Skip to content

Instantly share code, notes, and snippets.

@Jimmy-Z
Created February 28, 2019 08:42
Show Gist options
  • Star 71 You must be signed in to star a gist
  • Fork 22 You must be signed in to fork a gist
  • Save Jimmy-Z/6120988090b9696c420385e7e42c64c4 to your computer and use it in GitHub Desktop.
Save Jimmy-Z/6120988090b9696c420385e7e42c64c4 to your computer and use it in GitHub Desktop.
multi SSID with VLAN script, for ASUS AC86U with merlin
#!/bin/sh
# multi SSID with VLAN script, for ASUS AC86U with merlin
#
# setup before hand:
# set "router" to "AP Mode"
# this will put all ports and wireless in br0
# create 2 guest network
# enable Administration => System => Enable JFFS custom scripts and configs
# put this script in /jffs/scripts/, name should be "services-start"
# remember `chmod a+x services-start`
# I strongly suggest you use static IP instead of DHCP
# In my test, the "router" will pickup DHCP lease from VLAN 1 instead of VLAN 227
# reboot
# some basic info of the original AP mode:
# eth0 => WAN port
# eth1~4 => LAN port 4~1, they're reversed
# eth5 => WiFi 2.4G
# eth6 => WiFi 5G
# wl0.1, wl0.2 => WiFi 2.4G guest networks
# this setup:
# WAN port (eth0) will be repurposed as a tagged port
# LAN ports (eth1~4) and primary WiFi (eth5,6) will be on VLAN 227
# guest network 1 will be on VLAN 11
# guest network 2 will be on VLAN 12
#echo "============== START 1 $(date) ==================" >> /jffs/scripts/log
#ip a >> /jffs/scripts/log
#ip r >> /jffs/scripts/log
#brctl show >> /jffs/scripts/log
#echo "============== END 1 $(date) ==================" >> /jffs/scripts/log
# echo $PATH > /tmp/script_debug
# remove eth0 which will be reconfigured as a tagged port
brctl delif br0 eth0
# remove interfaces we're gonna move to other bridges
brctl delif br0 wl0.1
brctl delif br0 wl0.2
# add vlans
# interestingly, depending on the time passed since system boot,
# vlan interfaces will be named eth0.1 or vlan1, I guess some udev rules got loaded.
# so we use ip link instead of vconfig to specify a name explicitly.
ip link add link eth0 name eth0.227 type vlan id 227
ip link add link eth0 name eth0.11 type vlan id 11
ip link add link eth0 name eth0.12 type vlan id 12
ip link set eth0.227 up
ip link set eth0.11 up
ip link set eth0.12 up
# reconfigure br0, private LAN
brctl addif br0 eth0.227
# set up br1, guest LAN
brctl addbr br1
brctl addif br1 eth0.11
brctl addif br1 wl0.1
ip link set br1 up
# set up br2, another guest LAN for IoT devices
brctl addbr br2
brctl addif br2 eth0.12
brctl addif br2 wl0.2
ip link set br2 up
# seems like eapd reads config from these
# no need to set lan_ifname since it's already there
nvram set lan_ifnames="eth1 eth2 eth3 eth4 eth5 eth6 eth0.227"
nvram set lan1_ifnames="wl0.1 eth0.11"
nvram set lan1_ifname="br1"
nvram set lan2_ifnames="wl0.2 eth0.12"
nvram set lan2_ifname="br2"
# doesn't seem to affect anything, just make it align
nvram set br0_ifnames="eth1 eth2 eth3 eth4 eth5 eth6 eth0.227"
nvram set br1_ifnames="wl0.1 eth0.11"
nvram set br1_ifname="br1"
nvram set br2_ifnames="wl0.2 eth0.12"
nvram set br2_ifname="br2"
# we do NOT issue `nvram commit` here since it won't survive reboot anyway
# is there a better way to do this like `service restart eapd` ?
killall eapd
eapd
#echo "============== START 2 $(date) ==================" >> /jffs/scripts/log
#ip a >> /jffs/scripts/log
#ip r >> /jffs/scripts/log
#brctl show >> /jffs/scripts/log
#echo "============== END 2 $(date) ==================" >> /jffs/scripts/log
@abolians
Copy link

abolians commented Feb 6, 2023

Has anyone else had an issue attaching the Asus AP LAN ports to the VLANS ? Clients on wl interfaces come up with the correct VLAN subnet. However anything connected to the LAN ports cannot get an IP address no matter which VLAN I configure the port under. I am using an ax58 connected to a tp link managed switch.

Everything else works. Including GUI access but non of the LAN ports come up. Any insight is appreciated

Here is my bridge setup
bridge name bridge id STP enabled interfaces
br0 8000.d45d649a43e0 yes eth1
eth2
eth3
eth4.80
eth5
eth6
br1 8000.d45d649a43e0 yes eth0
eth4.60
wl0.1
wl1.1
br2 8000.d45d649a43e0 yes eth4.70
wl0.2
wl1.2

@abolians
Copy link

abolians commented Feb 6, 2023

This thread was all very helpful in figuring this out. I'm on an AX-58U. For some reason, all the wifi connections (guest networks and eth5-6) work without issue. Even though I have eth0-3 configured the exact same way and on the same vlan, they are only able to reach the AX-58U and other devices connected directly to it. Wifi devices can ping the gateway, reach the internet and opnnsense settings no problem. I've been trying things for a couple days now. I'd love any help. Thanks in advance

Script:

#!/bin/sh

ip="192.168.85.2"
vlanId1=1 # Default network VLAN ID
vlanId2=30 # Guest network 1 VLAN ID
vlanId3=20 # Guest network 2 VLAN ID


# Remove default configs
brctl delif br0 eth4
brctl delif br0 wl0.1
brctl delif br0 wl0.2

# Add VLANs
ip link add link eth4 name eth4.${vlanId1} type vlan id ${vlanId1}
ip link add link eth4 name eth4.${vlanId2} type vlan id ${vlanId2}
ip link add link eth4 name eth4.${vlanId3} type vlan id ${vlanId3}
ip link set eth4.${vlanId1} up
ip link set eth4.${vlanId2} up
ip link set eth4.${vlanId3} up

# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 eth4.${vlanId1}
nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}"
nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}"

# Guest network 1
brctl addbr br1
brctl addif br1 eth4.${vlanId2}
brctl addif br1 wl0.1
ip link set br1 up
nvram set lan1_ifnames="wl0.1 eth4.${vlanId2}"
nvram set br1_ifnames="wl0.1 eth4.${vlanId2}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set wl0.1_ap_isolate=1
wl -i wl0.1 ap_isolate 1

# Guest network 2
brctl addbr br2
brctl addif br2 eth4.${vlanId3}
brctl addif br2 wl0.2
ip link set br2 up
nvram set lan2_ifnames="wl0.2 eth4.${vlanId3}"
nvram set br2_ifnames="wl0.2 eth4.${vlanId3}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set wl0.2_ap_isolate=1
wl -i wl0.2 ap_isolate 1

# Restart eapd
killall eapd
eapd

ip a

14: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
15: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
16: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
17: eth3: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
18: eth4: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
19: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
20: eth5: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
21: eth6: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:8c brd ff:ff:ff:ff:ff:ff
22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.85.2/24 brd 192.168.85.255 scope global br0
       valid_lft forever preferred_lft forever
23: wl0.1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN group default qlen 1000
    link/ether f0:2f:74:6e:94:89 brd ff:ff:ff:ff:ff:ff
24: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UNKNOWN group default qlen 1000
    link/ether f0:2f:74:6e:94:8a brd ff:ff:ff:ff:ff:ff
25: eth4.1@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
26: eth4.30@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
27: eth4.20@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2 state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
28: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
29: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff

Did you ever figure out why lan ports are not running? I have the same issue

@demarey-baker
Copy link

demarey-baker commented Feb 6, 2023 via email

@lnpbr
Copy link

lnpbr commented Feb 6, 2023

This thread was all very helpful in figuring this out. I'm on an AX-58U. For some reason, all the wifi connections (guest networks and eth5-6) work without issue. Even though I have eth0-3 configured the exact same way and on the same vlan, they are only able to reach the AX-58U and other devices connected directly to it. Wifi devices can ping the gateway, reach the internet and opnnsense settings no problem. I've been trying things for a couple days now. I'd love any help. Thanks in advance
Script:

#!/bin/sh

ip="192.168.85.2"
vlanId1=1 # Default network VLAN ID
vlanId2=30 # Guest network 1 VLAN ID
vlanId3=20 # Guest network 2 VLAN ID


# Remove default configs
brctl delif br0 eth4
brctl delif br0 wl0.1
brctl delif br0 wl0.2

# Add VLANs
ip link add link eth4 name eth4.${vlanId1} type vlan id ${vlanId1}
ip link add link eth4 name eth4.${vlanId2} type vlan id ${vlanId2}
ip link add link eth4 name eth4.${vlanId3} type vlan id ${vlanId3}
ip link set eth4.${vlanId1} up
ip link set eth4.${vlanId2} up
ip link set eth4.${vlanId3} up

# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 eth4.${vlanId1}
nvram set lan_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}"
nvram set br0_ifnames="eth0 eth1 eth2 eth3 eth5 eth6 eth4.${vlanId1}"

# Guest network 1
brctl addbr br1
brctl addif br1 eth4.${vlanId2}
brctl addif br1 wl0.1
ip link set br1 up
nvram set lan1_ifnames="wl0.1 eth4.${vlanId2}"
nvram set br1_ifnames="wl0.1 eth4.${vlanId2}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set wl0.1_ap_isolate=1
wl -i wl0.1 ap_isolate 1

# Guest network 2
brctl addbr br2
brctl addif br2 eth4.${vlanId3}
brctl addif br2 wl0.2
ip link set br2 up
nvram set lan2_ifnames="wl0.2 eth4.${vlanId3}"
nvram set br2_ifnames="wl0.2 eth4.${vlanId3}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set wl0.2_ap_isolate=1
wl -i wl0.2 ap_isolate 1

# Restart eapd
killall eapd
eapd

ip a

14: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
15: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
16: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
17: eth3: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
18: eth4: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
19: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
20: eth5: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
21: eth6: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether f0:2f:74:6e:94:8c brd ff:ff:ff:ff:ff:ff
22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.85.2/24 brd 192.168.85.255 scope global br0
       valid_lft forever preferred_lft forever
23: wl0.1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN group default qlen 1000
    link/ether f0:2f:74:6e:94:89 brd ff:ff:ff:ff:ff:ff
24: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UNKNOWN group default qlen 1000
    link/ether f0:2f:74:6e:94:8a brd ff:ff:ff:ff:ff:ff
25: eth4.1@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
26: eth4.30@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
27: eth4.20@eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2 state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
28: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff
29: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether f0:2f:74:6e:94:88 brd ff:ff:ff:ff:ff:ff

Did you ever figure out why lan ports are not running? I have the same issue

In AC86U, if using another interface for trunk port (instead eth0), then you need to apply this command:

ethswctl -c hw-switching -o disable

@Knud3
Copy link

Knud3 commented Feb 17, 2023

Here is example with variables, so it is easier to adopt to different models.

Ports (example RT-AX82U)

eth0 = LAN4
eth1 = LAN3
eth2 = LAN2
eth3 = LAN1
eth4 = WAN
eth5 = 2.4 GHz
eth6 = 5 GHz
wl0.1 = Guest 1 (2.4 GHz)
wl0.2 = Guest 2 (2.4 GHz)
wl1.3 = Guest 3 (5 GHz)

Tagged to WAN port (for example)

Default network = br0, vlan id 50
Guest network 1 = br1, vlan id 60
Guest network 2 = br2, vlan id 70
Guest network 3 = br3, vlan id 20

Script

script="/jffs/scripts/services-start"
ip="10.14.15.15" # Default network static IP
taggedPort="eth4" # Tagged "WAN" port
otherPorts="eth0 eth1 eth2 eth3 eth5 eth6" # Other ports
guest1="wl0.1" # Guest network 1 interface
guest2="wl0.2" # Guest network 2 interface
guest3="wl1.3" # Guest network 3 interface
vlanId0=50 # Default network VLAN ID
vlanId1=60 # Guest network 1 VLAN ID
vlanId2=70 # Guest network 2 VLAN ID
vlanId3=20 # Guest network 3 VLAN ID

tee "${script}" > /dev/null << EOF
#!/bin/sh

# Remove seperate networks from default bridge
brctl delif br0 ${taggedPort}
brctl delif br0 ${guest1}
brctl delif br0 ${guest2}
brctl delif br0 ${guest3}

# Add VLANs
ip link add link ${taggedPort} name ${taggedPort}.${vlanId0} type vlan id ${vlanId0}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId1} type vlan id ${vlanId1}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId2} type vlan id ${vlanId2}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId3} type vlan id ${vlanId3}
ip link set ${taggedPort}.${vlanId0} up
ip link set ${taggedPort}.${vlanId1} up
ip link set ${taggedPort}.${vlanId2} up
ip link set ${taggedPort}.${vlanId3} up

# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 ${taggedPort}.${vlanId0}
nvram set lan_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"
nvram set br0_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"

# Guest network 1
brctl addbr br1
brctl addif br1 ${taggedPort}.${vlanId1}
brctl addif br1 ${guest1}
ip link set br1 up
nvram set lan1_ifnames="${guest1} ${taggedPort}.${vlanId1}"
nvram set br1_ifnames="${guest1} ${taggedPort}.${vlanId1}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set ${guest1}_ap_isolate=1
wl -i ${guest1} ap_isolate 1

# Guest network 2
brctl addbr br2
brctl addif br2 ${taggedPort}.${vlanId2}
brctl addif br2 ${guest2}
ip link set br2 up
nvram set lan2_ifnames="${guest2} ${taggedPort}.${vlanId2}"
nvram set br2_ifnames="${guest2} ${taggedPort}.${vlanId2}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set ${guest2}_ap_isolate=1
wl -i ${guest2} ap_isolate 1

# Guest network 3
brctl addbr br3
brctl addif br3 ${taggedPort}.${vlanId3}
brctl addif br3 ${guest3}
ip link set br3 up
nvram set lan3_ifnames="${guest3} ${taggedPort}.${vlanId3}"
nvram set br3_ifnames="${guest3} ${taggedPort}.${vlanId3}"
nvram set lan3_ifname="br3"
nvram set br3_ifname="br3"
nvram set ${guest3}_ap_isolate=1
wl -i ${guest3} ap_isolate 1

# Restart eapd
killall eapd
eapd
EOF

chmod a+x "${script}"
reboot

@DervilRus
Copy link

DervilRus commented Feb 19, 2023

Here is a working version for me. Router RT-AX86u

#### Info #########################################################
#                             RT-AX86u
#
# eth0		Physical port WAN
# eth1		Physical port 4
# eth2		Physical port 3
# eth3		Physical port 2
# eth4		Physical port 1
# eth5		Physical port 2.5Gbe
#
# eth6		WiFi 2.4GHz 
# eth7		WiFi 5.0GHz 
#
# wl0.1		WiFi 2.4GHz guest1
# wl0.2		WiFi 2.4GHz guest2
# wl0.3		WiFi 2.4GHz guest3
#
# wl1.1		WiFi 5.0GHz guest1
# wl1.2		WiFi 5.0GHz guest2
# wl1.3		WiFi 5.0GHz guest3
###################################################################

#### Edit #########################################################
script="/jffs/scripts/services-start"
ip="192.168.1.100" # Default network static IP
vlanId0=10 # Default network VLAN ID
vlanId1=20 # Guest network 1 VLAN ID
vlanId2=30 # Guest network 2 VLAN ID
vlanId3=40 # Guest network 3 VLAN ID
taggedPort="eth5" # Tagged port
otherPorts="eth0 eth1 eth2 eth3 eth4 eth6 eth7" # Default network interface
guest1="wl0.1 wl1.1" # Guest network 1 interface
guest2="wl0.2 wl1.2" # Guest network 2 interface
guest3="wl0.3 wl1.3" # Guest network 3 interface
###################################################################


tee "${script}" > /dev/null << EOF
#!/bin/sh

# Fix physical ports not working
ethswctl -c hw-switching -o disable

# Remove seperate networks from default bridge
brctl delif br0 ${taggedPort}
brctl delif br0 ${guest1}
brctl delif br0 ${guest2}
brctl delif br0 ${guest3}

# Add VLANs
ip link add link ${taggedPort} name ${taggedPort}.${vlanId0} type vlan id ${vlanId0}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId1} type vlan id ${vlanId1}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId2} type vlan id ${vlanId2}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId3} type vlan id ${vlanId3}
ip link set ${taggedPort}.${vlanId0} up
ip link set ${taggedPort}.${vlanId1} up
ip link set ${taggedPort}.${vlanId2} up
ip link set ${taggedPort}.${vlanId3} up

# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 ${taggedPort}.${vlanId0}
nvram set lan_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"
nvram set br0_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"

# Guest network 1
brctl addbr br1
brctl addif br1 ${taggedPort}.${vlanId1}
brctl addif br1 ${guest1}
ip link set br1 up
nvram set lan1_ifnames="${guest1} ${taggedPort}.${vlanId1}"
nvram set br1_ifnames="${guest1} ${taggedPort}.${vlanId1}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set ${guest1}_ap_isolate=1
wl -i ${guest1} ap_isolate 1

# Guest network 2
brctl addbr br2
brctl addif br2 ${taggedPort}.${vlanId2}
brctl addif br2 ${guest2}
ip link set br2 up
nvram set lan2_ifnames="${guest2} ${taggedPort}.${vlanId2}"
nvram set br2_ifnames="${guest2} ${taggedPort}.${vlanId2}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set ${guest2}_ap_isolate=1
wl -i ${guest2} ap_isolate 1

# Guest network 3
brctl addbr br3
brctl addif br3 ${taggedPort}.${vlanId3}
brctl addif br3 ${guest3}
ip link set br3 up
nvram set lan3_ifnames="${guest3} ${taggedPort}.${vlanId3}"
nvram set br3_ifnames="${guest3} ${taggedPort}.${vlanId3}"
nvram set lan3_ifname="br3"
nvram set br3_ifname="br3"
nvram set ${guest3}_ap_isolate=1
wl -i ${guest3} ap_isolate 1

# Restart eapd
killall eapd
eapd
EOF

chmod a+x "${script}"
reboot

@eblieb
Copy link

eblieb commented Mar 20, 2023

So I have an AC86U and AX86S on the same network connected with a TPLink switch. I setup vlan ID 227 and 11 on the AC86U and then tagged ports 1-8 on the switch for 227 and untagged 11 on port 4. Do I need to also setup VLAN 227 on the AX86U and just not setup ID 11?

@sammyke007
Copy link

I have 1x AC86 (main AP) and 2x AC68 (nodes, wired backhaul).
Does AiMesh still work?
Do I have to enable this script on the three AP's or only one the main AP (AC86)?

@gspannu
Copy link

gspannu commented May 10, 2023

I have 1x AC86 (main AP) and 2x AC68 (nodes, wired backhaul).
Does AiMesh still work?
Do I have to enable this script on the three AP's or only one the main AP (AC86)?

I too have the same question. Does the script need to be run on each router (customised for each) or just on the main AP?
I have AX88U as the AP and AX56U as a AiMesh node.

@awagdi0
Copy link

awagdi0 commented Nov 18, 2023

Hello,
I have the same MESH Qs. How can I get this nice VLAN script to work within wired-connected ASUS MESH routers?

@moonpie2000
Copy link

moonpie2000 commented Jan 5, 2024

bump - I have a successful AP VLAN setup with AX88U and AX3000 not in mesh mode. I currently have simple Guest 1 as VLAN 10 and Guest 2 as VLAN 20. If I were to put APs in mesh mode with wired backhaul what would the default traffic look like? Also while I am writting does anyone have a location where I can find a list of NVRAM variables. I notieced I have a some that I am curious about i.e. wl_vif*; wl0.4_ifname, etc.

@FragRot
Copy link

FragRot commented Feb 6, 2024

ASUS router with Asuswrt-Merlin in AP mode and VLAN configured in services-start.sh script can be connected directly to pfSense without managed switch and will work as configured?

@DervilRus
Copy link

ASUS router with Asuswrt-Merlin in AP mode and VLAN configured in services-start.sh script can be connected directly to pfSense without managed switch and will work as configured?

For these purposes, it would be better to use something in openwrt, but yes, it will work that way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment