identifying AC87 interfaces

[watusi]

I am having a heck of a time figuring out what interface is what on the AC87. I want to monitor LAN, WAN, and 2.4 and 5gHz wireless bandwidth with SNMP.

For now I am using PeakHour on OS X, just because it is easy to set-up. I don't know if this is what I will ultimately use, it is just for plinking around and helping me understand what is what.

There results I get with bandwidth-monitoring tools simply do not make sense. In particular, wireless traffic doesn't make sense to me. I do a speed test from a wireless device to the Internet, say, on 2.4 gHz, then disconnect and reconnect on 5gHz and repeat. I see traffic on BOTH interfaces, in opposite directions, so it just doesn't make sense. Obviously, I am not looking at what I think I am looking at!

PeakHour itself suggests that vlan2 is the WAN interface, and is shown with my WAN IP address.

I am assuming, then (just naming convention...) that vlan1 is LAN? There is no IP address listed in PeakHour for eth0, though. It does list a MAC address, which is the same on eth0, vlan1, and eth1.

I conclude from this that eth0 and eth1 are 2.4 and 5gHz wireless interfaces, but I do not know which one is which. And this is where it gets crazy and infuriating. I do a speed test from a device on one, and I see traffic on both. And the values I get just don't make sense at all. (I guess PeakHour is probably just a crappy app...)

I thought it would sort out easily - that I would do a speed test and see a huge bump on two interfaces. Hahahahaha! Er, no.

There is also bra, which has some 169. address on it (what is this?), lo (127.0.0.1, I understand this, loopback address) and aux0, which has the same MAC address as eth0, vlan1, vlan1 but PeakHour shows a red dot on this one (others are green).

Can somebody clarify what is what?


(Sorry, I know this is a duplicate, because I read a post with this info. Problem is, I can't find it again! Hopefully, a clear title on this post will help other find it in the future...)

 

[RMerlin]

eth0 is the WAN interface
eth1 is Wifi 2.4 GHz
eth2 is Wifi 5 GHz on Broadcom models
wifi0 is Wifi 5 GHz on Quantenna models (i.e. RT-AC87U)
vlan2 is Internet
I think vlan1 is LAN, but I'm not sure about this one, since br0 is the LAN bridge, bridging eth1, eth2 and the LAN switch.
br0:0 is a bridge between the Broadcom and the Quantenna devices, used for inter communication (the main firmware configures the Quantenna service through RPC calls sent on that interface)

If you run "ifconfig" on the router over SSH you will be able to see the interface, with the total amount of traffic each one has seen.

 

[ericbergan]

Here is the original thread, and my concerns about the accuracy of the SNMP data and interface names.



http://forums.smallnetbuilder.com/showthread.php?t=20717

Since then, I'm even more convinced the traffic data being reported by the SNMP agent is not always accurate. Most days it seems about right, but some days it is way too high, and at least once, it was way too low, based on the by device daily numbers in Traffic Monitor.

 

[scavenger]

Here is the original thread, and my concerns about the accuracy of the SNMP data and interface names.



http://forums.smallnetbuilder.com/showthread.php?t=20717

Since then, I'm even more convinced the traffic data being reported by the SNMP agent is not always accurate. Most days it seems about right, but some days it is way too high, and at least once, it was way too low, based on the by device daily numbers in Traffic Monitor.

If you've enabled NAT Acceleration Level 1 or Level 2 (Cut-through forwarding alone or CTF+Flow Accelerator), then the bandwidth reported by the Adaptive QoS bandwidth monitor, at least, is inaccurate according to Asus. This is because the traffic never hits the BCM, and is thus not visible to the monitor.

I wonder if SNMP is impacted as well. Try turning off NAT Acceleration and see if your reported numbers improve.

 

[watusi]

wifi0 is Wifi 5 GHz on Quantenna models (i.e. RT-AC87U)

Mine doesn't show wifi0, though!

----
admin@l33tw0pr:/tmp/home/root# ifconfig
br0 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:78
inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:751775 errors:0 dropped:0 overruns:0 frame:0
TX packets:1038791 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:136716334 (130.3 MiB) TX bytes:393474136 (375.2 MiB)

br0:0 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:78
inet addr:169.254.39.85 Bcast:169.254.39.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:78
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7147521 errors:0 dropped:0 overruns:0 frame:0
TX packets:1819475 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1062116183 (1012.9 MiB) TX bytes:618042192 (589.4 MiB)
Interrupt:181 Base address:0x6000

eth1 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:78
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64804 errors:0 dropped:0 overruns:0 frame:3826921
TX packets:267952 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7859163 (7.4 MiB) TX bytes:142552162 (135.9 MiB)
Interrupt:163

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:41454 errors:0 dropped:0 overruns:0 frame:0
TX packets:41454 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4939067 (4.7 MiB) TX bytes:4939067 (4.7 MiB)

vlan1 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:78
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:737926 errors:0 dropped:0 overruns:0 frame:0
TX packets:1108309 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:138106058 (131.7 MiB) TX bytes:398049989 (379.6 MiB)

vlan2 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:78
inet addr:[redacted] Bcast:[redacted] Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6369841 errors:0 dropped:0 overruns:0 frame:0
TX packets:683350 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:680853376 (649.3 MiB) TX bytes:207007302 (197.4 MiB)

----

admin@l33tw0pr:/tmp/home/root# cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 4957148 41606 0 0 0 0 0 0 4957148 41606 0 0 0 0 0 0
aux0: 4626859 59076 0 0 0 0 0 0 0 0 0 0 0 0 0 0
eth0: 1064342340 7164171 0 0 0 0 0 0 619484571 1823944 0 0 0 0 0 0
eth1: 7861218 64830 0 0 0 3827089 0 0 142629086 268360 0 0 0 0 0 0
vlan1: 138593760 740278 0 0 0 0 0 67021 398820436 1110545 0 0 0 0 0 0
vlan2: 682254048 6384426 0 0 0 0 0 91039 207641133 685843 0 0 0 0 0 0
br0: 137196083 754149 0 0 0 0 0 0 394237451 1040862 0 0 0 0 0 0

----
As well, it is not found in /dev/

 

[RMerlin]

Yeah, that interface is in the Quantenna firmware, not the Broadcom one.

admin@Stargate87:/tmp/home/root# telnet 169.254.39.215

soc1 login: root


BusyBox v1.10.3 (2014-11-04 17:45:47 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

quantenna # ifconfig
br0       Link encap:Ethernet  HWaddr 10:C3:7B:51:16:14  
          inet addr:169.254.39.215  Bcast:169.254.39.255  Mask:255.255.255.0
          inet6 addr: fe80::12c3:7bff:fe51:1614/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:160025 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4005 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:52168544 (49.7 MiB)  TX bytes:1097869 (1.0 MiB)

eth1_0    Link encap:Ethernet  HWaddr 10:C3:7B:51:16:14  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:8 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:20 

eth1_1    Link encap:Ethernet  HWaddr 12:C3:7B:51:16:14  
          UP BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:8 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:19 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:560 (560.0 B)  TX bytes:560 (560.0 B)

wifi0     Link encap:Ethernet  HWaddr 10:C3:7B:51:16:14  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:122162 errors:0 dropped:0 overruns:0 frame:0
          TX packets:308780 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1024 
          RX bytes:21539464 (20.5 MiB)  TX bytes:284274650 (271.1 MiB)

quantenna #

 

[RMerlin]

If you've enabled NAT Acceleration Level 1 or Level 2 (Cut-through forwarding alone or CTF+Flow Accelerator), then the bandwidth reported by the Adaptive QoS bandwidth monitor, at least, is inaccurate according to Asus. This is because the traffic never hits the BCM, and is thus not visible to the monitor.

I wonder if SNMP is impacted as well. Try turning off NAT Acceleration and see if your reported numbers improve.

Either CTF or FA. I think FA works at the switch level, so just reverting to NAT acceleration Level 1 (CTF-only) might be enough.

 

[watusi]

Yeah, that interface is in the Quantenna firmware, not the Broadcom one.

I'm afraid you lost me there. At least on the details.

I gather there's some way to log-in to the Quantenna processor, but not clear from the above just how.

Not sure if I need to telnet or ssh to another host address, use some "quantenna" command from within the router shell (doesn't work) or something else.

For my bandwidth-monitoring purposes, then, I assume I need to point an SNMP browser at the Quantenna processor (what IP? And does it even have SNMP installed?) or look for some Quantenna-Specific MIBs on the main processor?

I also do not seem to have root password or else don't know how to set or get it. I've been using the admin account. admin seems to have root access, though, so guess I could add admin to sudoers, and then I can sudo su -? Is there any reason I need real root access? It certainly bothers me that there is apparently a root password which I do not know!

 

[Nullity]

I'm afraid you lost me there. At least on the details.

I gather there's some way to log-in to the Quantenna processor, but not clear from the above just how.

Not sure if I need to telnet or ssh to another host address, use some "quantenna" command from within the router shell (doesn't work) or something else.

For my bandwidth-monitoring purposes, then, I assume I need to point an SNMP browser at the Quantenna processor (what IP? And does it even have SNMP installed?) or look for some Quantenna-Specific MIBs on the main processor?

I also do not seem to have root password or else don't know how to set or get it. I've been using the admin account. admin seems to have root access, though, so guess I could add admin to sudoers, and then I can sudo su -? Is there any reason I need real root access? It certainly bothers me that there is apparently a root password which I do not know!

The "admin" user has the UID of "0", so it is effectively "root". Be careful... Messing with default accounts could cause lots of problems.

I am a bit worried... were you able to telnet into your router as "root" with no password? That is a huge, gaping, defcon 5 level security hole.

 

[watusi]

The "admin" user has the UID of "0", so it is effectively "root". Be careful... Messing with default accounts could cause lots of problems.

I am a bit worried... were you able to telnet into your router as "root" with no password? That is a huge, gaping, defcon 5 level security hole.

No, I have telnet shut off. I have ssh enabled for the local network only. I ssh from my local network.

Yes, I see that there is NO "root" account, and "admin" is 0. Merlin must have been on some other router that actually has a "root" user.

Still don't understand what he was doing with the quadtenna processor above and how or if I need to get into it to identify the wireless interfaces and browse it's MIBs (if possible).

 

[RMerlin]

The RT-AC87U actually has two separate CPU, each one runs its own firmware. There's the Broadcom BCM4709 you are familiar with, which runs Asuswrt. That's the "main" firmware, which you can access over telnet (or SSH if using my firmware). There's a second CPU on this router, from Quantenna, which runs its own firmware, and is only accessible internally from within the Broadcom environment. That's the one that hosts the 5 GHz radio.

What you saw in my posted output is simply me connecting to the Quantenna firmware from within the Broadcom firmware. You can't access it remotely, that's why it does not really need to be secured, and also it uses root as its username. Also, its telnet daemon is disabled by default (unless Asus has since changed that).

I recommend reading the RT-AC87U review I posted on these forums earlier this year for more info about the AC87U architecture.

 

[watusi]

What you saw in my posted output is simply me connecting to the Quantenna firmware from within the Broadcom firmware.

I'd kinda figured that. But I still don't know how one gets into a shell on the Quantenna processor from within the Broadcom environment? Your posted shell output doesn't show how you got in to start with.

I'd thought from your post there must be some "quantenna" command. I see now, that is just the command prompt from within the quantenna environment.

I read both parts of the review, as well as this post:

http://forums.smallnetbuilder.com/showthread.php?t=18415

but that still doesn't show me how to get in.

What's the secret sauce?

 

[RMerlin]

I'd kinda figured that. But I still don't know how one gets into a shell on the Quantenna processor from within the Broadcom environment? Your posted shell output doesn't show how you got in to start with.

I'd thought from your post there must be some "quantenna" command. I see now, that is just the command prompt from within the quantenna environment.

I read both parts of the review, as well as this post:

http://forums.smallnetbuilder.com/showthread.php?t=18415

but that still doesn't show me how to get in.

What's the secret sauce?

First, telnet into the router as you'd normally do. You will then be within the Broadcom firmware - the usual Asuswrt.

Next, you will probably need to enable the telnet daemon on the Quantenna system as I don't think it's enabled by default (mine was enabled long ago), by running:

ATE Enable_Qtn_TelnetSrv

Once it's enabled, telnet into it, just like I did in my quoted post:

telnet 169.254.39.215

Username is "root", and there is no password. I don't know if the IP is static or varies between router, so check the server_ipaddr from the config file:

cat /tmp/stateless_slave_config

Note however that this probably won't work on the stock firmware, as it does not contain a telnet client (unless Asus has since changed that).

 

[watusi]

Got it!

For the benefit of others:

- The enable command will take a few seconds. It will apparently print "1" on success.

admin@l33tw0pr:/jffs/scripts# ATE Enable_Qtn_TelnetSrv
1

The address is apparently not static. You do have to look it up as indicated. It's the server_ipaddr you are interested in:

admin@l33tw0pr:/# cat /tmp/stateless_slave_config
wifi0_mode=ap
wifi0_SSID="l33tw0pr-5G"
wifi0_auth_mode=PSKAuthentication
wifi0_beacon=11i
wifi0_encryption=AESEncryption
wifi0_passphrase=(redacted)
wifi0_region=us
wifi0_vht=1
wifi0_bw=80
wifi0_channel=48
wifi0_pwr=23
wifi0_bf=1
wifi0_staticip=1
slave_ipaddr="192.168.1.111/16"
server_ipaddr="169.254.39.89"
client_ipaddr="169.254.39.85"

Then:

admin@l33tw0pr:/# telnet 169.254.39.89

Entering character mode
Escape character is '^]'.

soc1 login: root


BusyBox v1.10.3 (2014-08-21 23:24:37 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

quantenna #

Now, I can see it's interfaces. How to get stats with SNMP, I dunno, it's a big assumption that it's even present and enabled. that's another fish to fry.

quantenna # ifconfig
br0 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:7C
inet addr:169.254.39.89 Bcast:169.254.39.255 Mask:255.255.255.0
inet6 addr: fe80::3a2c:4aff:fe5d:247c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5301 errors:0 dropped:0 overruns:0 frame:0
TX packets:1131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1048557 (1023.9 KiB) TX bytes:136071 (132.8 KiB)

eth1_0 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:7C
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:5111 errors:0 dropped:0 overruns:0 frame:0
TX packets:1133 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:8
RX bytes:1119692 (1.0 MiB) TX bytes:141017 (137.7 KiB)
Interrupt:20

eth1_1 Link encap:Ethernet HWaddr 3A:2C:4A:5D:24:7C
UP BROADCAST PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:8
RX bytes:0 (0.0 B) TX bytes:2108 (2.0 KiB)
Interrupt:19

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

wifi0 Link encap:Ethernet HWaddr 38:2C:4A:5D:24:7C
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1024
RX bytes:0 (0.0 B) TX bytes:27293 (26.6 KiB)

 

[RMerlin]

Now, I can see it's interfaces. How to get stats with SNMP, I dunno, it's a big assumption that it's even present and enabled. that's another fish to fry.

You can't. There's no SNMP daemon on the Quantenna machine.

Think of the Quantenna firmware as if it was a completely different device/computer.