robocfg Not Available on Asus GT-AXE11000 (Asuswrt-Merlin 388.8_4)?

[garycnew]

Head-Scratcher... Why is robocfg and vlans not available on the Asus GT-AXE11000 (Asuswrt-Merlin 388.8_4), but is available on Asus RT-AC66U_B1 (384.19)?

Thanks, again.

 

[ColinTaylor]

Completely different architecture.

 

[garycnew]

Completely different architecture.

I see. So... Asus GT-AXE11000 uses Broadcom, which appears to be manageable using brctl, ethctl, ethswctl, and vlanctl?

 

[ColinTaylor]

All Merlin supported routers are/were Broadcom models, but all models since the RT-AC86U are based on the HND architecture.

So yes, the WAN and LAN ports appear as individual network interfaces now.

 

[garycnew]

@ColinTaylor

In short... VLANs don't exist and are not configurable on Asus HND Routers?

Thanks, again.


Gary

 

[ColinTaylor]

You'd have to use traditional Linux commands like ip link instead. There are various posts/examples about it in the forum but I've not really followed them myself. Here's one such post.

 

[Tech9]

Recent thread here for AP mode:

Using Asus routers as VLAN-capable APs

For some time now, I've been trying to "harden" my home network with fully isolated IOT and Guest networks using VLANs. I have two RT-AX86Us; one is the router and the other is either a mesh node or an AP. When the second RT-AX86U is setup as an AP, I use a script posted by Maxbraketorque...

www.snbforums.com

 

[garycnew]

Hmm... So, I don't really need to make use of VLANs for my configuration. However, on the Asus RT-AC66U_B1 (384.19) VPN Client 1 was placed into its own VLAN (vlan2).

Reviewing the Asus GT-AXE110000 (388.8_4), it appears that the VPN Client 1 isn't placed into a VLAN, but directly referenced by its interface (tun11).

# iptables -L OVPNCF -v -n 
Chain OVPNCF (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 471K   44M ACCEPT     all  --  *      tun11   0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  tun11  *       0.0.0.0/0            0.0.0.0/0

I believe, I need to modify the old iptables rule to directly reference the VPN Client 1 interface (tun11), instead of the former VLAN (vlan2)?

# Mark Outbound Web Services Packets from WAN to OpenVPN Client 1
#if ! iptables -t mangle -S | grep OUTPUT | grep vlan2 | grep 0x1000; then
if ! iptables -t mangle -S | grep OUTPUT | grep tun11 | grep 0x1000; then
#iptables -t mangle -I OUTPUT -o vlan2 -p tcp -s 192.168.0.2/32 -j MARK --set-mark 0x1000/0x1000
iptables -t mangle -I OUTPUT -o tun11 -p tcp -s 192.168.0.2/32 -j MARK --set-mark 0x1000/0x1000
fi

Thanks, again.

 

[ColinTaylor]

Sorry Gary I don't understand what you're doing here, probably because I haven't looked at those old routers for years.

On pre-HND routers the WAN interface was either eth0 or vlan2 depending on whether hardware acceleration was enabled or disabled. The use of vlan1 and vlan2 had nothing really to do with VLANs in the traditional sense. It was required as a way of associating physical network ports with a logical network interface. On the HND routers none of that is required any more because each port is already associated with a network interface, eth0, eth1, eth2, eth3, eth4, etc.

 

[garycnew]

Sorry Gary I don't understand what you're doing here, probably because I haven't looked at those old routers for years.

On pre-HND routers the WAN interface was either eth0 or vlan2 depending on whether hardware acceleration was enabled or disabled. The use of vlan1 and vlan2 had nothing really to do with VLANs in the traditional sense. It was required as a way of associating physical network ports with a logical network interface. On the HND routers none of that is required any more because each port is already associated with a network interface, eth0, eth1, eth2, eth3, eth4, etc.

@ColinTaylor

A little background... I had VPN Client 1, DNSMasq, and Nginx Reverse Proxy configured to work together to Nginx Reverse Proxy traffic from 192.168.0.2:443 (DNSMasqed) through the VPN Client 1 Tunnel. However, in order to route the packets correctly, through the VPN Client 1 Tunnel, I had to apply iptables mangled rules based on fwmarks and output interface. On Asus RT-AC66U_B1 (384.19), the output interface was vlan2.

iptables -t mangle -I OUTPUT -o vlan2 -p tcp -s 192.168.0.2/32 -j MARK --set-mark 0x1000/0x1000

It has been a few years; since, I originially set it up. I may be misremembering the use of vlan2 on Asus RT-AC66U_B1 (384.19).

It sounds like I should bring Asus RT-AC66U_B1 (384.19) back online and reconfirm.

Thank you for the historical summary of how vlan2 was used on pre-HND routers.

Respectfully,


Gary