Menu
What's new
By:
Filters Better Search

AX58U Merlin - Is it possible to subnet?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

K

kyosaur

New Around Here
Hello everyone! Im super new to networking, but im trying to learn and tinker (excuse any wrong terminology). I purchased this router and installed merlin and am using YazFi for VLANS (this cover only the wifi networks). I noticed this router only has one interface in the LAN section though, so i am having a rough time splitting my networks into subnets :(. Is this not possible to subnet? Is there another user script i could use to map other interfaces?

Edit: For further context of my setup - I have this router connected to a managed switch with vlans. I essentially just want to split my lan in half (192.168.50.0/25). The half that isnt on the same network as the router can not connect to the internet though.
 
Last edited:
kyosaur said:
Hello everyone! Im super new to networking, but im trying to learn and tinker (excuse any wrong terminology). I purchased this router and installed merlin and am using YazFi for VLANS (this cover only the wifi networks). I noticed this router only has one interface in the LAN section though, so i am having a rough time splitting my networks into subnets :(. Is this not possible to subnet? Is there another user script i could use to map other interfaces?

Edit: For further context of my setup - I have this router connected to a managed switch with vlans. I essentially just want to split my lan in half (192.168.50.0/25). The half that isnt on the same network as the router can not connect to the internet though.
Click to expand...

Search here for VLANs. If you get rid of Yazfi, you can make use of two built in (well three total) VLANs and use your switches to segment (see the Tutorial I posted). But with Yazfi or if you want more flexibility than that, you'll be getting into scripting with Merlin. I'm not sure if that router is HND or not, if it is, the scripting is more complex but still doable.

No need to subnet into /25s, you can just use multiple /24s, less confusing that way and is the same thing.
 
drinkingbird said:
Search here for VLANs. If you get rid of Yazfi, you can make use of two built in (well three total) VLANs and use your switches to segment (see the Tutorial I posted). But with Yazfi or if you want more flexibility than that, you'll be getting into scripting with Merlin. I'm not sure if that router is HND or not, if it is, the scripting is more complex but still doable.

No need to subnet into /25s, you can just use multiple /24s, less confusing that way and is the same thing.
Click to expand...

I think i want to keep the Yazfi tbh. Its really nice having the seperate wifi networks. I'll look into scripting, but its likely far over my head :(.
 
kyosaur said:
I think i want to keep the Yazfi tbh. Its really nice having the seperate wifi networks. I'll look into scripting, but its likely far over my head :(.
Click to expand...

You can have separate wifi networks with stock code. Yazfi gives you some more flexibility over the subnets etc, it is an extension of the stock guest setup, but will not work with VLANs (again, without scripting).
 
drinkingbird said:
You can have separate wifi networks with stock code. Yazfi gives you some more flexibility over the subnets etc, it is an extension of the stock guest setup, but will not work with VLANs (again, without scripting).
Click to expand...

Ok, thank you! Not only for the help, but for posting that guide. I guess I have a few questions.

1. Can i just disable Yazfi on all the guest networks, or does it need removed completely? Not sure if it does something internally to mess this up.
2. Essentially i will have 3 VLANS right. 1, 501, and 502. Lets say i have an 8 port switch plugged into my router on LAN port 1, and the router is plugged into port 1 on the switch. On that switch the only thing i want to separate is port #4. I would assign the PVID 501 to port 4, and would set that part up like this:

VLAN IDVLAN NameMember PortsTagged PortsUntagged PortsDelete
1Default1-81-8
5015011,414

is that correct, or am i missing something?

3. I guess im a little confused on what to do for the IP of the machine on port 4. Your post says there's no reservations for DHCP, so i didn't want to assign a static ip of 192.168.101.20 for example, and have DHCP accidentally asign that same ip on a different device in the future (if it works like that). When i leave it on auto assign it basically just breaks and gives a weird network tho.
 
kyosaur said:
Ok, thank you! Not only for the help, but for posting that guide. I guess I have a few questions.

1. Can i just disable Yazfi on all the guest networks, or does it need removed completely? Not sure if it does something internally to mess this up.
Click to expand...

That I'm not positive on, to be safe I'd uninstall it. Yazfi disables isolation on the stock guest wireless meaning the VLANs do not get created. I'm not sure if disabling it clears all that out. Honestly, I'd say just factory reset the router and set it up from scratch without Yazfi, as Yazfi also puts in a bunch of firewall rules, virtual interfaces, and other customizations.

kyosaur said:
2. Essentially i will have 3 VLANS right. 1, 501, and 502. Lets say i have an 8 port switch plugged into my router on LAN port 1, and the router is plugged into port 1 on the switch. On that switch the only thing i want to separate is port #4. I would assign the PVID 501 to port 4, and would set that part up like this:

VLAN IDVLAN NameMember PortsTagged PortsUntagged PortsDelete
1Default1-81-8
5015011,414

is that correct, or am i missing something?
Click to expand...

Remove port 4 from VLAN 1, it should say 1-3,5-8 under both member and untagged ports for VLAN 1 in that case. Your VLAN 501 looks correct

Having 2 VLANs untagged on a port will mix the traffic and you don't know which subnet/VLAN you'll end up in. In theory the PVID will set it straight but it can still cause problems especially with DHCP (which you're seeing). So basically only ever have 1 untagged vlan on a port, and that untagged vlan should match the PVID (whether it is a trunk port with VLAN 1 untagged or an access port with any vlan untagged).

Under PVID port 1 should be 1, and port 4 should be 501. The other ports can stay at 1 to match, just make sure to change them if/when you assign other ports to 501 or 502.
Note that 501 is associated with 2.4Ghz guest wireless 1 and 502 is associated with 5ghz guest wireless 1. So in a way they're associated with the same guest network, but you can still use both for wired devices since they will be isolated from wireless devices (just not other wired devices). Up to you how you want to divide stuff up, my 2.4Ghz guest 1 is all untrusted devices so I use that if I need to fix someone's PC and don't trust it to not have a virus. VLAN 502 is "semi-trusted" guests so I have my work laptop in there. But in reality, wireless guests are isolated from wired ones anyway, so not a big deal, that was just my way of giving it some "order". Two wired devices in the same VLAN will be able to access each other so if you don't want that, put one in 501 and one in 502.

If you want to add a bit of security for unused ports you can create a dummy vlan like 999 and put unused ports into that untagged under both VLAN and PVID. Those ports will be non-functional (other than being able to see each other) until you assign them into one of the valid VLANs.

kyosaur said:
3. I guess im a little confused on what to do for the IP of the machine on port 4. Your post says there's no reservations for DHCP, so i didn't want to assign a static ip of 192.168.101.20 for example, and have DHCP accidentally asign that same ip on a different device in the future (if it works like that). When i leave it on auto assign it basically just breaks and gives a weird network tho.
Click to expand...

Unfortunately the default DHCP range for those subnets, at least on my router with 386 code, is 2 through 254 so there are no "free" IPs for static assignments. Technically if the device is always online and pingable, it won't be a problem, DHCP pings an IP before handing it out so it won't give it out if it is pingable.

But that is all moot - the reason you're getting a weird IP is due to the dual untagged VLANs above. Fix that, and you're all set. DHCP will give it a 192.168.101.x IP. There is really not much reason to set a static IP in the guest VLANs since they are isolated and can't be accessed except by another wired device in that VLAN, and in that case you can just use hostname to access it.
 
Last edited:
drinkingbird said:
That I'm not positive on, to be safe I'd uninstall it. Yazfi disables isolation on the stock guest wireless meaning the VLANs do not get created. I'm not sure if disabling it clears all that out. Honestly, I'd say just factory reset the router and set it up from scratch without Yazfi, as Yazfi also puts in a bunch of firewall rules, virtual interfaces, and other customizations.



Remove port 4 from VLAN 1, it should say 1-3,5-8 under both member and untagged ports for VLAN 1 in that case. Your VLAN 501 looks correct

Having 2 VLANs untagged on a port will mix the traffic and you don't know which subnet/VLAN you'll end up in. In theory the PVID will set it straight but it can still cause problems especially with DHCP (which you're seeing). So basically only ever have 1 untagged vlan on a port, and that untagged vlan should match the PVID (whether it is a trunk port with VLAN 1 untagged or an access port with any vlan untagged).

Under PVID port 1 should be 1, and port 4 should be 501. The other ports can stay at 1 to match, just make sure to change them if/when you assign other ports to 501 or 502.
Note that 501 is associated with 2.4Ghz guest wireless 1 and 502 is associated with 5ghz guest wireless 1. So in a way they're associated with the same guest network, but you can still use both for wired devices since they will be isolated from wireless devices (just not other wired devices). Up to you how you want to divide stuff up, my 2.4Ghz guest 1 is all untrusted devices so I use that if I need to fix someone's PC and don't trust it to not have a virus. VLAN 502 is "semi-trusted" guests so I have my work laptop in there. But in reality, wireless guests are isolated from wired ones anyway, so not a big deal, that was just my way of giving it some "order". Two wired devices in the same VLAN will be able to access each other so if you don't want that, put one in 501 and one in 502.

If you want to add a bit of security for unused ports you can create a dummy vlan like 999 and put unused ports into that untagged under both VLAN and PVID. Those ports will be non-functional (other than being able to see each other) until you assign them into one of the valid VLANs.



Unfortunately the default DHCP range for those subnets, at least on my router with 386 code, is 2 through 254 so there are no "free" IPs for static assignments. Technically if the device is always online and pingable, it won't be a problem, DHCP pings an IP before handing it out so it won't give it out if it is pingable.

But that is all moot - the reason you're getting a weird IP is due to the dual untagged VLANs above. Fix that, and you're all set. DHCP will give it a 192.168.101.x IP. There is really not much reason to set a static IP in the guest VLANs since they are isolated and can't be accessed except by another wired device in that VLAN, and in that case you can just use hostname to access it.
Click to expand...


Awesome! I got it working. I did have to uninstall and reset the router. Its working like a charm and honestly taught me a lot (like to be careful what i change so i dont lock myself out LOL, and i understand the tagged/untagged a lot better now)! I really appreciate the help, and the time. Thank you again!
 
kyosaur said:
Awesome! I got it working. I did have to uninstall and reset the router. Its working like a charm and honestly taught me a lot (like to be careful what i change so i dont lock myself out LOL, and i understand the tagged/untagged a lot better now)! I really appreciate the help, and the time. Thank you again!
Click to expand...

Glad it is working for you. Now you can start playing with scripts to allow certain traffic between networks etc :)
 
You must log in or register to reply here.

Similar threads

H
Forwarding From Old Subset To New Subnet After Switching Subnet?
Replies
6
Views
614
ColinTaylor
C
M
Solved Weird destination ip when connecting to a subnet
Replies
3
Views
497
drinkingbird
drinkingbird
N
Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access.
Replies
3
Views
111
ColinTaylor
C
G
RT-AC86U VLAN-like modifications to guest network
Replies
19
Views
2K
pjd50
P
S
Philips Hue - LAN Port to be part of YazFi Wireless Guest Network Subnet
Replies
8
Views
831
RandomUser777
R
Similar threads
Thread starter Title Forum Replies Date
L AX58u - latest Merlin, no Traffic Statistic Asuswrt-Merlin 6
jz87 AX58U | Flashed to Merlin | Logs are Scary Asuswrt-Merlin 13
N Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access. Asuswrt-Merlin 3
X RT-AX58U sudden DNS problem - URGENT Asuswrt-Merlin 14
L Very Slow SMB over over RT-AX58U Asuswrt-Merlin 15
S RT-AX58U/RT-AX3000 Per IP Traffic Monitor Asuswrt-Merlin 2
P Error compiling for AX58U: cannot find crt1.o crti.o crtbegin.o Asuswrt-Merlin 4
S AX58U issues Asuswrt-Merlin 11
STRUZZIN Mesh Settings For AX58U Setup Asuswrt-Merlin 35
T RT-AX58U upgrade error Asuswrt-Merlin 16

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 870 (members: 20, guests: 850)
Top