmann / Germany
 
PS:
there is a difference between the installed firmware versions, I have the current! merlin firmeware 384.3
 
looking for users who also want to get a lot out of the ac88u ..
 
Hi, yes i have
and I work with several guest networks ...
Sorry, the link posted is no longer valid. I compile the new scripts and then put them back to download ...
 
Thanks here1310 - the scripts worked a dream (except for assigning router guest wifi 2 to br12 which was easily modified) :). Just need to understand why my wired printer drops off the network (I'll get there).

I've looked around unsuccessfully for a reasonable robocfg reference to answer what the 'ports' syntax is; I know that "T means Tagged, U for Untagged." (Merlin), but what does this *really* do:

robocfg vlan 100 ports "1t 2u 3"
  • "1t" - stuff turning up on port 1, already tagged as vlan 100, should be accepted as vlan 100; everything else is ignored (unless picked up via another port command).
  • "2u" - stuff turning up on port 2 which is not tagged as a vlan, should be accepted as vlan 100; everything tagged with a vlan is ignored.
  • "3" - everything turning up on port 3 will be treated as vlan 100, whether tagged or not.
... how far away is this from reality?
 
sorry, I have not used these settings since the productive switch to an rt-ac86u, because the HND routers are structured differently in this regard.
may be that the settings in the guest VLan contain an error ... it was a long time ago and rummaged from the archives ...
Good luck with further studying / trying!
best regards...
 
Hi all,

I am very happy that I have found this thread.
But, could you please let me know if all LAN 8 ports are usable (speaking about AC88U) using ?
Because I know that there's no way to configure VLANs on the Realtek switch. (4 ports are on this switch)

I intend to use something like this.

Code: 
robocfg vlan 1 ports "1 2 3t 5 7 8t"
robocfg vlan 10 ports "3t 8t"

Please, should this vlan 10 work while all other LAN on Realtek usable at the same time?

Thank you very much,
amplatfus
 
It is not working in my case on AC88U.
I tried also:
Code: 
robocfg vlan 10 ports "3 8t"
With this is working but randomly, I guess because port 3 is on both VLANs. The result is:
Code: 
roocfg show
   1: vlan1: 0 1 2 3 5 7 8t
   2: vlan2: 4 8u
  10: vlan10: 3 8t

I tried also
Code: 
robocfg vlan 1 ports "1 2 5 7 8t"
robocfg vlan 10 ports "3 8t"
In this case is working, but LAN 5-8 are down, I guess because there's no way to configure VLANs on the Realtek switch.

Please if you have any ideas how to separate LAN 1 on AC88U on a separate VLAN, please share it.
Thank you so much,
amplatfus
 
Hi,

I have found this info and I think maybe it wil be helpfull:
Code: 
No robocfg?
The first problem is that robocfg is no more provided on AX88U (Broadcom’s HND platform). An alternative to robocfg on HND platform seems to be vlanctl2. However, after several hours of searching, trying and error, I believe vlanctl can only create tagged VLAN, which unfortunately can’t satisfy my need.

Source:
LAN port isolation (port-based VLAN) on ASUS RT-AX88U with Asuswrt-Merlin 384.16
Approach with Separate Bridge

LAN port isolation (port-based VLAN) on ASUS RT-AX88U with Asuswrt-Merlin 384.16

Although there is no more robocfg command on HND platform and Asuswrt-Merlin lacks GUI support on creating VLAN, port-based VLANs (or static VLAN) can still be achieved by separating ethernet interfaces into isolated bridges and applying firewall (ebtables or iptables) rules.
wu.renjie.im

All the best!
 
Last edited:
here1310 said:
sorry, I have not used these settings since the productive switch to an rt-ac86u, because the HND routers are structured differently in this regard.
may be that the settings in the guest VLan contain an error ... it was a long time ago and rummaged from the archives ...
Good luck with further studying / trying!
best regards...
Click to expand...
Hello. Could you please upload these scripts again? I would like to take a look at them. Appreciate your reply!
 
You must log in or register to reply here.

Similar threads

SeeJayEmm
AC68 intermittently VLAN tagging
Replies
8
Views
1K
drinkingbird
drinkingbird
PaulA
Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP
Replies
2
Views
1K
dacotmeister
D
bengalih
Guest Wifi changes pre/post 386.x FW
Replies
15
Views
1K
L&LD
L&LD
F
VLAN and blocking WAN access to WiFi Guest
Replies
13
Views
3K
drinkingbird
drinkingbird
HELLO_wORLD
Tutorial Adding custom SSID and specific VLAN (for IOT for example)
Replies
14
Views
2K
alexnev
A
Similar threads
Thread starter Title Forum Replies Date
L ddns is not getting new external cgnat wan ip Asuswrt-Merlin 8
F Problem getting Wireless IP address - Some Clients Asuswrt-Merlin 7
TheLyppardMan Flash Drive was getting pretty hot Asuswrt-Merlin 38
U DDNS and ipv6: eth0 not getting WAN ipv6 address. Asuswrt-Merlin 0
N Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access. Asuswrt-Merlin 3
spacemanspiff Getting a lot of Abnormal Login HTTP locks - Chrome issue? Asuswrt-Merlin 0
R Getting flooded with log entries I don't understand on my RT-AX86U Pro running 3004.388.6_2 Asuswrt-Merlin 13
R Getting rc_service log non-stop Asuswrt-Merlin 16
F VLANs on AIMesh nodes, is this feasible today? Asuswrt-Merlin 4
R Solved Help finding workarounds for a WiFi bridge repeater that doesn't support VLANs Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 919 (members: 20, guests: 899)
Top