What's new

YazFi YazFi on Subnet Router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Zim

Regular Contributor
There have been countless posts on how YazFi doesn't work with AiMesh or with routers in AP mode.

But has anyone tried running this script on a subnet router (running in router mode as static IP)? Subnet router is connected to the main router via a wired backhaul.

I'm trying to do this at the moment, and my devices connected to the Guest network on the subnet router can't reach the internet. YazFi running on the main router works fine.

Not sure if I'm doing something wrong or if this is just not possible with this script.
 
What is the "subnet router" model and firmware version?
Is the "subnet router" setup as an AiMesh node or as a stand alone router?
How are the two router's connected by wired Ethernet? Have you connected the main router's LAN port to the "subnet router's" WAN port or to it's LAN port?
How is YazFi configured?
 
Hi @bennor both routers (main and subnet) are AXE16000 running the latest Merlin firmware.

Subnet router setup in router mode with static IP.

Both routers are connected by wired ethernet in the 2.5G WAN port (port runs as lan port).

YazFi is running default settings, no ap isolation, no one way or two way settings, the DNS setting is pointing to the static IP of the subnet router. Have tried leaving the DNS as default (8.8.8.8) and have tried setting this to the IP of the main router. In either case devices connected to the guest network can not reach the internet.

Devices not connected to the guest network work fine.
 
Make sure the IP address ranges you are using for the subnet router's guest networks are unique and not the same as any used by the main router.
 
  • Like
Reactions: Zim
Both routers are connected by wired ethernet in the 2.5G WAN port (port runs as lan port).
Just to confirm. You have the main GT-AXE16000's 2.5G port configured for LAN and connected to the secondary GT-AXE16000's 2.5G port that is configured for WAN? Having LAN Port to LAN Port Ethernet connection between the two routers might be an issue due to how YazFi and it's settings work.

As @ColinTaylor indicated, check and ensure the YazFi Guest Network IP address subnet is unique and not the same as the main router's main LAN network, and any guest networks running on the main router, as well as not the same as the secondary router's main LAN.

As indicated, post the settings for YazFi on the secondary router. Screen shot it and redact any sensitive information if needed so others can review your settings to see if there are potential issues.
 
  • Like
Reactions: Zim
Thanks guys.

So for the sake of troubleshooting, I reset the the subnet router to factory default and reconfigured it as a subnet router.

With no scripts running - no YazFi, I setup the guest network. Just vanilla guest network. Even on the vanilla guest network, my devices connected to it are not able to access internet.

Devices not connected to guest network can connect to internet.

There was no IP conflict between the main router, guest network on the main router, subnet router and the guest network on the subnet router. They were literally four different subnet groups.

No, however, (after reset) the main router and the subnet router's guest network would probably have the same subnet, but still I should be able to access the internet.
 
Which Guest Network are you using? #1 or #2 or #3? If using #1, try using #2 or #3 since Asus treats Guest Network #1 differently (apparently for AiMesh). Also avoid using IP address subnets 192.168.101.x and 192.168.102.x as those are also AiMesh related apparently.
 
  • Like
Reactions: Zim
Quick and dirty example with working YazFi Guest Network internet access on secondary router.
Main router: RT-AX86U Pro running Asus-Merlin 3004.388.8_2.
Secondary router: RT-AC68U running Asus-Merlin 386.14, with YazFi 4.4.5 (develop version) installed.
The secondary RT-AC68U WAN port is connected to the main RT-AX86U Pro 1GB LAN port.
Guest Network #2 5Ghz enabled on RT-AC68U.
RT-AC68U configured for router mode.
RT-AC68U obtains main local network IP address from main RT-AX86U Pro router LAN IP address pool.
RT-AC68U's LAN DHCP server address is set to a different subnet (192.168.1.x) than the main RT-AX86U Pro router.
Mobile phone connected to Guest Network #2 5Ghz on RT-AC68U.
YazFi Guest Network DNS Addresses set to 1.1.1.1 and 1.0.0.1. (Additional YazFi settings can be seen in attached image.)

Mobile phone has internet access.
Various screen captures attached.
 

Attachments

  • Guest Network Internet Access.jpg
    Guest Network Internet Access.jpg
    39.1 KB · Views: 24
  • Mobile Phone WiFi Settings.jpg
    Mobile Phone WiFi Settings.jpg
    24.5 KB · Views: 23
  • RT-AC68U Guest Network1.jpg
    RT-AC68U Guest Network1.jpg
    67.5 KB · Views: 28
  • RT-AC68U YazFi1.jpg
    RT-AC68U YazFi1.jpg
    54.9 KB · Views: 30
  • RT-AC68U YazFi 5Ghz1.jpg
    RT-AC68U YazFi 5Ghz1.jpg
    98 KB · Views: 27
Last edited:
Which Guest Network are you using? #1 or #2 or #3? If using #1, try using #2 or #3 since Asus treats Guest Network #1 differently (apparently for AiMesh). Also avoid using IP address subnets 192.168.101.x and 192.168.102.x as those are also AiMesh related apparently.
Thanks for the screenshots and the detailed breakdown of your setup.

From your suggestion, I disabled Guest Network (GN) #1 and switched to GN#2 and magically, guest devices had internet. Does GN#2 and GN#3 prevent devices from accessing LAN? GN#2/GN#3 don't appear to create new subnets.

I noticed "Access Intranet" on GN#2 was enabled by default. Does toggling this do anything on GN#2/#3? I noticed this is enabled in your screenshots as well - are these devices able to access LAN?

I installed YazFi 4.4.4 and enabled it for GN#2 and have the exact same setting as you @bennor, but now I no longer have internet on guest devices. I can see the devices connected to the guest network on the YazFi page.

The only difference between your setup and my setup is that my main router is connected from WAN (2.5G port) to WAN (2.5G port) of the subnet router. To rule this out, I even changed this so the main router is connected from LAN port to WAN (2.5G port) of the subnet router, but no luck.
 
When using YazFi, on the Guest Network page, Access Intranet is enabled by default. Do not change that setting. YazFi enables that option and handles the option to access the Intranet itself on the YazFi page (One way to guest, Two way to guest YazFi options). Note: YazFi will block access to the intranet on the router it is installed on. It will not block access to any up stream router/system unless you disable Internet access all together (Allow Internet access) from YazFi. YazFi only controls the firewall on the router it is installed on.

Review your AXE16000 router's capabilities. Check that the first (main) AXE16000 router's 2.5G port is configured for LAN and not WAN. Its possible on the AXE16000 that 2.5G port is WAN only which could possibly be a cause of your problems. Instead (as a troubleshooting step if you haven't done so already) connect the first (main) AXE16000 router's 1GB LAN port (or 10GE LAN port) to the second AXE16000 router's WAN (2.5GB) port.

Edit to add: Per the GT-AXE16000 tech specs it appears to list the single 2.5GB port as WAN only. Those specs appear to list the two 10GE ports as either WAN or LAN configurable.
1 x 2.5 Gigabit WAN Port
2 x 10 Gigabit WAN/LAN Ports
4 x Gigabit LAN Ports
1 x USB 3.2 Gen 1 Port
1 x USB 2.0 Port
 
Last edited:
When using YazFi, on the Guest Network page, Access Intranet is enabled by default. Do not change that setting. YazFi enables that option and handles the option to access the Intranet itself on the YazFi page (One way to guest, Two way to guest YazFi options). Note: YazFi will block access to the intranet on the router it is installed on. It will not block access to any up stream router/system unless you disable Internet access all together (Allow Internet access) from YazFi. YazFi only controls the firewall on the router it is installed on.

Review your AXE16000 router's capabilities. Check that the first (main) AXE16000 router's 2.5G port is configured for LAN and not WAN. Its possible on the AXE16000 that 2.5G port is WAN only which could possibly be a cause of your problems. Instead (as a troubleshooting step if you haven't done so already) connect the first (main) AXE16000 router's 1GB LAN port (or 10GE LAN port) to the second AXE16000 router's WAN (2.5GB) port.

Edit to add: Per the GT-AXE16000 tech specs it appears to list the single 2.5GB port as WAN only. Those specs appear to list the two 10GE ports as either WAN or LAN configurable.
@bennor thanks for explaining. It looks like the WAN port may be the problem then. Unfortunately, my 2 10G ports are already being used and connecting the subnet routers via 1G LAN ports is not an option due to the 2.5G wired backhaul. So I'm left with the 2.5G WAN port for the connection.

I've decided to leave the setup as-is without YazFi - things seem to be working fine with devices connected to the default GN2/3.

When the new 3006 FW releases will switch to VLANs.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top