ONT (Bridged) -> AC66U+ (Switch, Ethernet hub supplying 4 ports) <-> AC86U (Dial WAN bridge, NAT, DHCP, Router, LAN, WiFi, Firewall)

[jobo1]

Hi all,

Long time lurker. Been enjoying my asuswrt merlin AC86U over the past four years or so, and all the fun that goes with it.... This might be an easy one/stupid question - I thought I'd save the headache/long night and get some pointers before I try anything this time.

I've been given an old 66U+ by a mate who has left overseas and thinking I might as well use it. Currently I have:​

• A GPON fibre connection going directly into an ONT (gateway/router) that I've set in bridged mode. No NAT, routing, WiFi, DHCP etc., The ONT is located just outside of my apartment in a secured area.
• One of the ONT LAN ports connects directly to my 86U's WAN port. The 86U dials PPPoE through the ONT via bridge, handles authentication, WAN, NAT, routing, LAN, WiFi etc. The 86U is located in the apartment - most ideal spot for a WiFi router.

ONT (Bridged) LAN1 -> WAN AC86U (Dials PPPoE via bridge, WAN, WiFi, NAT, DHCP, Router, Firewall)​

There are five CAT6 RJ45 ports located around the apartment that have gone unused for years. The CAT6 supplying each port around the apartment all leads back outside the apartment to the cabinet where the ONT is located.

I've recently shifted devices, workstations etc. around. Now, WiFi signal strength is not ideal, especially for my main workstation located at the opposite end of the apartment + a few other devices (all sharing 2.4GHz band now as 5GHz drops off due to multiple concrete walls in-between).

My question is:​

• Is there any way I can keep the ONT in bridged mode
• Plug ONT LAN1 into the 66U+ WAN/LAN1 (acting as a switch/hub?)
• Plug a few Ethernet cables into remaining LAN ports on 66U+ to liven ports around the apartment
• But still have my 86U bridging the ONT and doing the heavy work (dial PPPoE, handle WAN, LAN, WiFi, and DHCP for all devices and ports post-ONT
• With 86U firewall for LAN behind/ahead (firewalling both 66U+ LAN and 86U LAN, preferably on same network/subnet)?
  • 66U+ WiFi usable on 86U's (W)LAN possible?

ONT (Bridged) -> AC66U+ (Switch, Ethernet hub supplying 4 ports, WiFi possibly?) <-> AC86U (Dial PPPoE via bridge, WAN, WiFi NAT, DHCP, Router, Firewall)​

I may be going about the the wrong way. If this is possible, how might I go about this successfully? ....if not, any other ideas?
Anything to lookout for? Security?

Any help would be greatly appreciated!

Equipment:​

• Asus RT-AC86U, asuswrtmerlin, latest stable release
• Asus RT-AC66U+, soon to be asuswrtmerlin
• Atrocious Taiwanese GPON ONT that was locked-down hard.
  • GPON ONT configured with vlan tagging, bridging, no NAT, all typical router functions disabled, ISP GPON management disabled - was tough work wrestling this rubbish ONT into submission... The line tech passed on a few secrets before leaving
  • Lucky to have backend access - avoiding forced B/G/N WiFi @ max dBm, forced WAN, disabled bridging, double-NAT, (hot) underpowered CPU unfit for gigabit fibre routing and traffic management.
  • Overheating POS, tiny cabinet, only model compatible with OLT - would've been a nightmare.
• Also have an old Cisco E2000 ddwrt around
• All CAT6 cabling
• 200/200mbit connection... down from asynchronous gigabit - was free for 6 months ;(

 

[ColinTaylor]

What you're suggesting normally isn't possible because the ONT is usually only designed to have a single host connected to it (e.g. a router). If you were to connect multiple devices to it via a switch they would all be trying to connect directly to the internet and be isolated from the 86U's LAN.

That said, it is sometimes possible to do using a smart switch and VLANs to isolate and forward the traffic to the correct network ports (with an associated drop in throughput). The RT-AC66U+ appears to be a Taiwanese version of the RT-AC66U in which case it has no built-in support for VLANs (although you could flash it with FreshTomato I suppose).