sbnMerlin 1.2.6 - Network Isolation Tool based on Guest Networks, June 26 2024

[janico82]

Thanks Janico for your reply!

I'd like to manually assign IPs to clients and starting IP for DHCP server on br53. The guest network is propagated to AiMesh nodes. I used the standard settings listed on Github (i.e.):

br53_staticlist=<ab:cd:ef:01:23:45>192.168.108.10>8.8.8.8>HOMEPC<ab:cd:ef:01:23:46>192.168.108.11>>Xbox<ab:cd:ef:01:23:47>192.168.168.108.12>>
br53_dhcp_start="192.168.108.2"

But it seems the settings are not "processed" by the script and the DHCP still assign adresses to the clients, nor even starting from the dhcp_start address

@matthew_eli AiMesh bridges are classified by sbnMerlin as basic feature single-band bridge (bsb) and are the bridges: br1, br2, br3 or br4 depending of the device wireless capabilities. The following options are ones supported by sbnMerlin bsb:
## Template for (bsb) bridges ##
# br$_enabled=0
# br$_ifnames=""
# br$_dns1_x=""
# br$_dns2_x=""
# br$_staticlist=""
# br$_ap_isolate=1
# br$_allow_internet=1
# br$_allow_onewayaccess=0
# br$_allow_routeraccess=0

and the bridge(br53) is not supported by sbnMerlin. Please check if everything is ok by running the command:

brctl show

 

[matthew_eli]

@matthew_eli AiMesh bridges are classified by sbnMerlin as basic feature single-band bridge (bsb) and are the bridges: br1, br2, br3 or br4 depending of the device wireless capabilities. The following options are ones supported by sbnMerlin bsb:
## Template for (bsb) bridges ##
# br$_enabled=0
# br$_ifnames=""
# br$_dns1_x=""
# br$_dns2_x=""
# br$_staticlist=""
# br$_ap_isolate=1
# br$_allow_internet=1
# br$_allow_onewayaccess=0
# br$_allow_routeraccess=0

and the bridge(br53) is not supported by sbnMerlin. Please check if everything is ok by running the command:

brctl show

Brctl show:

bridge name     bridge id               STP enabled     interfaces
br0             8000.cc28aa3f3728       no              bond0
                                                        eth1
                                                        wl0.0
                                                        wl1.0
                                                        wl2.0
                                                        wl3.0
br53            8000.8a28aa3f3729       no              eth1.52
                                                        eth2.52
                                                        eth3.52
                                                        wl0.52
                                                        wl1.52
                                                        wl2.52
                                                        wl3.1
                                                        wl3.52

And I can confirm br53 is the one with Guest Network (in VLAN 52)

 

[janico82]

Brctl show:

bridge name     bridge id               STP enabled     interfaces
br0             8000.cc28aa3f3728       no              bond0
                                                        eth1
                                                        wl0.0
                                                        wl1.0
                                                        wl2.0
                                                        wl3.0
br53            8000.8a28aa3f3729       no              eth1.52
                                                        eth2.52
                                                        eth3.52
                                                        wl0.52
                                                        wl1.52
                                                        wl2.52
                                                        wl3.1
                                                        wl3.52

And I can confirm br53 is the one with Guest Network (in VLAN 52)

Ok @matthew_eli definitely sbnMerlin script does not support that type of devices.
We could try to manage something, but i need your help to do that because I don't have that device.

Could you send me privately the following command:

ifconfig

 

[Ellenswamy]

I am having an issue getting this working, I got it working with br2 but I don't want to use aimesh wifi. I have the 2nd one enabled, 5Ghz-1 wl1., I have my config like this but it does not appear to be making the bridge.

br12_enabled=1 # Write your own settings for Bridge 12
br12_ifnames="eth3"
br12_ipaddr="192.168.110.1"
br12_netmask="255.255.255.0"
br12_dhcp_start="192.168.110.2"
br12_dhcp_end="192.168.110.254"
br12_dns1_x="9.9.9.9"
br12_dns2_x="149.112.112.112"
br12_staticlist=""
br12_ap_isolate=1
br12_allow_internet=1
br12_allow_onewayaccess=0
br12_allow_routeraccess=0

 

[janico82]

I am having an issue getting this working, I got it working with br2 but I don't want to use aimesh wifi. I have the 2nd one enabled, 5Ghz-1 wl1., I have my config like this but it does not appear to be making the bridge.

br12_enabled=1 # Write your own settings for Bridge 12
br12_ifnames="eth3"
br12_ipaddr="192.168.110.1"
br12_netmask="255.255.255.0"
br12_dhcp_start="192.168.110.2"
br12_dhcp_end="192.168.110.254"
br12_dns1_x="9.9.9.9"
br12_dns2_x="149.112.112.112"
br12_staticlist=""
br12_ap_isolate=1
br12_allow_internet=1
br12_allow_onewayaccess=0
br12_allow_routeraccess=0

Please send me the result of the following command:

brctl show

 

[Ellenswamy]

Please send me the result of the following command:

brctl show

bridge name bridge id STP enabled interfaces
br0 8000.e89c25040930 no eth1
eth2
eth3
eth4
eth6
eth7
eth8
wds0.0.1
wds0.0.2
wds0.0.3
wds2.0.1
wds2.0.2
wds2.0.3
wl1.2

 

[janico82]

bridge name bridge id STP enabled interfaces
br0 8000.e89c25040930 no eth1
eth2
eth3
eth4
eth6
eth7
eth8
wds0.0.1
wds0.0.2
wds0.0.3
wds2.0.1
wds2.0.2
wds2.0.3
wl1.2
ellenswamy@GT-AX11000_Pro-0930:/tmp/home/root#

Thank's @Ellenswamy for the feedback.
For that device the wireless guest interface wl1.2 is mapped with the bridge(br13).
Please try to change the options of your config file br12_* to br13_*

 

[Ellenswamy]

Thank's @Ellenswamy for the feedback.
For that device the wireless guest interface wl1.2 is mapped with the bridge(br13).
Please try to change the options of your config file br12_* to br13_*

ah ok, I will make that change

 

[Ellenswamy]

Thank's @Ellenswamy for the feedback.
For that device the wireless guest interface wl1.2 is mapped with the bridge(br13).
Please try to change the options of your config file br12_* to br13_*

seems like the bridge is still not being created.

I changed everything to this: My router is a AX-GT11000 Pro if that helps

br13_enabled=1 # Write your own settings for Bridge 13
br13_ifnames="eth3"
br13_ipaddr="192.168.110.1"
br13_netmask="255.255.255.0"
br13_dhcp_start="192.168.110.2"
br13_dhcp_end="192.168.110.254"
br13_dns1_x="9.9.9.9"
br13_dns2_x="149.112.112.112"
br13_staticlist=""
br13_ap_isolate=1
br13_allow_internet=1
br13_allow_onewayaccess=1
br13_allow_routeraccess=0

 

[Underskore]

@Underskore, with sbnMerlin you can adjust the bridge(br2) settings like ip address reservations, giving your IoT devices a static ip address and a different dns server. The denial of intranet access to bridge(br2) can be done on Asuswrt web interface. The sbnMerlin scripts helps to manage the Internet access to the bridge. I need more information about your adguardhome implementation, in order to advise you correctly. (You can send me a private message)

The Guest Wireless Networks (wl0.1 and wl1.1) are the only guest network used bu the AiMesh.

Hey sorry I haven't been on here recently. But with my setup I have a pi5 (or 4) running adguardhome. I was hoping to keep the default guest network setup asus has. So I can keep having the devices go between different aimesh nodes if needed, so I thought I'd be able to use this as a bridge so I could static IP them and forward them into the dns.