What's new

RT-AC68u - VLANS and breaking into the PPoE and wireless

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SNB_UK

Occasional Visitor
I have an Asus AC68u, very happy with it, except I'd like a more robust firewall solution. I'd like to use Sophos UTM, which I've been trailing at home for a while.

What I have is the following :
FTTC-> TP->VDSL modem (PPoE)-> AC68u ------ LAN
.........................................-- WLAN
.........................................-- WLAN Guest

I have a few small webservers doing LAMP duty for home automation etc, IoT before the term became popular.

Now what I'd like to do is the following :

VDSL modem (PPoE)-> AC68u -- Sophos UTM -- AC68u --------- WLAN
.................................................--------- WLAN Guest
.................................................--------- IoT DMZ WLAN
.................................................-- IoT DMZ
.................................................-- LAN

I need the AC68u to do the PPoE, as there are issues with passing PPoE to the Sophos UTM (it's in a VM instance in ESXi 6).

Ideally I can segment the AC68u's switch at the back into different VLANs to achieve this, I'll put the UTM in between and pipe the UTM back into AC68u to connect back to the 2.4 and 5GHz radios. It'll be good to retain the AC68u firewall for specific VLANs, like the guest WLAN or even better, have a failover mechanism, so that if the UTM is offline, the traffic will get piped through the internal firewall.

Technically it's possible; is there a custom firmware that'll let me do that ?

Any ideas ? Any alternatives ?
 
I would think you are going to have problems with wireless if you want Sophos UTM to process wireless traffic. What about using an wireless AP. Another option is to use the Sophos UTM as the firewall router if it supports PPOE and use the AC68u as a wireless AP. I have run this same kind of setup for years using Untangle UTM but I run Untangle in a transparent bridge mode behind a router without wireless and use separate wireless APs. I also run several VLANs with certain device sharing across VLANs.
 
Hi Coxhaus,
think you're onto something there, might be cheaper and more expedient to just buy a cheap modem that can do the PPoE and then use the AC68u after the UTM.

The Sophos UTMworks fine with PPoE on a "real" pc, it doesn't work under ESXi. I suspect that ESXi is doing something funky with non-standard ethernet traffic.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top