wanted: vlan for AC56U in AP-Mode

[grifo]

How can I run this script on asuswrt firmware (not on merlin) v386.x? Please help.

I've never used Asuswrt on its own, I flashed Merlin's firmware straight after I unboxed my router and AP so I don't know. I thought you couldn't run these scripts on it, if that has changed hopefully someone else will let both of us know.

 

[bluecatus]

I've never used Asuswrt on its own, I flashed Merlin's firmware straight after I unboxed my router and AP so I don't know. I thought you couldn't run these scripts on it, if that has changed hopefully someone else will let both of us know.

Thanks.
However, when I use this script (I modified for my own) on Merlin at boot or run this one manually on Asuswrt via ssh, the 2nd and 3rd guest wifi could not connect if they have passwords (they noticed that wrong password) while the 02 first ones was OK with default VLANs (VLAN 501 and 502). Otherwise, if they had no password, I could connect easily and having specific VLAN for each.
I can't understand the weird.

 

[grifo]

Thanks.
However, when I use this script (I modified for my own) on Merlin at boot or run this one manually on Asuswrt via ssh, the 2nd and 3rd guest wifi could not connect if they have passwords (they noticed that wrong password) while the 02 first ones was OK with default VLANs (VLAN 501 and 502). Otherwise, if they had no password, I could connect easily and having specific VLAN for each.
I can't understand the weird.

You posted on the other thread that the problem started after you flashed the 386.1 alpha and it's still happening after a firmware downgrade and a factory reset.

As I mentioned there, the 386 firmware makes changes to the guest WLANs to allow extending them to aimesh nodes. Most likely that's the cause of the problems you're having.

I'm not planning to flash the 386.1 firmware on my AP for now (also due to those changes) so I can't look into it, sorry. Nobody else has replied to the other thread so maybe most people using this script are also holding on to 384.19 due to the changes in 386.1.

I guess the lesson learned for you is to wait before flashing a new major firmware release if you're using officially unsupported features, like this one is, as there's no guarantee they'll still be working.

Let's hope that Asus hasn't taken away this functionality for good as although unsupported it's keeping a lot of people on Asus routers and APs vs. going with small business geared hardware. We'll know more when 386.1 beta and final are released and more people upgrade.

 

[bluecatus]

Thanks for your advices.
Btw, there are some posts mentioned the problem, even not only on 386.1 alpha. Can you take a look this post? #10

WAP/Guest SSID/Port based VLAN

I have two RT-N66U devices running in WAP mode. I run a pfSense device as a firewall/router. I run Merlin firmware over DD-WRT because I get way more throughput using Merlin. However, DD-WRT allows port based VLAN configuration and this helps me configure my network as depicted in the...

www.snbforums.com

Btw, I hope that Asus has more interested features next releases.

 

[grifo]

Thanks for your advices.
Btw, there are some posts mentioned the problem, even not only on 386.1 alpha. Can you take a look this post? #10

WAP/Guest SSID/Port based VLAN

I have two RT-N66U devices running in WAP mode. I run a pfSense device as a firewall/router. I run Merlin firmware over DD-WRT because I get way more throughput using Merlin. However, DD-WRT allows port based VLAN configuration and this helps me configure my network as depicted in the...

www.snbforums.com

Btw, I hope that Asus has more interested features next releases.

That's a six years old post and it's no longer relevant as the firmware has changed a lot since then. I don't remember reading reports of guest SSID authentication problems with this script under recent firmware up to 384.19.

You mention default VLANs 501 and 502, these don't exist on firmware 384.19, they're likely the new VLANs Asus is using on 386 to extend the guest WiFi to aimesh nodes. If that's the case and if it can't be changed you could try using those 2 VLAN IDs instead of the ones you were using before.

Otherwise it needs looking into properly which I would do if I had a router capable of running 386.1 but my RT-AC87U isn't and by upgrading just my AP I would risk that the two stop playing well together with this script. Sorry but I no longer have the time for remote troubleshooting these days.

 

[Bob.Dig]

@grifo Hope you are doing well. I noticed some weird problems after I enabled IPv6 in my pfSense for the interface the AC56U is connected to. Do you know anything about that? It seems,I never had IPv6 enabled before on my Asus...

 

[grifo]

@grifo Hope you are doing well. I noticed some weird problems after I enabled IPv6 in my pfSense for the interface the AC56U is connected to. Do you know anything about that? It seems,I never had IPv6 enabled before on my Asus...

Hi Bob, I'm okay but I had decided to stop posting on here as I don't like the way the forum is being run lately. I'll make an exception for you.

As your Asus is in AP mode it shouldn't make a difference if you're passing IPv4 or IPv6 traffic through it. What problem are you seeing and is it affecting both wired and wirless devices? What happens if you connect a switch to the pfSense instead of the Asus?

 

[Bob.Dig]

Hey @grifo , so my problem was, I had no internet nor could I connect via IPv4 to the pfSense from my machine, which is connected to the asus, but I could reach some other devices... . All other interfaces had no problems and as soon as I turned off IPv6, everything was fine again.
And yes I am pretty sure I used IPv6 on another switch with no problem, so I think the asus is somehow the cause, allthough there is another switch before it.
Thought about, if possible, to have the asus use vlans only (without any IPv6) and put yet another switch before it, that I could then connect my pc to. So I guess I have to find out myself.

Hope to still see you around here.

 

[Bob.Dig]

So today I tried again, without any other router in the loop. Still got the same problems, as soons as the asus was active...

 

[grifo]

You mean without any other switch?

Basically what you should do is connect only a switch to the pfSense and a PC to it and test IPv4 and IPv6 connectivity to the Internet. If it's good then remove the switch and connect the Asus to the pfSense and the same PC to it on a port assigned to VLAN 1 (check with robocfg show) and retest, without having made any changes to pfSense or your PC.

To be honest it's unlikely that the Asus in AP mode could cause connectivity problems to a wired PC due to IPv6 as it's just a switch. Maybe you're connecting the PC to a port you had assigned to the IoT VLAN. Else it's more likely than the problem is on the pfSense.

 

[Bob.Dig]

You mean without any other switch?

With and without. IPv4 works, IPv6 works as long as the Asus isn't on, after that problems, even if the machine is not connected to the asus at but is on the same parent interface.

It is so weird. Someone in the pfSense forum thinks that maybe the Asus isn't fully IPv6 compatible. I am just clueless, to bad I have to use the same interface for it and my main machine...

 

[grifo]

Try to access the below page on the Asus, it's not available in AP mode but you should be able to access in this way:

https://<your-Asus-IP>/Advanced_SwitchCtrl_Content.asp

Once there disable NAT acceleration and enable Spanning-Tree Protocol (if those options exist on the RT-AC56U, I've never used one).

 

[Bob.Dig]

Once there disable NAT acceleration and enable Spanning-Tree Protocol (if those options exist on the RT-AC56U, I've never used one).

It works but it is already like this.

Maybe I should try to disable Spanning-Tree.

 

[john9527]

Do clients connecting to the AP get a valid IPv6 address?
Also, I think if you have a separate vlan for the AP, you need to setup IPv6 for a greater than /64 prefix space, and assign a different IPv6 prefix ID for that vlan.

 

[grifo]

Yeah then Spanning Tree is on. What you quoted on the other thread: Sounds to me like the switch is doing PVST and there is an issue with spanning tree caused by the AP. Which switch are you referring to? And the Asus should be doing PVST too (= per VLAN spanning tree). Can you post robocfg show?

 

[Bob.Dig]

Can you post robocfg show?

ASUSWRT-Merlin RT-AC56U_3.0.0.4 Thu Dec 24 11:49:53 UTC 2020
admin@RT-AC56U-00D0:/tmp/home/root# robocfg show
Switch: enabled
Port 0:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 1: 1000FD enabled stp: none vlan: 205 jumbo: off mac: 00:0c:29:c6:7f:f1
Port 2: 1000FD enabled stp: none vlan: 198 jumbo: off mac: 54:67:51:44:a4:1b
Port 3:  100FD enabled stp: none vlan: 202 jumbo: off mac: 00:17:88:a2:92:56
Port 4: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 70:85:c2:ad:2a:34
Port 8:   DOWN enabled stp: none vlan: 2 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 0 4 5t
   2: vlan2: 5
  56: vlan56: 2t 7t
  57: vlan57: 0 2 5t
  58: vlan58: 2 4 5t 8t
  59: vlan59: 1t 2t 3t 7 8u
  60: vlan60: 0 1 7
  61: vlan61: 2 8u
  62: vlan62: 1t 5
198: vlan198: 2 4t
201: vlan201: 4t 5t
202: vlan202: 3 4t 5t
205: vlan205: 1 4t
admin@RT-AC56U-00D0:/tmp/home/root#

@john9527 I have no Ipv6 on any vlan I had created, but maybe the default one got one? But this one isn't configured in pfSense as a vlan, it is just the parent interface. Also I am a network noob.

 

[grifo]

Do clients connecting to the AP get a valid IPv6 address?
Also, I think if you have a separate vlan for the AP, you need to setup IPv6 for a greater than /64 prefix space, and assign a different IPv6 prefix ID for that vlan.

If I understood correctly he's not interested in doing IPv6 via the Asus AP that he's just using for IoT devices but on his other machines that are connected to a separate switch without VLANs, but when he turns on the Asus he loses connectivity to his devices connected to the other switch.

 

[Bob.Dig]

Which switch are you referring to?

I quoted it from here. Problem is even happening without any other switch. I only have some 5-port dump switches around here anyway.

 

[Bob.Dig]

If I understood correctly he's not interested in doing IPv6 via the Asus AP that he's just using for IoT devices

Right, problem is, it is the same parent interface. Otherwise I would just run the Asus on an interface with no IPv6 at all, but I only have one connection here.

 

[grifo]

ASUSWRT-Merlin RT-AC56U_3.0.0.4 Thu Dec 24 11:49:53 UTC 2020
admin@RT-AC56U-00D0:/tmp/home/root# robocfg show
Switch: enabled
Port 0:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 1: 1000FD enabled stp: none vlan: 205 jumbo: off mac: 00:0c:29:c6:7f:f1
Port 2: 1000FD enabled stp: none vlan: 198 jumbo: off mac: 54:67:51:44:a4:1b
Port 3:  100FD enabled stp: none vlan: 202 jumbo: off mac: 00:17:88:a2:92:56
Port 4: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 70:85:c2:ad:2a:34
Port 8:   DOWN enabled stp: none vlan: 2 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 0 4 5t
   2: vlan2: 5
  56: vlan56: 2t 7t
  57: vlan57: 0 2 5t
  58: vlan58: 2 4 5t 8t
  59: vlan59: 1t 2t 3t 7 8u
  60: vlan60: 0 1 7
  61: vlan61: 2 8u
  62: vlan62: 1t 5
198: vlan198: 2 4t
201: vlan201: 4t 5t
202: vlan202: 3 4t 5t
205: vlan205: 1 4t
admin@RT-AC56U-00D0:/tmp/home/root#

@john9527 I have no Ipv6 on any vlan I had created, but maybe the default one got one? But this one isn't configured in pfSense as a vlan, it is just the parent interface. Also I am a network noob.

Are you using the Asus' WAN port to connect to the pfSense and LAN 1 to connect your PC? LAN 1 is the only one assigned to VLAN 1 (other than the WAN port that you should use for the upstream connection) and it's showing down (it corresponds to port 0 on robocfg).