What's new

YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

My Asus-Merlin RT-AC68U is in AP mode? Can I use Yazfi to setup a vlan?
Fios modem <-> pfsense router <-> RT-AC68U (AP) Any instructional links?
 
Hi,
I am new to YazFi but it works great on my AC87U with Merlin 384.13_1.

Now I want to use the router and YazFi to set up a separate IoT network (which I'm sure many others do as well).

My goal is to have the following:
1. All current Equipment ("Regular LAN") to stay as they are. (ip network 10.0.0.0 netmask 255.255.252.0)
2. IoT Equipment (Hue, Z-wave, Shelly, ip cameras, hass.io) to be put on a separate network (mix of wired and wireless) which can access other nodes and Internet but not my regular LAN. (ip network 10.3.0.0 netmask 255.255.255.0)
3. I plan to put the hass.io server on 10.3.0.1 with a static IP and the rest of the stuff on DHCP
4. I need to be able to access the IoT network from the Regular LAN.
5. LAN port 4 (port number 1) on the AC87U is the VLAN trunk from the wired network with IoT being on VLAN 3.

So I basically want to extend the YazFi-controlled WLAN to include VLAN 3 from the wired network with access from VLAN 1 (Regular LAN). I also want to only allow traffic from Regular LAN to YazFi WLAN, not from YazFi WLAN to Regular LAN.

Is this a planned development for YazFi? If not, any suggestions on how I should go about it?

I'm trying to figure out almost literally the exact same scenario.
I'm still looking for the start of the learning path to help me solve that one, too.

I'm thinking some kind of bridge between a single device on a sandboxed guest wifi connection and a single device on the protected LAN side, to get started. Maybe some kind of a routing rule solution that allows traffic to pass between two IPs which otherwise are currently prevented from pinging each other (intentionally) without just pulling down the entire wall between the guest wifi and the LAN.

Regards,
obzai
 
Hi folks!

It would be great if there was an option to bridge Guest WiFi connections through to the WAN side so that they would use the WAN side's DHCP and DNS etc. This feature should completely isolate Guest WiFi connections from the LAN side.

I'm willing to donate money to make this happen.

Looks like someone created somewhat of a script that seems halfway there. Can't get the script to work of course.

https://gist.github.com/the-darkvoid/c6a1c112603cc33e68a7
 
Last edited:
Hi folks!

It would be great if there was an option to bridge Guest WiFi connections through to the WAN side so that they would use the WAN side's DHCP and DNS etc. This feature should completely isolate Guest WiFi connections from the LAN side.

I'm willing to donate money to make this happen.

Looks like someone created somewhat of a script that seems halfway there. Can't get the script to work of course.

https://gist.github.com/the-darkvoid/c6a1c112603cc33e68a7
Not sure what you mean by WAN side DNS and DHCP? YazFi already creates isolated guests and you can specify upstream DNS such as 1.1.1.1 in the config
 
Not sure what you mean by WAN side DNS and DHCP? YazFi already creates isolated guests and you can specify upstream DNS such as 1.1.1.1 in the config
I think they might be asking for a VLAN where the router acts as a switch instead of a router. All devices on that VLAN would be visible from the WAN side and would receive DHCP from the upstream router, not from the device they are connected to directly.
 
I think they might be asking for a VLAN where the router acts as a switch instead of a router. All devices on that VLAN would be visible from the WAN side and would receive DHCP from the upstream router, not from the device they are connected to directly.

You are exactly correct. This would be only for the Guest WiFi though.
 
your script is breaking the guest network bandwith limiter and the global qos bandwith limiter, only to device connected to guest network. Not sure what your script is overwritting. Is there any work around?
 
your script is breaking the guest network bandwith limiter and the global qos bandwith limiter, only to device connected to guest network. Not sure what your script is overwritting. Is there any work around?
QoS only applies to traffic on br0, from what I can tell. FreshJR and I discussed ir previously but we made no headway in extending the qos rules to apply to the wl0.1 interfaces (and so on).
 
Hi folks!

It would be great if there was an option to bridge Guest WiFi connections through to the WAN side so that they would use the WAN side's DHCP and DNS etc. This feature should completely isolate Guest WiFi connections from the LAN side.

I'm willing to donate money to make this happen.

Looks like someone created somewhat of a script that seems halfway there. Can't get the script to work of course.

https://gist.github.com/the-darkvoid/c6a1c112603cc33e68a7
Not sure what you mean by WAN side DNS and DHCP? YazFi already creates isolated guests and you can specify upstream DNS such as 1.1.1.1 in the config
You are exactly correct. This would be only for the Guest WiFi though.

Is my original idea even possible? If it's something that can't be included in YazFi Guest WiFi I would be will to pay someone to write a script accomplish this. I will even pay to have it included in YazFi Guest WiFi if it's doable.

-Darryl Grennan
 
Is my original idea even possible?
Not really IMHO. It would require a major redesign of the way the router works to support VLANs between the guest WiFi and WAN interfaces. You'd also need your upstream router to support VLANs as well. If you want to spend money on a solution you'd probably be better off buying a standalone AP for guests an attaching it directly to your primary router. Alternatively, use a firmware that actually supports VLANs like Tomato.
 
Last edited:
Not really IMHO. It would require a major redesign of the way the router works to support VLANs between the guest WiFi and WAN interfaces. You'd also need your upstream router to support VLANs as well. If you want to spend money on a solution you'd probably be better off buying a standalone AP for guests an attaching it directly to your primary router. Alternatively, use a firmware that actually supports VLANs like Tomato.

Thanks. I was willing to pay someone to write the code and then re-distribute for the greater good of the community.
I don't think I'd need a VLAN on the main router as it would be operating from the same DHCP pool/gateway/DNS.
It would be similar to putting my ASUS5300 in AP mode but only for specific Guest WiFi SSIDs.

-Darryl Grennan
 
hi,

I have a guest wifi with different subnet from my main network.

Guest wifi subnet = 192.168.3.0/24
Main network subnet = 192.168.1.0/24

However, when a device connects to this guest wifi, in the Network Map, this device (my Android phone) is identified as having IP of the main network subnet, e.g. 192.168.1.30
When I use Ping Tools app on my mobile, it is identified as having IP in the guest wifi subnet, e.g. 192.168.3.2.
Do you know why this is the case?

Also, I disable "Access Intranet" on the guest wifi config.
On my phone, when connecting to the guest wifi (on 192.168.3.2), I cannot access the router GUI on 192.168.1.1 (as I expect), however I can still ping it.
Is this normal/as per designed? I would expect it has no connection allowed whatsover to the main network, but it seems not to be the case.

Any guidance is appreciated.
 
Is it possible to configure one way traffic from LAN to a Yazfi-managed guest wifi? Traffic would be allowed from lan to guest but not from guest to lan.

Thanks for your help.
 
hi,

I have a guest wifi with different subnet from my main network.

Guest wifi subnet = 192.168.3.0/24
Main network subnet = 192.168.1.0/24

However, when a device connects to this guest wifi, in the Network Map, this device (my Android phone) is identified as having IP of the main network subnet, e.g. 192.168.1.30
When I use Ping Tools app on my mobile, it is identified as having IP in the guest wifi subnet, e.g. 192.168.3.2.
Do you know why this is the case?

Also, I disable "Access Intranet" on the guest wifi config.
On my phone, when connecting to the guest wifi (on 192.168.3.2), I cannot access the router GUI on 192.168.1.1 (as I expect), however I can still ping it.
Is this normal/as per designed? I would expect it has no connection allowed whatsover to the main network, but it seems not to be the case.

Any guidance is appreciated.
leave network map open for a few seconds, it should update. if not, have you assigned a static ip for the device?
pinging of the router was needed, as some devices (e.g. smart tvs) deemed themselves not to have an internet connection if they couldnt ping the gateway
 
Is it possible to configure one way traffic from LAN to a Yazfi-managed guest wifi? Traffic would be allowed from lan to guest but not from guest to lan.

Thanks for your help.
this used to be possible by blocking only new connections from guest to main lan, and allowing related but it caused problems/data leak for some users
 
Hi, I performed a search about the specific item for connecting a guest wi-fi network as set by Yazfi to a specific LAN ip (eg. my Sonos equipment to my wired NAs) and founded a lot of resulats but because i'm too noob I can't understand the possible solutions if any.
 
@ARKASHA, you need to provide detailed specifics of what you actually tried or what you would like your network to do. Your post doesn't ask any question that anyone can help you with. If I had to guess from your post? I would say it's not possible, using YazFi or other methods, from what I can understand as it is now. :)
 
@ARKASHA, you need to provide detailed specifics of what you actually tried or what you would like your network to do. Your post doesn't ask any question that anyone can help you with. If I had to guess from your post? I would say it's not possible, using YazFi or other methods, from what I can understand as it is now. :)

I think you are smart enough to understand my problem through my bad English ;), but again is that possible to connect the ip's of a guest wifi network as configured by Yazfi (eg 192.168.2.1/24) to an ip of a wired network (eg 192.168.3.1/24)?
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top