multi SSID with VLAN script, for ASUS AC86U with merlin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # multi SSID with VLAN script, for ASUS AC86U with merlin | |
| # | |
| # setup before hand: | |
| # set "router" to "AP Mode" | |
| # this will put all ports and wireless in br0 | |
| # create 2 guest network | |
| # enable Administration => System => Enable JFFS custom scripts and configs | |
| # put this script in /jffs/scripts/, name should be "services-start" | |
| # remember `chmod a+x services-start` | |
| # I strongly suggest you use static IP instead of DHCP | |
| # In my test, the "router" will pickup DHCP lease from VLAN 1 instead of VLAN 227 | |
| # reboot | |
| # some basic info of the original AP mode: | |
| # eth0 => WAN port | |
| # eth1~4 => LAN port 4~1, they're reversed | |
| # eth5 => WiFi 2.4G | |
| # eth6 => WiFi 5G | |
| # wl0.1, wl0.2 => WiFi 2.4G guest networks | |
| # this setup: | |
| # WAN port (eth0) will be repurposed as a tagged port | |
| # LAN ports (eth1~4) and primary WiFi (eth5,6) will be on VLAN 227 | |
| # guest network 1 will be on VLAN 11 | |
| # guest network 2 will be on VLAN 12 | |
| #echo "============== START 1 $(date) ==================" >> /jffs/scripts/log | |
| #ip a >> /jffs/scripts/log | |
| #ip r >> /jffs/scripts/log | |
| #brctl show >> /jffs/scripts/log | |
| #echo "============== END 1 $(date) ==================" >> /jffs/scripts/log | |
| # echo $PATH > /tmp/script_debug | |
| # remove eth0 which will be reconfigured as a tagged port | |
| brctl delif br0 eth0 | |
| # remove interfaces we're gonna move to other bridges | |
| brctl delif br0 wl0.1 | |
| brctl delif br0 wl0.2 | |
| # add vlans | |
| # interestingly, depending on the time passed since system boot, | |
| # vlan interfaces will be named eth0.1 or vlan1, I guess some udev rules got loaded. | |
| # so we use ip link instead of vconfig to specify a name explicitly. | |
| ip link add link eth0 name eth0.227 type vlan id 227 | |
| ip link add link eth0 name eth0.11 type vlan id 11 | |
| ip link add link eth0 name eth0.12 type vlan id 12 | |
| ip link set eth0.227 up | |
| ip link set eth0.11 up | |
| ip link set eth0.12 up | |
| # reconfigure br0, private LAN | |
| brctl addif br0 eth0.227 | |
| # set up br1, guest LAN | |
| brctl addbr br1 | |
| brctl addif br1 eth0.11 | |
| brctl addif br1 wl0.1 | |
| ip link set br1 up | |
| # set up br2, another guest LAN for IoT devices | |
| brctl addbr br2 | |
| brctl addif br2 eth0.12 | |
| brctl addif br2 wl0.2 | |
| ip link set br2 up | |
| # seems like eapd reads config from these | |
| # no need to set lan_ifname since it's already there | |
| nvram set lan_ifnames="eth1 eth2 eth3 eth4 eth5 eth6 eth0.227" | |
| nvram set lan1_ifnames="wl0.1 eth0.11" | |
| nvram set lan1_ifname="br1" | |
| nvram set lan2_ifnames="wl0.2 eth0.12" | |
| nvram set lan2_ifname="br2" | |
| # doesn't seem to affect anything, just make it align | |
| nvram set br0_ifnames="eth1 eth2 eth3 eth4 eth5 eth6 eth0.227" | |
| nvram set br1_ifnames="wl0.1 eth0.11" | |
| nvram set br1_ifname="br1" | |
| nvram set br2_ifnames="wl0.2 eth0.12" | |
| nvram set br2_ifname="br2" | |
| # we do NOT issue `nvram commit` here since it won't survive reboot anyway | |
| # is there a better way to do this like `service restart eapd` ? | |
| killall eapd | |
| eapd | |
| #echo "============== START 2 $(date) ==================" >> /jffs/scripts/log | |
| #ip a >> /jffs/scripts/log | |
| #ip r >> /jffs/scripts/log | |
| #brctl show >> /jffs/scripts/log | |
| #echo "============== END 2 $(date) ==================" >> /jffs/scripts/log |
It should work, but official firmware doesn't support JFFS custom scripts IIRC, you'll need a usb drive to run this at start.
Please help me run this script on official firmware. Thanks.
@Jimmy-Z Thanks for the script! I seem to have two issues
- On first boot, wired, I get handed the DHCP address from my router, not the VLAN and I can access the AP (rt-ac86u) just fine, but I cannot access my firewall device (pfsense)
- If I disconnect the cable and reconnect I get the correct VLAN address (227). However now I can't access the AP, but I can access my firewall.
- All of the guest wireless work fine and map to the correct VLAN, however even though they are given full access (for the moment) they also cannot see the AP either, but have no issue seeing the firewall.
- The main SSID maps to the correct VLAN 227, but same problem firewall access, but no AP.
Normal non-jffs scripted configuration works fine, obvious no VLAN tagging, but I cannot figure out what would create this scenario. This is also in a lab environment where my firewall is pulling a private IP, while I sort this out, but that hasn't created issues in the past with device that say support VLAN tagging out of the gate.
Curious if this rings any bells for how something could be misconfigured. Thanks!
To get this work on the RT-AC3100, I had to add some robocfg commands at then end. I didn't check what parts of the script are necessary for the RT-AC3100, so I just added it to the end of the script before the eapd restart. Also on RT-AC3100, eth1 and eth2 are the wifi interfaces.
# using VLAN 10, 4 is the WAN port
robocfg vlan 10 ports "4t 8t"
nvram set vlan10ports="4t 8t"
Also, for anyone wondering how to get the script to run on reboot using a USB stick and stock firmware
- ssh into the router
- copy script to jffs folder (for example I named it
setup_vlans.sh) - make script executable:
chmod +x setup_vlans.sh - set nvram variable to run script on startup:
nvram set script_usbmount="/jffs/setup_vlans.sh" nvram commit- Plug in USB drive and leave in router
- (Optional) Make a backup of the script on the usb drive so you don't lose it if you have reset your router:
mkdir -p /tmp/USB; mount /dev/sda /tmp/USB; cp /jffs/setup_vlans.sh /tmp/USB/; umount /tmp/USB
@LeeGDavis I'd be glad to help but I didn't have your problem during the period that I was using this solution, and as I said before, I don't have this setup anymore.
@jrnewell and everyone, I'd recommend only using this script (and adapt to your situation of course) if you can understand what every command does, this gist serves more like a note instead of a take and go solution.
Fantastic work! Thank you a lot @Jimmy-Z !
Got it working with RT-AX82U.
Here is full wall of text which I just copy & pasted to SSH client:
ip="10.14.15.15" # Default network static IP
vlanId1=50 # Default network VLAN ID
vlanId2=60 # Guest network 1 VLAN ID
vlanId3=70 # Guest network 2 VLAN ID
script="/jffs/scripts/services-start"
tee "${script}" > /dev/null << EOF
#!/bin/sh
# Ports in RT-AX82U:
# eth0 = LAN4
# eth1 = LAN3
# eth2 = LAN2
# eth3 = LAN1
# eth4 = WAN
# eth5 = 2.4 GHz
# eth6 = 5 GHz
# wl0.1 = Guest 1
# wl0.2 = Guest 2
# Tagged to WAN port (eth4):
# Default network: br0, vlan id ${vlanId1}
# Guest network 1: br1, vlan id ${vlanId2}
# Guest network 2: br2, vlan id ${vlanId3}
# Remove default configs
brctl delif br0 eth4
brctl delif br0 wl0.1
brctl delif br0 wl0.2
# Add VLANs
ip link add link eth4 name eth4.${vlanId1} type vlan id ${vlanId1}
ip link add link eth4 name eth4.${vlanId2} type vlan id ${vlanId2}
ip link add link eth4 name eth4.${vlanId3} type vlan id ${vlanId3}
ip link set eth4.${vlanId1} up
ip link set eth4.${vlanId2} up
ip link set eth4.${vlanId3} up
# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 eth4.${vlanId1}
nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}"
nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}"
# Guest network 1
brctl addbr br1
brctl addif br1 eth4.${vlanId2}
brctl addif br1 wl0.1
ip link set br1 up
nvram set lan1_ifnames="wl0.1 eth4.${vlanId2}"
nvram set br1_ifnames="wl0.1 eth4.${vlanId2}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set wl0.1_ap_isolate=1
wl -i wl0.1 ap_isolate 1
# Guest network 2
brctl addbr br2
brctl addif br2 eth4.${vlanId3}
brctl addif br2 wl0.2
ip link set br2 up
nvram set lan2_ifnames="wl0.2 eth4.${vlanId3}"
nvram set br2_ifnames="wl0.2 eth4.${vlanId3}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set wl0.2_ap_isolate=1
wl -i wl0.2 ap_isolate 1
# Restart eapd
killall eapd
eapd
EOF
chmod a+x "${script}"
reboot
@Knud3 , I want to do this to AX88U with pfsense as router and a managed switch passing these values. Will this script work in this scenario?
@Knud3 , I want to do this to AX88U with pfsense as router and a managed switch passing these values. Will this script work in this scenario?
Do not know about AX88U, but I have exact that setup, pfSense and HP managed switches. Works really well.
I have managed to get VLAN working on AX88U, however, I cannot login to the web interface again. Any idea how to solve this
@Jimmy-Z , I modified the script to work on AX88U and it is routing Vlans correctly, Howver, I am locked out of the router login page. Do you have any idea what could have caused this or how to fix?
Thanks alot @Jimmy-Z and @Knud3 . I made this work on AX88U. My setup is PFsense + managed switch and 3 VLAN. Here is the modified script. Just the ports are a little different but everything is the same.
#ip="10.27.27.8" # Default network static IP
vlanId1=50 # Default network VLAN ID
vlanId2=60 # Guest network 1 VLAN ID
vlanId3=70 # Guest network 2 VLAN ID
script="/jffs/scripts/services-start"
tee "${script}" > /dev/null << EOF
#!/bin/sh
# Ports in RT-AX88U:
# Physical port to interface map:
# eth0 WAN
# eth1 LAN 4
# eth2 LAN 3
# eth3 LAN 2
# eth4 LAN 1
# eth5 Bridge of LAN 5, LAN 6, LAN 7, LAN 8
# eth6 2.4 GHz Radio
# eth7 5 GHz Radio
# wl0.1 = Guest 1
# wl0.2 = Guest 2
# Tagged to WAN port (eth0):
# Default network: br0, vlan id ${vlanId1}
# Guest network 1: br1, vlan id ${vlanId2}
# Guest network 2: br2, vlan id ${vlanId3}
# Remove default configs
brctl delif br0 eth0
brctl delif br0 wl0.1
brctl delif br0 wl1.1
# Add VLANs
ip link add link eth0 name eth0.${vlanId1} type vlan id ${vlanId1}
ip link add link eth0 name eth0.${vlanId2} type vlan id ${vlanId2}
ip link add link eth0 name eth0.${vlanId3} type vlan id ${vlanId3}
ip link set eth0.${vlanId1} up
ip link set eth0.${vlanId2} up
ip link set eth0.${vlanId3} up
# Default network
#ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 eth0.${vlanId1}
nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth4 eth5 eth0.${vlanId1}"
nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth4 eth5 eth0.${vlanId1}"
# Guest network 1
brctl addbr br1
brctl addif br1 eth0.${vlanId2}
brctl addif br1 wl0.1
ip link set br1 up
nvram set lan1_ifnames="wl0.1 eth0.${vlanId2}"
nvram set br1_ifnames="wl0.1 eth0.${vlanId2}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set wl0.1_ap_isolate=1
wl -i wl0.1 ap_isolate 1
# Guest network 2
brctl addbr br2
brctl addif br2 eth0.${vlanId3}
brctl addif br2 wl1.1
ip link set br2 up
nvram set lan2_ifnames="wl1.1 eth0.${vlanId3}"
nvram set br2_ifnames="wl1.1 eth0.${vlanId3}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set wl0.2_ap_isolate=1
wl -i wl1.1 ap_isolate 1
# Restart eapd
killall eapd
eapd
EOF
chmod a+x "${script}"
reboot
@demarey-baker How were you able to get to the Web UI? I have tried this multiple times and it seems like the connected interface is not a trunk port.
Should be Pfsense (Trunk Port) > Managed Switch (Trunk Port) > Asus (Trunk Port) > SSID's tagged for VLAN traffic
@robertr1229 tell more about your setup. Especially what you mean by trunk port? pfSense do not have trunk ports nor Asus. You have Cisco switch with DTP/VTP? Maybe just tell which networks you have VLAN tagged/untagged and which ports.
@robertr1229 , yes I got the webgui to work. Make sure you set the static ipaddress for the router as part of the main vlan. My problem was that I think it would be apart of the main network so I didn't have any access even though the vlan worked. Let me know if you have any other questions. Also, which router are you using exactly?
For reference this is my setup.
PFsense native lan : 10.27.27.0/24
VLAN 50 :10.27.50.0/24
VLAN 60 :10.27.60.0/24
VLAN 70 :10.27.70.0/24
I gave Asus router static address of 10.27.50.10 before running the script and I can always address it on that. Prior to this, I was doing it from native lan and it would always lose access. Everything works fine now but the vlans normally get messed up if you change the wifi settings like passwords etc but after a reboot everything works fine.
@robertr1229 tell more about your setup. Especially what you mean by trunk port? pfSense do not have trunk ports (I have heard some rack Netgate models have, but I doubt that you have one) nor Asus. You have Cisco switch with DTP/VTP? Maybe just tell which networks you have VLAN tagged/untagged and which ports.
I think the issue is not setting a static IP before running the script. As for Trunk ports. That is not a physical port. A Trunk port is used to transmit multiple tagged VLANS on a single port or "VLAN Aware" Asus Merlin may not be able to support it but PFSense definitely can. As well as any managed switch.
I also just saw your config for the RT-AX82U. I am using the same device and will give it a try. I would like to have Trunking but I can live with just setting it up on a Native VLAN.
Yes, I know what trunk ports are used for. pfSense definately supports tagging VLANs on single physical port, but if we are really talking about 802.1Q trunking it (DTP/VTP) is Cisco proprietary protocol. Other place where trunking word is sometimes used is link aggregation ("port trunking").
This thread was all very helpful in figuring this out.
I'm on an AX-58U. For some reason, all the wifi connections (guest networks and eth5-6) work without issue. Even though I have eth0-3 configured the exact same way and on the same vlan, they are only able to reach the AX-58U and other devices connected directly to it. Wifi devices can ping the gateway, reach the internet and opnnsense settings no problem.
I've been trying things for a couple days now. I'd love any help. Thanks in advance
Script:
#!/bin/sh
ip="192.168.85.2"
vlanId1=1 # Default network VLAN ID
vlanId2=30 # Guest network 1 VLAN ID
vlanId3=20 # Guest network 2 VLAN ID
# Remove default configs
brctl delif br0 eth4
brctl delif br0 wl0.1
brctl delif br0 wl0.2
# Add VLANs
ip link add link eth4 name eth4.${vlanId1} type vlan id ${vlanId1}
ip link add link eth4 name eth4.${vlanId2} type vlan id ${vlanId2}
ip link add link eth4 name eth4.${vlanId3} type vlan id ${vlanId3}
ip link set eth4.${vlanId1} up
ip link set eth4.${vlanId2} up
ip link set eth4.${vlanId3} up
# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 eth4.${vlanId1}
nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}"
nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}"
# Guest network 1
brctl addbr br1
brctl addif br1 eth4.${vlanId2}
brctl addif br1 wl0.1
ip link set br1 up
nvram set lan1_ifnames="wl0.1 eth4.${vlanId2}"
nvram set br1_ifnames="wl0.1 eth4.${vlanId2}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set wl0.1_ap_isolate=1
wl -i wl0.1 ap_isolate 1
# Guest network 2
brctl addbr br2
brctl addif br2 eth4.${vlanId3}
brctl addif br2 wl0.2
ip link set br2 up
nvram set lan2_ifnames="wl0.2 eth4.${vlanId3}"
nvram set br2_ifnames="wl0.2 eth4.${vlanId3}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set wl0.2_ap_isolate=1
wl -i wl0.2 ap_isolate 1
# Restart eapd
killall eapd
eapd
ip a
14: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
15: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
16: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
17: eth3: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
18: eth4: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
19: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
20: eth5: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
21: eth6: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether f0:2f:74:6e:94:8c brd ff:ff:ff:ff:ff:ff
22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.85.2/24 brd 192.168.85.255 scope global br0
valid_lft forever preferred_lft forever
23: wl0.1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN group default qlen 1000
link/ether f0:2f:74:6e:94:89 brd ff:ff:ff:ff:ff:ff
24: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UNKNOWN group default qlen 1000
link/ether f0:2f:74:6e:94:8a brd ff:ff:ff:ff:ff:ff
25: eth4.1@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
26: eth4.30@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP group default
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
27: eth4.20@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2 state UP group default
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
28: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
29: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
Thanks @Jimmy-Z @Knud3 @demarey-baker !
I went with something a little different to also handle wireless restarts.
I run my RT-AX88U router in Access Point mode, with an OPNsense box upstream. Wanted to segregate the wireless networks into their own vlans.
# Physical setup
Internet
|
'-- OPNsense
|
|-- Switch 1
|-- Switch 2
'-- RT-AX88U
Scripts
Helper functions
/jffs/scripts/source/helpers.sh
#!/bin/sh
# Modes
# https://github.com/RMerl/asuswrt-merlin.ng/blob/76a3dabaf1d150c40a0ff369b4974e907d1faffb/release/src/router/shared/rtstate.h#L6
# https://github.com/RMerl/asuswrt-merlin.ng/blob/76a3dabaf1d150c40a0ff369b4974e907d1faffb/release/src/router/shared/rtstate.c#L85
fn_isAccessPointMode() {
if [[ $(nvram get sw_mode) == 3 && $(nvram get wlc_psta) == 0 ]];then
return 0
else
return 1
fi
}
fn_isRouterMode() {
if [ $(nvram get sw_mode) == 1 ];then
return 0
else
return 1
fi
}
# arg1: tag (optional)
# arg2: message
fn_logD() {
if [ "$2" == "" ]; then
logger -p debug $1
else
logger -p debug -t $1 $2
fi
}
# arg1: tag
fn_flushEbTables() {
fn_logD $1 "Flushing ebtables"
ebtables -F
}
# arg1: tag
fn_restartEapd() {
fn_logD $1 "Restarting eapd"
killall eapd
eapd
}
# arg1: tag
fn_restartWebGUI() {
fn_logD $1 "Restarting Web GUI"
service restart_httpd
}VLAN setup
/jffs/scripts/source/setup_ap_vlans.sh
#!/bin/sh
# Options:
# "services_start"
# "restart_wireless"
#
###################################################################
#
# Asus RT-AX88U (Access Point Mode)
#
# Before executing, set the following from the Web GUI:
#
# 1. Category "Wireless"
# - Tab "Wireless MAC Filter"
# - (Band) 2.4 GHz
# (Enable MAC Filter) no
# - (Band) 5 GHz
# (Enable MAC Filter) no
# - This is delegated to the upstream router and will
# prevent being locked out.
#
# 2. Category "LAN"
# - Tab "LAN IP"
# - (Get LAN IP Automatically?) no
# (IP Address) your static IP
# (Subnet Mask) 255.255.255.0
# (Default Gateway) your default gateway
# - Example
# - (Get LAN IP Automatically?) no
# (IP Address) 172.16.10.2
# (Subnet Mask) 255.255.255.0
# (Default Gateway) 172.16.10.1
# - This should match whatever is set upstream on vlan 10
#
# 3. Category "Administration"
# - Tab "System"
# - Ensure Access Restriction List is set properly or disabled
# - Tab "Operation Mode"
# - Set to "Access Point(AP) mode"
#
#### $ brctl show #### (before configuration) #####################
#
# bridge name bridge id STP enabled interfaces
# br0 8000.a036bcb34a28 no eth0
# eth1
# eth2
# eth3
# eth4
# eth5
# eth6
# eth7
# wl0.1
# wl0.2
# wl0.3
# wl1.1
# wl1.2
# wl1.3
#
#### Info #########################################################
#
# eth0 WAN
#
# eth1 Physical port 4
# eth2 Physical port 3
# eth3 Physical port 2
# eth4 Physical port 1
# eth5 Physical ports 5-8
# eth6 2.4GHz LAN
# eth7 5.0GHz LAN
#
# wl0.1 2.4GHz guest1
# wl0.2 2.4GHz guest2
# wl0.3 2.4GHz guest3
#
# wl1.1 5.0GHz guest1
# wl1.2 5.0GHz guest2
# wl1.3 5.0GHz guest3
#
#### Shooting For #################################################
#
# VLAN10 (Tag - 10) [ LAN ]
# br0 eth5 Physical ports 5-8
# eth6 2.4GHz LAN
# eth7 5.0GHz LAN
#
# VLAN20 (Tag - 20) [ Guest ]
# br1 wl0.1 2.4GHz guest1
# wl1.1 5.0GHz guest1
#
# VLAN30 (Tag - 30) [ Share ]
# br2 eth4 Physical port 1
# wl1.2 5.0GHz guest2
#
# VLAN40 (Tag - 40) [ Cameras ]
# br3 eth3 Physical port 2
# wl0.2 2.4GHz guest2
#
# VLAN50 (Tag - 50) [ IoT ]
# br4 wl0.3 2.4GHz guest3
#
# VLAN60 (Tag - 60) [ Work ]
# br5 eth2 Physical port 3
# eth1 Physical port 4
# wl1.3 5.0GHz guest3
#
#### $ brctl show #### (after configuration) #####################
#
# bridge name bridge id STP enabled interfaces
# br0 8000.a036bcb34a28 no eth0.10
# eth5
# eth6
# eth7
# br1 8000.a036bcb34a28 no eth0.20
# wl0.1
# wl1.1
# br2 8000.a036bcb34a28 no eth0.30
# eth4
# wl1.2
# br3 8000.a036bcb34a28 no eth0.40
# eth3
# wl0.2
# br4 8000.a036bcb34a28 no eth0.50
# wl0.3
# br5 8000.a036bcb34a28 no eth0.60
# eth1
# eth2
# wl1.3
#
###################################################################
source /jffs/scripts/source/helpers.sh
fn_removeEthernetFromBr0() {
brctl delif br0 eth0
brctl delif br0 eth1
brctl delif br0 eth2
brctl delif br0 eth3
brctl delif br0 eth4
# brctl delif br0 eth5
}
fn_removeWirelessFromBr0() {
# brctl delif br0 eth6
# brctl delif br0 eth7
brctl delif br0 wl0.1
brctl delif br0 wl0.2
brctl delif br0 wl0.3
brctl delif br0 wl1.1
brctl delif br0 wl1.2
brctl delif br0 wl1.3
}
fn_createVlans() {
ip link add link eth0 name eth0.10 type vlan id 10
ip link add link eth0 name eth0.20 type vlan id 20
ip link add link eth0 name eth0.30 type vlan id 30
ip link add link eth0 name eth0.40 type vlan id 40
ip link add link eth0 name eth0.50 type vlan id 50
ip link add link eth0 name eth0.60 type vlan id 60
}
fn_upVlans() {
ip link set eth0.10 up
ip link set eth0.20 up
ip link set eth0.30 up
ip link set eth0.40 up
ip link set eth0.50 up
ip link set eth0.60 up
}
fn_createBridges() {
# brctl addbr br0
brctl addbr br1
brctl addbr br2
brctl addbr br3
brctl addbr br4
brctl addbr br5
}
fn_assignEthernetToBridges() {
brctl addif br0 eth0.10
brctl addif br1 eth0.20
brctl addif br2 eth0.30
brctl addif br2 eth4
brctl addif br3 eth0.40
brctl addif br3 eth3
brctl addif br4 eth0.50
brctl addif br5 eth0.60
brctl addif br5 eth2
brctl addif br5 eth1
}
fn_assignWirelessToBridges() {
# brctl addif br0 eth6
# brctl addif br0 eth7
brctl addif br1 wl0.1
brctl addif br1 wl1.1
brctl addif br2 wl1.2
brctl addif br3 wl0.2
brctl addif br4 wl0.3
brctl addif br5 wl1.3
}
fn_upBridges() {
# ip link set br0 up
ip link set br1 up
ip link set br2 up
ip link set br3 up
ip link set br4 up
ip link set br5 up
}
fn_setNvramBr0() {
# nvram set br0_ifname="br0"
# nvram set lan_ifname="br0"
nvram set br0_ifnames="eth5 eth6 eth7 eth0.10"
nvram set lan_ifnames="eth5 eth6 eth7 eth0.10"
}
fn_setNvramBr1() {
nvram set br1_ifname="br1"
nvram set lan1_ifname="br1"
nvram set br1_ifnames="wl0.1 wl1.1 eth0.20"
nvram set lan1_ifnames="wl0.1 wl1.1 eth0.20"
}
fn_setNvramBr2() {
nvram set br2_ifname="br2"
nvram set lan2_ifname="br2"
nvram set br2_ifnames="eth4 wl1.2 eth0.30"
nvram set lan2_ifnames="eth4 wl1.2 eth0.30"
}
fn_setNvramBr3() {
nvram set br3_ifname="br3"
nvram set lan3_ifname="br3"
nvram set br3_ifnames="eth3 wl0.2 eth0.40"
nvram set lan3_ifnames="eth3 wl0.2 eth0.40"
}
fn_setNvramBr4() {
nvram set br4_ifname="br4"
nvram set lan4_ifname="br4"
nvram set br4_ifnames="wl0.3 eth0.50"
nvram set lan4_ifnames="wl0.3 eth0.50"
}
fn_setNvramBr5() {
nvram set br5_ifname="br5"
nvram set lan5_ifname="br5"
nvram set br5_ifnames="eth2 eth1 wl1.3 eth0.60"
nvram set lan5_ifnames="eth2 eth1 wl1.3 eth0.60"
}
case $1 in
# Run from services-start script
"services_start")
fn_logD "setup_ap_vlans.sh" "Configuring vlans for AP Mode"
fn_removeEthernetFromBr0
fn_removeWirelessFromBr0
fn_createVlans
fn_upVlans
fn_createBridges
fn_assignEthernetToBridges
fn_assignWirelessToBridges
fn_upBridges
fn_setNvramBr0
fn_setNvramBr1
fn_setNvramBr2
fn_setNvramBr3
fn_setNvramBr4
fn_setNvramBr5
# Restart eapd handled separately
# Flush ebtables handled separately
# Restart Web GUI handled separately
;;
# Run from service-event-end script
"restart_wireless")
fn_logD "setup_ap_vlans.sh" "Reconfiguring wireless interfaces"
# Needs a moment to settle before executing things
sleep 1
fn_removeWirelessFromBr0
fn_assignWirelessToBridges
fn_setNvramBr0
# Restart eapd handled separately
# Flush ebtables handled separately
;;
esacservices-start
/jffs/scripts/services-start
#!/bin/sh
source /jffs/scripts/source/helpers.sh
if fn_isAccessPointMode; then
/jffs/scripts/source/setup_ap_vlans.sh "services_start"
fn_restartEapd "services-start"
fn_flushEbTables "services-start"
fn_restartWebGUI "services-start"
fiservice-event-end
/jffs/scripts/service-event-end
#!/bin/sh
source /jffs/scripts/source/helpers.sh
case $1 in
"restart")
case $2 in
"wireless")
if fn_isAccessPointMode; then
/jffs/scripts/source/setup_ap_vlans.sh "restart_wireless"
fn_restartEapd "service-event-end"
fi
;;
"firewall")
if fn_isAccessPointMode; then
fn_flushEbTables "service-event-end"
fi
;;
esac
;;
esacThe restart_wireless Issue
Initially, any restart_wireless event was:
- Reassigning all wireless interfaces back to
br0# $ brctl show bridge name bridge id STP enabled interfaces br0 8000.a036bcb34a28 no eth0.10 eth5 eth6 eth7 wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3 br1 8000.a036bcb34a28 no eth0.20 br2 8000.a036bcb34a28 no eth0.30 eth4 br3 8000.a036bcb34a28 no eth0.40 eth3 br4 8000.a036bcb34a28 no eth0.50 br5 8000.a036bcb34a28 no eth0.60 eth1 eth2 - Resetting
nvramfor the following, to:lan_ifnames=eth0 eth1 eth2 eth3 eth4 eth5 eth6 eth7 wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3br0_ifnames=eth0 eth1 eth2 eth3 eth4 eth5 eth6 eth7 wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3
So intercepting it from the service-event-end script and reassigning wireless interfaces back to their original bridges fixed it. No more need to reboot after modifying something now.
Hope it helps!
This thread was all very helpful in figuring this out. I'm on an AX-58U. For some reason, all the wifi connections (guest networks and eth5-6) work without issue. Even though I have eth0-3 configured the exact same way and on the same vlan, they are only able to reach the AX-58U and other devices connected directly to it. Wifi devices can ping the gateway, reach the internet and opnnsense settings no problem. I've been trying things for a couple days now. I'd love any help. Thanks in advance
Script:
#!/bin/sh ip="192.168.85.2" vlanId1=1 # Default network VLAN ID vlanId2=30 # Guest network 1 VLAN ID vlanId3=20 # Guest network 2 VLAN ID # Remove default configs brctl delif br0 eth4 brctl delif br0 wl0.1 brctl delif br0 wl0.2 # Add VLANs ip link add link eth4 name eth4.${vlanId1} type vlan id ${vlanId1} ip link add link eth4 name eth4.${vlanId2} type vlan id ${vlanId2} ip link add link eth4 name eth4.${vlanId3} type vlan id ${vlanId3} ip link set eth4.${vlanId1} up ip link set eth4.${vlanId2} up ip link set eth4.${vlanId3} up # Default network ifconfig br0 "${ip}" netmask 255.255.255.0 brctl addif br0 eth4.${vlanId1} nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}" nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}" # Guest network 1 brctl addbr br1 brctl addif br1 eth4.${vlanId2} brctl addif br1 wl0.1 ip link set br1 up nvram set lan1_ifnames="wl0.1 eth4.${vlanId2}" nvram set br1_ifnames="wl0.1 eth4.${vlanId2}" nvram set lan1_ifname="br1" nvram set br1_ifname="br1" nvram set wl0.1_ap_isolate=1 wl -i wl0.1 ap_isolate 1 # Guest network 2 brctl addbr br2 brctl addif br2 eth4.${vlanId3} brctl addif br2 wl0.2 ip link set br2 up nvram set lan2_ifnames="wl0.2 eth4.${vlanId3}" nvram set br2_ifnames="wl0.2 eth4.${vlanId3}" nvram set lan2_ifname="br2" nvram set br2_ifname="br2" nvram set wl0.2_ap_isolate=1 wl -i wl0.2 ap_isolate 1 # Restart eapd killall eapd eapdip a
14: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 15: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 16: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 17: eth3: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 18: eth4: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 19: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 20: eth5: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 21: eth6: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:8c brd ff:ff:ff:ff:ff:ff 22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff inet 192.168.85.2/24 brd 192.168.85.255 scope global br0 valid_lft forever preferred_lft forever 23: wl0.1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN group default qlen 1000 link/ether f0:2f:74:6e:94:89 brd ff:ff:ff:ff:ff:ff 24: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UNKNOWN group default qlen 1000 link/ether f0:2f:74:6e:94:8a brd ff:ff:ff:ff:ff:ff 25: eth4.1@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 26: eth4.30@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 27: eth4.20@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 28: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 29: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
Eth4 is physically LAN or WAN?
I run my
RT-AX88Urouter in Access Point mode, with anOPNsensebox upstream. Wanted to segregate the wireless networks into their own vlans.
@05nelsonm
Could you please help me with a modified script? 🙏🏼
My setup is the same as yours... Internet -> OPNsense -> RTAX88U
I am looking for the following VLAN tagging on my AX88U, running latest Merlin software.
#
# VLAN10 (Tag - 10) [ LAN ]
# br0 eth4 Physical ports 1
# eth3 Physical ports 2
# eth2 Physical ports 3
# eth1 Physical ports 4
# eth5 Physical ports 5-8
# eth6 2.4GHz LAN
# eth7 5.0GHz LAN
#
# VLAN60 (Tag - 60) [ Guest ]
# br1 wl0.2 2.4GHz guest2
#
# All other guest wifi radios disabled
Requests:
1. Could you please help out with the scripts that work for my setup?
2. I am also running an additional AX56U (which acts as a Mesh node to the master AX88U). Would I need to change anything in the AX56U or would it just keep acting as a mesh node and use the same VLANs automatically?
Has anyone else had an issue attaching the
Asus AP LAN ports to the VLANS ?
Clients on wl interfaces come up with the correct VLAN subnet. However anything connected to the LAN ports cannot get an IP address no matter which VLAN I configure the port under. I am using an ax58 connected to a tp link managed switch.
Everything else works. Including GUI access but non of the LAN ports come up.
Any insight is appreciated
Has anyone else had an issue attaching the Asus AP LAN ports to the VLANS ? Clients on wl interfaces come up with the correct VLAN subnet. However anything connected to the LAN ports cannot get an IP address no matter which VLAN I configure the port under. I am using an ax58 connected to a tp link managed switch.
Everything else works. Including GUI access but non of the LAN ports come up. Any insight is appreciated
Here is my bridge setup
bridge name bridge id STP enabled interfaces
br0 8000.d45d649a43e0 yes eth1
eth2
eth3
eth4.80
eth5
eth6
br1 8000.d45d649a43e0 yes eth0
eth4.60
wl0.1
wl1.1
br2 8000.d45d649a43e0 yes eth4.70
wl0.2
wl1.2
This thread was all very helpful in figuring this out. I'm on an AX-58U. For some reason, all the wifi connections (guest networks and eth5-6) work without issue. Even though I have eth0-3 configured the exact same way and on the same vlan, they are only able to reach the AX-58U and other devices connected directly to it. Wifi devices can ping the gateway, reach the internet and opnnsense settings no problem. I've been trying things for a couple days now. I'd love any help. Thanks in advance
Script:
#!/bin/sh ip="192.168.85.2" vlanId1=1 # Default network VLAN ID vlanId2=30 # Guest network 1 VLAN ID vlanId3=20 # Guest network 2 VLAN ID # Remove default configs brctl delif br0 eth4 brctl delif br0 wl0.1 brctl delif br0 wl0.2 # Add VLANs ip link add link eth4 name eth4.${vlanId1} type vlan id ${vlanId1} ip link add link eth4 name eth4.${vlanId2} type vlan id ${vlanId2} ip link add link eth4 name eth4.${vlanId3} type vlan id ${vlanId3} ip link set eth4.${vlanId1} up ip link set eth4.${vlanId2} up ip link set eth4.${vlanId3} up # Default network ifconfig br0 "${ip}" netmask 255.255.255.0 brctl addif br0 eth4.${vlanId1} nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}" nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}" # Guest network 1 brctl addbr br1 brctl addif br1 eth4.${vlanId2} brctl addif br1 wl0.1 ip link set br1 up nvram set lan1_ifnames="wl0.1 eth4.${vlanId2}" nvram set br1_ifnames="wl0.1 eth4.${vlanId2}" nvram set lan1_ifname="br1" nvram set br1_ifname="br1" nvram set wl0.1_ap_isolate=1 wl -i wl0.1 ap_isolate 1 # Guest network 2 brctl addbr br2 brctl addif br2 eth4.${vlanId3} brctl addif br2 wl0.2 ip link set br2 up nvram set lan2_ifnames="wl0.2 eth4.${vlanId3}" nvram set br2_ifnames="wl0.2 eth4.${vlanId3}" nvram set lan2_ifname="br2" nvram set br2_ifname="br2" nvram set wl0.2_ap_isolate=1 wl -i wl0.2 ap_isolate 1 # Restart eapd killall eapd eapdip a
14: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 15: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 16: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 17: eth3: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 18: eth4: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 19: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 20: eth5: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 21: eth6: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:8c brd ff:ff:ff:ff:ff:ff 22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff inet 192.168.85.2/24 brd 192.168.85.255 scope global br0 valid_lft forever preferred_lft forever 23: wl0.1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN group default qlen 1000 link/ether f0:2f:74:6e:94:89 brd ff:ff:ff:ff:ff:ff 24: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UNKNOWN group default qlen 1000 link/ether f0:2f:74:6e:94:8a brd ff:ff:ff:ff:ff:ff 25: eth4.1@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 26: eth4.30@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 27: eth4.20@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 28: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 29: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
Did you ever figure out why lan ports are not running? I have the same issue
Are you sure the VLAN is configured correctly in the Netgear Switch? I have
that same switch and it took me a while to understand how the VLAN works.
If I didn't have another switch lying around I would have thought it was
something else.
Tell me how you configured the VLAN on the Netgear switch. For this to work
you need to pass through all of the VLANs to the ASUS router and then it
will then route it out correctly.
…On Mon, Feb 6, 2023 at 4:24 AM Harshpreet Singh ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
Thanks alot @Jimmy-Z <https://github.com/Jimmy-Z> and @Knud3
<https://github.com/Knud3> . I made this work on AX88U. My setup is
PFsense + managed switch and 3 VLAN. Here is the modified script. Just the
ports are a little different but everything is the same.
#ip="10.27.27.8" # Default network static IP
vlanId1=50 # Default network VLAN ID
vlanId2=60 # Guest network 1 VLAN ID
vlanId3=70 # Guest network 2 VLAN ID
script="/jffs/scripts/services-start"
tee "${script}" > /dev/null << EOF
#!/bin/sh
# Ports in RT-AX88U:
# Physical port to interface map:
# eth0 WAN
# eth1 LAN 4
# eth2 LAN 3
# eth3 LAN 2
# eth4 LAN 1
# eth5 Bridge of LAN 5, LAN 6, LAN 7, LAN 8
# eth6 2.4 GHz Radio
# eth7 5 GHz Radio
# wl0.1 = Guest 1
# wl0.2 = Guest 2
# Tagged to WAN port (eth0):
# Default network: br0, vlan id ${vlanId1}
# Guest network 1: br1, vlan id ${vlanId2}
# Guest network 2: br2, vlan id ${vlanId3}
# Remove default configs
brctl delif br0 eth0
brctl delif br0 wl0.1
brctl delif br0 wl1.1
# Add VLANs
ip link add link eth0 name eth0.${vlanId1} type vlan id ${vlanId1}
ip link add link eth0 name eth0.${vlanId2} type vlan id ${vlanId2}
ip link add link eth0 name eth0.${vlanId3} type vlan id ${vlanId3}
ip link set eth0.${vlanId1} up
ip link set eth0.${vlanId2} up
ip link set eth0.${vlanId3} up
# Default network
#ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 eth0.${vlanId1}
nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth4 eth5 eth0.${vlanId1}"
nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth4 eth5 eth0.${vlanId1}"
# Guest network 1
brctl addbr br1
brctl addif br1 eth0.${vlanId2}
brctl addif br1 wl0.1
ip link set br1 up
nvram set lan1_ifnames="wl0.1 eth0.${vlanId2}"
nvram set br1_ifnames="wl0.1 eth0.${vlanId2}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set wl0.1_ap_isolate=1
wl -i wl0.1 ap_isolate 1
# Guest network 2
brctl addbr br2
brctl addif br2 eth0.${vlanId3}
brctl addif br2 wl1.1
ip link set br2 up
nvram set lan2_ifnames="wl1.1 eth0.${vlanId3}"
nvram set br2_ifnames="wl1.1 eth0.${vlanId3}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set wl0.2_ap_isolate=1
wl -i wl1.1 ap_isolate 1
# Restart eapd
killall eapd
eapd
EOF
chmod a+x "${script}"
reboot
Hi buddy. How did you manage to connect your ASUS AP to the PFsense
box/via switch?
I'm trying the same, I just want to VLAN my Guest Networks from ASUS AP.
I've setup normal VLANS correctly with DHCP in OPNSense, and in Netgear
GS308T Managed Switch I have connected my ASUS Router/AP to PORT 5. I've
tagged Port 5 with VLAN 50 (only 1 vlan), but I can never achieve
connectivity.
Which port are you actually using from the ASUS to hookup to your switch?
I've used the WAN port (eth0) to hookup to switch. It does not work for me.
—
Reply to this email directly, view it on GitHub
<https://gist.github.com/6120988090b9696c420385e7e42c64c4#gistcomment-4461199>
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHWKBERLAKTBEYYXC33BUXTWWCU2XBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVA4TIOJQGAYTGOFHORZGSZ3HMVZKMY3SMVQXIZI>
.
You are receiving this email because you commented on the thread.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>
.
--
*Best Regards,*
*Demarey Baker *
*"Dream as you will live forever, live as you would die tomorrow."*
This thread was all very helpful in figuring this out. I'm on an AX-58U. For some reason, all the wifi connections (guest networks and eth5-6) work without issue. Even though I have eth0-3 configured the exact same way and on the same vlan, they are only able to reach the AX-58U and other devices connected directly to it. Wifi devices can ping the gateway, reach the internet and opnnsense settings no problem. I've been trying things for a couple days now. I'd love any help. Thanks in advance
Script:#!/bin/sh ip="192.168.85.2" vlanId1=1 # Default network VLAN ID vlanId2=30 # Guest network 1 VLAN ID vlanId3=20 # Guest network 2 VLAN ID # Remove default configs brctl delif br0 eth4 brctl delif br0 wl0.1 brctl delif br0 wl0.2 # Add VLANs ip link add link eth4 name eth4.${vlanId1} type vlan id ${vlanId1} ip link add link eth4 name eth4.${vlanId2} type vlan id ${vlanId2} ip link add link eth4 name eth4.${vlanId3} type vlan id ${vlanId3} ip link set eth4.${vlanId1} up ip link set eth4.${vlanId2} up ip link set eth4.${vlanId3} up # Default network ifconfig br0 "${ip}" netmask 255.255.255.0 brctl addif br0 eth4.${vlanId1} nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}" nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}" # Guest network 1 brctl addbr br1 brctl addif br1 eth4.${vlanId2} brctl addif br1 wl0.1 ip link set br1 up nvram set lan1_ifnames="wl0.1 eth4.${vlanId2}" nvram set br1_ifnames="wl0.1 eth4.${vlanId2}" nvram set lan1_ifname="br1" nvram set br1_ifname="br1" nvram set wl0.1_ap_isolate=1 wl -i wl0.1 ap_isolate 1 # Guest network 2 brctl addbr br2 brctl addif br2 eth4.${vlanId3} brctl addif br2 wl0.2 ip link set br2 up nvram set lan2_ifnames="wl0.2 eth4.${vlanId3}" nvram set br2_ifnames="wl0.2 eth4.${vlanId3}" nvram set lan2_ifname="br2" nvram set br2_ifname="br2" nvram set wl0.2_ap_isolate=1 wl -i wl0.2 ap_isolate 1 # Restart eapd killall eapd eapdip a
14: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 15: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 16: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 17: eth3: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 18: eth4: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 19: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 20: eth5: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 21: eth6: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether f0:2f:74:6e:94:8c brd ff:ff:ff:ff:ff:ff 22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff inet 192.168.85.2/24 brd 192.168.85.255 scope global br0 valid_lft forever preferred_lft forever 23: wl0.1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN group default qlen 1000 link/ether f0:2f:74:6e:94:89 brd ff:ff:ff:ff:ff:ff 24: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UNKNOWN group default qlen 1000 link/ether f0:2f:74:6e:94:8a brd ff:ff:ff:ff:ff:ff 25: eth4.1@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 26: eth4.30@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 27: eth4.20@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2 state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 28: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff 29: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ffDid you ever figure out why lan ports are not running? I have the same issue
In AC86U, if using another interface for trunk port (instead eth0), then you need to apply this command:
ethswctl -c hw-switching -o disable
Here is example with variables, so it is easier to adopt to different models.
Ports (example RT-AX82U)
eth0 = LAN4
eth1 = LAN3
eth2 = LAN2
eth3 = LAN1
eth4 = WAN
eth5 = 2.4 GHz
eth6 = 5 GHz
wl0.1 = Guest 1 (2.4 GHz)
wl0.2 = Guest 2 (2.4 GHz)
wl1.3 = Guest 3 (5 GHz)
Tagged to WAN port (for example)
Default network = br0, vlan id 50
Guest network 1 = br1, vlan id 60
Guest network 2 = br2, vlan id 70
Guest network 3 = br3, vlan id 20
Script
script="/jffs/scripts/services-start"
ip="10.14.15.15" # Default network static IP
taggedPort="eth4" # Tagged "WAN" port
otherPorts="eth0 eth1 eth2 eth3 eth5 eth6" # Other ports
guest1="wl0.1" # Guest network 1 interface
guest2="wl0.2" # Guest network 2 interface
guest3="wl1.3" # Guest network 3 interface
vlanId0=50 # Default network VLAN ID
vlanId1=60 # Guest network 1 VLAN ID
vlanId2=70 # Guest network 2 VLAN ID
vlanId3=20 # Guest network 3 VLAN ID
tee "${script}" > /dev/null << EOF
#!/bin/sh
# Remove seperate networks from default bridge
brctl delif br0 ${taggedPort}
brctl delif br0 ${guest1}
brctl delif br0 ${guest2}
brctl delif br0 ${guest3}
# Add VLANs
ip link add link ${taggedPort} name ${taggedPort}.${vlanId0} type vlan id ${vlanId0}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId1} type vlan id ${vlanId1}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId2} type vlan id ${vlanId2}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId3} type vlan id ${vlanId3}
ip link set ${taggedPort}.${vlanId0} up
ip link set ${taggedPort}.${vlanId1} up
ip link set ${taggedPort}.${vlanId2} up
ip link set ${taggedPort}.${vlanId3} up
# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 ${taggedPort}.${vlanId0}
nvram set lan_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"
nvram set br0_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"
# Guest network 1
brctl addbr br1
brctl addif br1 ${taggedPort}.${vlanId1}
brctl addif br1 ${guest1}
ip link set br1 up
nvram set lan1_ifnames="${guest1} ${taggedPort}.${vlanId1}"
nvram set br1_ifnames="${guest1} ${taggedPort}.${vlanId1}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set ${guest1}_ap_isolate=1
wl -i ${guest1} ap_isolate 1
# Guest network 2
brctl addbr br2
brctl addif br2 ${taggedPort}.${vlanId2}
brctl addif br2 ${guest2}
ip link set br2 up
nvram set lan2_ifnames="${guest2} ${taggedPort}.${vlanId2}"
nvram set br2_ifnames="${guest2} ${taggedPort}.${vlanId2}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set ${guest2}_ap_isolate=1
wl -i ${guest2} ap_isolate 1
# Guest network 3
brctl addbr br3
brctl addif br3 ${taggedPort}.${vlanId3}
brctl addif br3 ${guest3}
ip link set br3 up
nvram set lan3_ifnames="${guest3} ${taggedPort}.${vlanId3}"
nvram set br3_ifnames="${guest3} ${taggedPort}.${vlanId3}"
nvram set lan3_ifname="br3"
nvram set br3_ifname="br3"
nvram set ${guest3}_ap_isolate=1
wl -i ${guest3} ap_isolate 1
# Restart eapd
killall eapd
eapd
EOF
chmod a+x "${script}"
reboot
Here is a working version for me. Router RT-AX86u
#### Info #########################################################
# RT-AX86u
#
# eth0 Physical port WAN
# eth1 Physical port 4
# eth2 Physical port 3
# eth3 Physical port 2
# eth4 Physical port 1
# eth5 Physical port 2.5Gbe
#
# eth6 WiFi 2.4GHz
# eth7 WiFi 5.0GHz
#
# wl0.1 WiFi 2.4GHz guest1
# wl0.2 WiFi 2.4GHz guest2
# wl0.3 WiFi 2.4GHz guest3
#
# wl1.1 WiFi 5.0GHz guest1
# wl1.2 WiFi 5.0GHz guest2
# wl1.3 WiFi 5.0GHz guest3
###################################################################
#### Edit #########################################################
script="/jffs/scripts/services-start"
ip="192.168.1.100" # Default network static IP
vlanId0=10 # Default network VLAN ID
vlanId1=20 # Guest network 1 VLAN ID
vlanId2=30 # Guest network 2 VLAN ID
vlanId3=40 # Guest network 3 VLAN ID
taggedPort="eth5" # Tagged port
otherPorts="eth0 eth1 eth2 eth3 eth4 eth6 eth7" # Default network interface
guest1="wl0.1 wl1.1" # Guest network 1 interface
guest2="wl0.2 wl1.2" # Guest network 2 interface
guest3="wl0.3 wl1.3" # Guest network 3 interface
###################################################################
tee "${script}" > /dev/null << EOF
#!/bin/sh
# Fix physical ports not working
ethswctl -c hw-switching -o disable
# Remove seperate networks from default bridge
brctl delif br0 ${taggedPort}
brctl delif br0 ${guest1}
brctl delif br0 ${guest2}
brctl delif br0 ${guest3}
# Add VLANs
ip link add link ${taggedPort} name ${taggedPort}.${vlanId0} type vlan id ${vlanId0}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId1} type vlan id ${vlanId1}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId2} type vlan id ${vlanId2}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId3} type vlan id ${vlanId3}
ip link set ${taggedPort}.${vlanId0} up
ip link set ${taggedPort}.${vlanId1} up
ip link set ${taggedPort}.${vlanId2} up
ip link set ${taggedPort}.${vlanId3} up
# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 ${taggedPort}.${vlanId0}
nvram set lan_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"
nvram set br0_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"
# Guest network 1
brctl addbr br1
brctl addif br1 ${taggedPort}.${vlanId1}
brctl addif br1 ${guest1}
ip link set br1 up
nvram set lan1_ifnames="${guest1} ${taggedPort}.${vlanId1}"
nvram set br1_ifnames="${guest1} ${taggedPort}.${vlanId1}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set ${guest1}_ap_isolate=1
wl -i ${guest1} ap_isolate 1
# Guest network 2
brctl addbr br2
brctl addif br2 ${taggedPort}.${vlanId2}
brctl addif br2 ${guest2}
ip link set br2 up
nvram set lan2_ifnames="${guest2} ${taggedPort}.${vlanId2}"
nvram set br2_ifnames="${guest2} ${taggedPort}.${vlanId2}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set ${guest2}_ap_isolate=1
wl -i ${guest2} ap_isolate 1
# Guest network 3
brctl addbr br3
brctl addif br3 ${taggedPort}.${vlanId3}
brctl addif br3 ${guest3}
ip link set br3 up
nvram set lan3_ifnames="${guest3} ${taggedPort}.${vlanId3}"
nvram set br3_ifnames="${guest3} ${taggedPort}.${vlanId3}"
nvram set lan3_ifname="br3"
nvram set br3_ifname="br3"
nvram set ${guest3}_ap_isolate=1
wl -i ${guest3} ap_isolate 1
# Restart eapd
killall eapd
eapd
EOF
chmod a+x "${script}"
reboot
So I have an AC86U and AX86S on the same network connected with a TPLink switch. I setup vlan ID 227 and 11 on the AC86U and then tagged ports 1-8 on the switch for 227 and untagged 11 on port 4. Do I need to also setup VLAN 227 on the AX86U and just not setup ID 11?
I have 1x AC86 (main AP) and 2x AC68 (nodes, wired backhaul).
Does AiMesh still work?
Do I have to enable this script on the three AP's or only one the main AP (AC86)?
I have 1x AC86 (main AP) and 2x AC68 (nodes, wired backhaul).
Does AiMesh still work?
Do I have to enable this script on the three AP's or only one the main AP (AC86)?
I too have the same question. Does the script need to be run on each router (customised for each) or just on the main AP?
I have AX88U as the AP and AX56U as a AiMesh node.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks Jimmy, great work...how would i go about having 86u as a AP with vlan ssids segregating those ssid vlans to a pfsense\opnsense ??