SeeJayEmm
New Around Here
I have an RT-AC68-U in AP mode running Merlin 386.11. I am trying to segregate my guest network on it's own VLAN. The AC68 is connected via the WAN port to an OpnSense router. I've followed the guidance I've found here on configuring VLANs on the AC68 and believe I have configured it correctly. I am able to connect to the guest network and (eventually) obtain an IP provided by DHCP on the OpnSense router but network access is spotty. When I run a test ping it will alternate between success and req. timed out. When running a tcpdump of the interface on the OpnSense side I can see that the pings that are dropped are sent by the AC86 with no VLAN tag. I've tried a few different ways of configuring this, none work. I could use some help. Thanks.
Example:
My current config.
Commands to configure:
Example:
Code:
00:17:27.606937 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype IPv4 (0x0800), length 98: 10.9.10.100 > 8.8.8.8: ICMP echo request, id 5178, seq 1, length 64
00:17:28.538334 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype IPv4 (0x0800), length 98: 10.9.10.100 > 8.8.8.8: ICMP echo request, id 5179, seq 1, length 64
00:17:29.541385 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype IPv4 (0x0800), length 98: 10.9.10.100 > 8.8.8.8: ICMP echo request, id 5180, seq 1, length 64
00:17:30.545394 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype IPv4 (0x0800), length 98: 10.9.10.100 > 8.8.8.8: ICMP echo request, id 5181, seq 1, length 64
00:17:31.549941 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype IPv4 (0x0800), length 98: 10.9.10.100 > 8.8.8.8: ICMP echo request, id 5182, seq 1, length 64
00:17:31.683812 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype 802.1Q (0x8100), length 64: vlan 910, p 0, ethertype ARP, Request who-has 10.9.10.1 tell 10.9.10.100, length 46
00:17:31.683834 0e:b0:9d:9f:ac:a1 > 18:48:ca:1e:b4:ad, ethertype 802.1Q (0x8100), length 46: vlan 910, p 0, ethertype ARP, Reply 10.9.10.1 is-at 0e:b0:9d:9f:ac:a1, length 28
00:17:32.570127 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype 802.1Q (0x8100), length 102: vlan 910, p 0, ethertype IPv4, 10.9.10.100 > 8.8.8.8: ICMP echo request, id 5183, seq 1, length 64
00:17:32.594802 0e:b0:9d:9f:ac:a1 > 18:48:ca:1e:b4:ad, ethertype 802.1Q (0x8100), length 102: vlan 910, p 0, ethertype IPv4, 8.8.8.8 > 10.9.10.100: ICMP echo reply, id 5183, seq 1, length 64
00:17:32.690983 18:48:ca:1e:b4:ad > 01:00:5e:00:00:fb, ethertype 802.1Q (0x8100), length 156: vlan 910, p 0, ethertype IPv4, 10.9.10.100.5353 > 224.0.0.251.5353: 67 [3q] PTR (QM)? _%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local. PTR (QM)? _CFE7FEDA._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (110)
00:17:33.596279 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype 802.1Q (0x8100), length 102: vlan 910, p 0, ethertype IPv4, 10.9.10.100 > 8.8.8.8: ICMP echo request, id 5184, seq 1, length 64
00:17:33.619827 0e:b0:9d:9f:ac:a1 > 18:48:ca:1e:b4:ad, ethertype 802.1Q (0x8100), length 102: vlan 910, p 0, ethertype IPv4, 8.8.8.8 > 10.9.10.100: ICMP echo reply, id 5184, seq 1, length 64
00:17:34.555900 18:48:ca:1e:b4:ad > 0e:b0:9d:9f:ac:a1, ethertype 802.1Q (0x8100), length 102: vlan 910, p 0, ethertype IPv4, 10.9.10.100 > 8.8.8.8: ICMP echo request, id 5185, seq 1, length 64
00:17:34.580115 0e:b0:9d:9f:ac:a1 > 18:48:ca:1e:b4:ad, ethertype 802.1Q (0x8100), length 102: vlan 910, p 0, ethertype IPv4, 8.8.8.8 > 10.9.10.100: ICMP echo reply, id 5185, seq 1, length 64
My current config.
Code:
# robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 0e:b0:9d:9f:ac:a1
Port 1: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 2: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 78:24:af:7c:de:18
Port 7: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 8: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
1: vlan1: 0 1 2 3 4 5t
2: vlan2: 5t
56: vlan56: 0t 4 5 7t
57: vlan57: 0 1 2t
58: vlan58: 0 1t 2t 5t
59: vlan59: 0t 1 2t 3 5 7 8t
60: vlan60: 0 1 2t 3t 4 5t 8u
61: vlan61: 1t 2t 3 5 8t
62: vlan62: 1t 2 4 5 7
910: vlan910: 0t 5t
Code:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.7824af7cde18 no vlan1
eth1
eth2
wl0.2
br1 8000.7824af7cde18 no wl0.1
wl1.1
vlan910
Code:
br0_ifnames=vlan1 eth1 eth2
br1_ifnames=wl0.1 wl1.1 eth0.910
lan1_ifnames=vlan910 wl0.1 wl1.1
lan_ifnames=vlan1 eth1 eth2
br0_ifname=br0
br1_ifname=br1
lan1_ifname=br1
lan_ifname=br0
Code:
# ip l
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 32
link/ether 7a:55:5e:bc:8e:a9 brd ff:ff:ff:ff:ff:ff
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 32
link/ether 72:8d:d8:fc:0a:9e brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
link/ether 78:24:af:7c:de:18 brd ff:ff:ff:ff:ff:ff
5: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
link/ether 78:24:af:7c:de:18 brd ff:ff:ff:ff:ff:ff
7: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
link/ether 78:24:af:7c:de:1c brd ff:ff:ff:ff:ff:ff
8: vlan1@eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 78:24:af:7c:de:18 brd ff:ff:ff:ff:ff:ff
9: vlan2@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
link/ether 78:24:af:7c:de:18 brd ff:ff:ff:ff:ff:ff
10: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT
link/ether 78:24:af:7c:de:18 brd ff:ff:ff:ff:ff:ff
11: wl0.1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
link/ether 78:24:af:7c:de:19 brd ff:ff:ff:ff:ff:ff
12: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
link/ether 78:24:af:7c:de:1a brd ff:ff:ff:ff:ff:ff
13: wl1.1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
link/ether 78:24:af:7c:de:1d brd ff:ff:ff:ff:ff:ff
14: vlan910@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 78:24:af:7c:de:18 brd ff:ff:ff:ff:ff:ff
15: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT
link/ether 78:24:af:7c:de:18 brd ff:ff:ff:ff:ff:ff
Commands to configure:
Code:
/usr/sbin/robocfg vlan 910 ports "0t 5t"
/sbin/vconfig add eth0 910
/sbin/ifconfig vlan910 up
# Remove Guest from br0
brctl delif br0 wl0.1
brctl delif br0 wl1.1
# Create br1 and add Guest
brctl addbr br1
brctl addif br1 wl0.1
brctl addif br1 wl1.1
brctl addif br1 vlan910
ifconfig br1 up
nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan910 wl0.1 wl1.1"
nvram set lan1_ifname="br1"
killall eapd
eapd
# Tried with an without isolation. It's doesn't have an effect.
wl -i wl0.1 ap_isolate 1
wl -i wl1.1 ap_isolate 1