Tested on RT-AC86U(asus-wrt 3.0.0.4.386_51955) and RT-AX53U(asus-wrt 3.0.0.4.386_69086) both factory reset for good measure and simply connected to dynamic IP from modem.
The first red flag that comes up is that, immediatly after activating the respective first 2.4ghz and 5ghz guest networks with Access Intranet disabled, one can successfully ping 192.169.101.1 and 192.169.102.1 from the main network(192.168.1.0/24) via a wired connection. Either I'm misunderstanding VLANs or this should not be the case as clients of VLAN1 have no business talking to the gateways for VLAN501 and VLAN502.
Second, after following the excellent guide on this forum, devices connected to ports I assign to VLAN501/502(e.g. PVID 501, 501 untagged) on a managed switch are getting served the proper subnets, their internet works etc. However, I can successfully communicate with them from 192.168.1.0/24 wired either to said switch(PVID 1, 1 untagged) or directly to router. Now, seeing as subnet masking should not allow this, I'm thinking that the router is actively routing traffic between 192.168.1.0/24 and 192.169.101.0/24 and 192.169.102.0/24. Sidenote: figuring that this is a routing issue, I tried blocking said traffic via Network Services Filter, but that had no effect.
Third, and this may or may not be related: when first connecting a device to any guest network(be it one of the VLAN based ones or the secondary ones, which I gather are firewall based) it gets detected as a new device on the network by my AV suite network inspector. After that first connection, isolation seems to work as one cannot communicate with guest devices. Seems odd though that they would "leak" to the main network for a brief period.
I really don't know what's going on here. Maybe it's faulty asus-wrt firmware(both are on that nov '24 emergency update that Asus released for a lot of routers, including ones that are EOL like my RT-AC86U). Or perhaps I'm misunderstanding VLANs, as I've never messed with them or managed switches before.
Can anyone with an asus-wrt 3.0.0.4.386 router please test my findings if you have the time and inclination? Thank you!
The first red flag that comes up is that, immediatly after activating the respective first 2.4ghz and 5ghz guest networks with Access Intranet disabled, one can successfully ping 192.169.101.1 and 192.169.102.1 from the main network(192.168.1.0/24) via a wired connection. Either I'm misunderstanding VLANs or this should not be the case as clients of VLAN1 have no business talking to the gateways for VLAN501 and VLAN502.
Second, after following the excellent guide on this forum, devices connected to ports I assign to VLAN501/502(e.g. PVID 501, 501 untagged) on a managed switch are getting served the proper subnets, their internet works etc. However, I can successfully communicate with them from 192.168.1.0/24 wired either to said switch(PVID 1, 1 untagged) or directly to router. Now, seeing as subnet masking should not allow this, I'm thinking that the router is actively routing traffic between 192.168.1.0/24 and 192.169.101.0/24 and 192.169.102.0/24. Sidenote: figuring that this is a routing issue, I tried blocking said traffic via Network Services Filter, but that had no effect.
Third, and this may or may not be related: when first connecting a device to any guest network(be it one of the VLAN based ones or the secondary ones, which I gather are firewall based) it gets detected as a new device on the network by my AV suite network inspector. After that first connection, isolation seems to work as one cannot communicate with guest devices. Seems odd though that they would "leak" to the main network for a brief period.
I really don't know what's going on here. Maybe it's faulty asus-wrt firmware(both are on that nov '24 emergency update that Asus released for a lot of routers, including ones that are EOL like my RT-AC86U). Or perhaps I'm misunderstanding VLANs, as I've never messed with them or managed switches before.
Can anyone with an asus-wrt 3.0.0.4.386 router please test my findings if you have the time and inclination? Thank you!
