AC56U how to add bridges with DHCP servers?

jea101

Regular Contributor
I recently purchased an ASUS RT-AC56U. I have 376.47 Merlin firmware installed. I would like to use separate VLANs for wired, home wireless and guest wireless. Each needs to have its own IPv4 plus IPv6 subnet and DHCP/DHCPV6 server. Currently I have this setup on a TP-LINK router running Openwrt. Openwrt also manages my HE 6in4 tunnel and updates my WAN IP address if it changes. I would like to replace the TP-LINK router with the AC56U. Is there something that explains the CLI commands to configure multiple bridges, VLANs and DHCP servers? I also want it survive a reboot.

It appears that eth1 and eth2 are the wireless interfaces. Which one is the 5GHz?
 

RMerlin

Asuswrt-Merlin dev
I recently purchased an ASUS RT-AC56U. I have 376.47 Merlin firmware installed. I would like to use separate VLANs for wired, home wireless and guest wireless. Each needs to have its own IPv4 plus IPv6 subnet and DHCP/DHCPV6 server. Currently I have this setup on a TP-LINK router running Openwrt. Openwrt also manages my HE 6in4 tunnel and updates my WAN IP address if it changes. I would like to replace the TP-LINK router with the AC56U. Is there something that explains the CLI commands to configure multiple bridges, VLANs and DHCP servers? I also want it survive a reboot.

It appears that eth1 and eth2 are the wireless interfaces. Which one is the 5GHz?

eth2 is the 5 GHz band.
 

coldwizard

Regular Contributor
This sounds like a solution to a problem ...
Could you explain what is the problem you are solving with the multiple vlans? Maybe Merlin's firmware does it a different way.

For example, if the purpose of the vlan for the guest wireless was to give only Internet access to them, and prevent access to the lan. Then the Guest Network configuration provides Internet connection for guests but restricts access to your Intranet (wired lan).
 

jea101

Regular Contributor
The VLANs are to allow connecting to a second router (via MOCA) to provide better wireless coverage without the speed penalty of a repeater setup (same SSID different N channels).
I have managed to configure the VLANs and bridges.
Bridge 1 and VLAN 7 are the home wireless
Bridge 2 and VLAN 5 are guest
Bridge 0 and VLAN 3 are the wired network
Switch port 2(3) is for untagged home wireless
Switch port 4(5) is for tagged VLANs via MOCA to the other router
At this time I have two problems.
1 I am missing some firewall and or routing rules to allow br1 to WAN (I haven’t done anything for br2 to WAN)
2 When I move either eth0 or w10.1 to either bridge Windows 7 cannot associate with it unless security is set to open
Code:
ls
services-start  test            test2           test3
[email protected]:/jffs/scripts# cat services-start
#!/bin/sh
touch /tmp/000brstarted
# add vlan 3 to eth0
ip link add link eth0 name eth0.3 type vlan id 3
ip link set dev eth0.3 up
# add vlan 5 to eth0
ip link add link eth0 name eth0.5 type vlan id 5
ip link set dev eth0.5 up
# add vlan 7 to eth0
ip link add link eth0 name eth0.7 type vlan id 7
ip link set dev eth0.7 up
#
# brctl delif br0 wl0.1
# brctl delif br0 eth1
brctl addbr br1
# brctl addif br1 eth1
brctl addif br1 eth0.7
ifconfig br1 172.xx.yyy.1 netmask 255.255.255.0 broadcast 172.xx.yyy.255
brctl addbr br2
# brctl addif br2 wl0.1
brctl addif br2 eth0.5
robocfg vlan 1 ports "0 1 3t 5t"
robocfg vlan 7 ports "2 3t 5t"
robocfg vlan 3 ports "3t 5t"
robocfg vlan 5 ports "3t 5t"
ebtables -t broute -I BROUTING -p IPv4 -i br1 --ip-dst 172.xx.yyy.0/24 --ip-proto tcp -j DROP
ebtables -t filter -I FORWARD -i br1 -o ! eth0 -j DROP
ebtables -t filter -I FORWARD -i ! eth0 -o br1 -j DROP
exit
#
[email protected]:/jffs/scripts# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.bcee7b310780       yes             vlan1
                                                        eth1
                                                        eth2
br1             8000.bcee7b310781       no              eth0.7
                                                        wl0.1
br2             8000.c86c8736f830       no              eth0.5
[email protected]:/jffs/scripts# robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:25:22:bf:34:5c
Port 1:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 2:  100FD enabled stp: none vlan: 7 jumbo: off mac: 00:13:3b:0f:0d:06
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4:  100FD enabled stp: none vlan: 2 jumbo: off mac: 00:01:5c:24:b0:81
Port 8:   DOWN enabled stp: none vlan: 2 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 0 1 3t 5t
   2: vlan2: 4 5
   3: vlan3: 3t 5t
   5: vlan5: 3t 5t
   7: vlan7: 2 3t 5t
  56: vlan56: 1 2 4t 8u
  57: vlan57: 0t 3 5t 8t
  58: vlan58: 1 5t 8u
  59: vlan59: 0t 1 2 3 4t
  60: vlan60: 0 1 2t 3t 5 7
  61: vlan61: 0 1t 2 3 4 5 7t 8u
  62: vlan62: 0 1 2 3t 7t 8u
[email protected]:/jffs/scripts# ifconfig -a
br0        Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet addr:192.168.zzz.1  Bcast:192.168.zzz.255  Mask:255.255.255.0
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           inet6 addr: 2001:470:bccf:1::1/64 Scope:Global
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:94061 errors:0 dropped:0 overruns:0 frame:0
           TX packets:55029 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:18613937 (17.7 MiB)  TX bytes:35959438 (34.2 MiB)

br1        Link encap:Ethernet  HWaddr BC:EE:7B:31:07:81
           inet addr:172.xx.yyy.1  Bcast:172.xx.yyy.255  Mask:255.255.255.0
           inet6 addr: fe80::ca6c:87ff:fe36:f830/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:11003 errors:0 dropped:0 overruns:0 frame:0
           TX packets:4663 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:720351 (703.4 KiB)  TX bytes:208254 (203.3 KiB)

br2        Link encap:Ethernet  HWaddr C8:6C:87:36:F8:30
           BROADCAST MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0       Link encap:Ethernet  HWaddr C8:6C:87:36:F8:30
           inet addr:65.34.0.134  Bcast:65.34.15.255  Mask:255.255.240.0
           inet6 addr: fe80::ca6c:87ff:fe36:f830/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:612943 errors:0 dropped:0 overruns:0 frame:0
           TX packets:113139 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:83972734 (80.0 MiB)  TX bytes:47535966 (45.3 MiB)
           Interrupt:179 Base address:0x4000

eth0.3     Link encap:Ethernet  HWaddr C8:6C:87:36:F8:30
           inet6 addr: fe80::ca6c:87ff:fe36:f830/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:228 (228.0 B)

eth0.5     Link encap:Ethernet  HWaddr C8:6C:87:36:F8:30
           inet6 addr: fe80::ca6c:87ff:fe36:f830/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:228 (228.0 B)

eth0.7     Link encap:Ethernet  HWaddr C8:6C:87:36:F8:30
           inet6 addr: fe80::ca6c:87ff:fe36:f830/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:20435 errors:0 dropped:0 overruns:0 frame:0
           TX packets:6544 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:4704443 (4.4 MiB)  TX bytes:342268 (334.2 KiB)

eth1       Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:1724 errors:0 dropped:0 overruns:0 frame:5610
           TX packets:61392 errors:10 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:426525 (416.5 KiB)  TX bytes:16127266 (15.3 MiB)
           Interrupt:163

eth2       Link encap:Ethernet  HWaddr BC:EE:7B:31:07:84
           inet6 addr: fe80::beee:7bff:fe31:784/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:38223 errors:0 dropped:0 overruns:0 frame:7793
           TX packets:93704 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:5895755 (5.6 MiB)  TX bytes:33746863 (32.1 MiB)
           Interrupt:169

lo         Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:1869 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1869 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:381436 (372.4 KiB)  TX bytes:381436 (372.4 KiB)

sit0       Link encap:IPv6-in-IPv4
           NOARP  MTU:1480  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

v6in4      Link encap:IPv6-in-IPv4
           inet6 addr: 2001:470:1f0e:1134::2/64 Scope:Global
           inet6 addr: fe80::4122:86/128 Scope:Link
           UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
           RX packets:4077 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2513 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:4398727 (4.1 MiB)  TX bytes:396306 (387.0 KiB)

vlan1      Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:83873 errors:0 dropped:0 overruns:0 frame:0
           TX packets:63398 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:17500797 (16.6 MiB)  TX bytes:33087093 (31.5 MiB)

vlan2      Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet6 addr: fe80::beee:7bff:fe31:780/128 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:228 (228.0 B)

wl0.1      Link encap:Ethernet  HWaddr BC:EE:7B:31:07:81
           inet6 addr: fe80::beee:7bff:fe31:781/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:4829 errors:0 dropped:0 overruns:0 frame:5610
           TX packets:14782 errors:1 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:309777 (302.5 KiB)  TX bytes:2827088 (2.6 MiB)

[email protected]:/jffs/scripts#
 
Last edited:

coldwizard

Regular Contributor
The VLANs are to allow connecting to a second router (via MOCA) to provide better wireless coverage without the speed penalty of a repeater setup (same SSID different N channels).

....

[/code]

I stopped reading there because the rest appears to be implementation details and I asked for the problem description.

From the above problem...
I assume MOCA is ethernet over coax.

To extend the main wireless without speed penalty, you just need a wireless access point connected to the network by ethernet.
1) just configure the second router as a wireless access point, DHCP server on it disabled, with SSID and wireless channel as you wish.
2) connect a lan port on the access point to a lan port on the main router (asus) via the MOCA connection.

Did you want to add more details to the problem description?
 

jea101

Regular Contributor
what else do I need to change to move wireless bridge?

Currently I have three isolated networks each with its own subnet and DHCP server. The wired network is assigned to VLAN3. The private wireless network is assigned to VLAN7. The guest network is assigned to VLAN5. I am running the latest version of Openwrt on two TP-Link routers. Each router has one “LAN” port tagged in VLAN 3,5 and7. These tagged ports are connected to each other via MOCA 1.1 coax to Ethernet adapters.
The “main’ router has its WAN port connected to a cable modem and provides Internet (and DHCP) for all three subnets. It also manages my HE 6in4 tunnel.

The second router has all three subnets and is acting as an access point for both wireless networks (same SSID different N channels).
What I would like to do is replace the “main” router with the AC56U and maintain the three subnets.

I have created the three VLANs (on eth0).
I created bridges br1 and br2.
I added eth0.7 (vlan7) br1 and eth0.5 (vlan5) to br2. It wasn’t necessary to add eth0.3 (vlan3) to br0. My educated guess is that is included in the existing vlan1.
I added DHPC servers for br1 and br2.
I added firewall rules for br1 and br2 which allow them to be used.
I assigned port 3(4) tagged in VLAN 3,5 and 7
I didn’t add anything to ebtables.

Everything including the DHCP servers and the tagged VLANs to the second router is working wired.

However if I move either w10.1 (guest) or eth0 (private wireless) to br1 or br2 Windows 7 can’t connect wirelessly unless security is set to 0pen. My educated guess is something else needs to be changed when moving a wireless but I haven’t been able to find an example.
cat firewall-start
Code:
#!/bin/sh
touch /tmp/002fwstarted
iptables -I INPUT -i br1 -j ACCEPT
iptables -I FORWARD -i br1 -j ACCEPT
iptables -I INPUT -i br2 -j ACCEPT
iptables -I FORWARD -i br2 -j ACCEPT
exit
#
cat services-start
Code:
#!/bin/sh
touch /tmp/000brstarted
# add vlan 3 to eth0
ip link add link eth0 name eth0.3 type vlan id 3
ip link set dev eth0.3 up
# add vlan 5 to eth0
ip link add link eth0 name eth0.5 type vlan id 5
ip link set dev eth0.5 up
# add vlan 7 to eth0
ip link add link eth0 name eth0.7 type vlan id 7
ip link set dev eth0.7 up
#
# brctl delif br0 wl0.1
# brctl delif br0 eth1
brctl addbr br1
# brctl addif br1 eth1
brctl addif br1 eth0.7
ifconfig br1 172.xx.yyy.1 netmask 255.255.255.0 broadcast 172.xx.yyy.255
brctl addbr br2
ifconfig br2 192.168.25.1 netmask 255.255.255.0 broadcast 192.168.www.255
# brctl addif br2 wl0.1
brctl addif br2 eth0.5
robocfg vlan 1 ports "0 3t 5t"
robocfg vlan 3 ports "1 3t 5t"
robocfg vlan 7 ports "2 3t 5t"
robocfg vlan 5 ports "3t 5t"
exit
#
dnsmasq.conf.add
Code:
interface=br1
dhcp-range=br1,172.xx.yyy.31,172.xx.yyy.60,255.255.255.0,86400s
dhcp-option=br1,3,172.xx.yyy.1
dhcp-option=br1,6,172.xx.yyy.250,172.xx.yyy.251,172.xx.yyy.1
interface=br2
dhcp-range=br2,192.168.www.31,192.168.www.60,255.255.255.0,7200s
dhcp-option=br2,3,192.168.www.1
dhcp-option=br3,6,65.32,5,111,65.32,5,112,192.168.www.1
#

Code:
robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:25:31:00:ba:97
Port 1:   DOWN enabled stp: none vlan: 3 jumbo: off mac: 00:00:00:00:00:00
Port 2: 1000FD enabled stp: none vlan: 7 jumbo: off mac: 80:3f:5d:08:67:2e
Port 3: 1000FD enabled stp: none vlan: 1 jumbo: off mac: ec:43:f6:6f:0e:58
Port 4:  100FD enabled stp: none vlan: 2 jumbo: off mac: 00:01:5c:24:b0:81
Port 8:   DOWN enabled stp: none vlan: 2 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 0 3t 5t
   2: vlan2: 4 5
   3: vlan3: 1 3t 5t
   5: vlan5: 3t 5t
   7: vlan7: 2 3t 5t
  56: vlan56: 1 2 4t 8u
  57: vlan57: 0t 3 5t 8t
  58: vlan58: 1 5t 8u
  59: vlan59: 0t 1 2 3 4t
  60: vlan60: 0 1 2t 3t 5 7
  61: vlan61: 0 1t 2 3 4 5 7t 8u
  62: vlan62: 0 1 2 3t 7t 8u

Code:
brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.bcee7b310780       yes             vlan1
                                                        eth1
                                                        eth2
                                                        wl0.1
br1             8000.bcee7b310780       no              eth0.7
br2             8000.bcee7b310780       no              eth0.5

Code:
ifconfig -a
br0        Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet addr:192.168.zzz.1  Bcast:192.168.zzz.255  Mask:255.255.255.0
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           inet6 addr: 2001:470:abcd:1::1/64 Scope:Global
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:3931 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1500 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:967609 (944.9 KiB)  TX bytes:266265 (260.0 KiB)

br1        Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet addr:172.xx.yyy.1  Bcast:172.xx.yyy.255  Mask:255.255.255.0
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:7036 errors:0 dropped:0 overruns:0 frame:0
           TX packets:6242 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:790542 (772.0 KiB)  TX bytes:2143813 (2.0 MiB)

br2        Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet addr:192.168.www.1  Bcast:192.168.www.255  Mask:255.255.255.0
           inet6 addr: fe80::4ce6:c7ff:fe92:431/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:10 errors:0 dropped:0 overruns:0 frame:0
           TX packets:144 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:420 (420.0 B)  TX bytes:17846 (17.4 KiB)

eth0       Link encap:Ethernet  HWaddr C8:6C:87:36:F8:30
           inet addr:65.34.12.226  Bcast:65.34.15.255  Mask:255.255.240.0
           inet6 addr: fe80::ca6c:87ff:fe36:f830/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:30863 errors:0 dropped:0 overruns:0 frame:0
           TX packets:8917 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:3882987 (3.7 MiB)  TX bytes:2874997 (2.7 MiB)
           Interrupt:179 Base address:0x4000

eth0.3     Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:15 errors:0 dropped:0 overruns:0 frame:0
           TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:840 (840.0 B)  TX bytes:342 (342.0 B)

eth0.5     Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
           RX packets:45 errors:0 dropped:0 overruns:0 frame:0
           TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:3120 (3.0 KiB)  TX bytes:2532 (2.4 KiB)

eth0.7     Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
           RX packets:7784 errors:0 dropped:0 overruns:0 frame:0
           TX packets:6137 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:1063547 (1.0 MiB)  TX bytes:2153504 (2.0 MiB)

eth1       Link encap:Ethernet  HWaddr BC:EE:7B:31:07:80
           inet6 addr: fe80::beee:7bff:fe31:780/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:9415
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
           Interrupt:163

eth2       Link encap:Ethernet  HWaddr BC:EE:7B:31:07:84
           inet6 addr: fe80::beee:7bff:fe31:784/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:92
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
           Interrupt:169

lo         Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:266 errors:0 dropped:0 overruns:0 frame:0
           TX packets:266 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:57799 (56.4 KiB)  TX bytes:57799 (56.4 KiB)

sit0       Link encap:IPv6-in-IPv4
           NOARP  MTU:1480  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

v6in4      Link encap:IPv6-in-IPv4
           inet6 addr: 2001:470:1f0e:1134::2/64 Scope:Global
           inet6 addr: fe80::4122:ce2/128 Scope:Link
           UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
           RX packets:13 errors:0 dropped:0 overruns:0 frame:0
           TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:1774 (1.7 KiB)  TX bytes:2669 (2.6 KiB)
 

coldwizard

Regular Contributor
Now I see what you are doing. Sorry I took so long to see the problem.
I will try to set up a pair of N66U devices with the guest wireless networks on vlan 3.
 

jea101

Regular Contributor
I still need an answer

I am still looking for a way to us security on WIFI moved to a bridge other than zero.
 

coldwizard

Regular Contributor
I still need an answer

I am still looking for a way to us security on WIFI moved to a bridge other than zero.

Solved - Moving guest WIFI SSID to a bridge and VLAN with wireless security enabled!

Solution was in old thread

http://www.snbforums.com/threads/works-perfectly-if-i-disable-all-authentication.12281/

which also has a link to a thread
http://www.snbforums.com/threads/vlan-configuration.8801/
which is about robocfg type commands for a AC66U

Solution is to create/change some nvram variables and restart eapd. I tested on an N66U running John's fork.

Code:
# get list of configured guest wireless networks
Guest24=`nvram get wl0_vifs`
Guest5=`nvram get wl1_vifs`
#
#  Move all Guest wireless to br1
# attempt to move wireless guest fails (no security only works) until restart of eapd below
#
lan1names=""
for GuestWifiDevice in $Guest24 $Guest5
   do
      brctl delif br0 $GuestWifiDevice
      brctl addif br1 $GuestWifiDevice
      # add name to list with preceding blank
      lan1names="$lan1names $GuestWifiDevice"
   done
#
# brctl show
#
#
# if guest wifi moved, set some nvram variables and restart eapd to fix security
if [ "x$lan1names" != "x" ]
   then
   nvram set lan_ifnames="vlan1 eth1 eth2"
   nvram set lan_ifname="br0"
#
   nvram set lan1_ifnames="vlan3$lan1names"
   nvram set lan1_ifname="br1"
#
   nvram show | grep -i ifname | grep -i lan
#
   #  restart eapd
   killall eapd
   eapd
fi
#
 
Last edited:

Bryan pfremmer

New Around Here
If I follow this in order should it work as listed. Do you need to run the mm ram changes on each reboot?


Sent from my iPhone using Tapatalk
 

Bryan pfremmer

New Around Here
So I can have my trusted wifi have a 10.0.0.0/8 and guest have a 192.168.0.0/16 without issues with dnsmasq?


Sent from my iPhone using Tapatalk
 

samw5

Occasional Visitor
OK noob question when trying to get this setup. I'm new to Merlin, coming from DD-wrt so I may need some hand holding.

I'm running 380.62_1 on an RT-AC88U.


Step 1) enable jffs --- that part I'm ok with
Step 2) copy .sh script to /jffs/configs/ I'm assuming, just not sure if that can be on the router ram, I'm assuming that there should be space.
Step 3) run the script (though I still would need to find a way to schedule it to run upon reboot?) no clue how to schedule/make this permanent.

Other question I have is in regards to DHCP for the guest networks. Where do I configure it if not using dnsmasq?

 

samw5

Occasional Visitor
ya was already looking at this, however doesn't answer my dhcp question.
Where do I set this up? Could it be made part of the script?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top