AC68U Guest network in AP mode

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

forum_vimes

New Around Here
Just found out from testing and online that Asus's guest network does not act as a guest network in AP mode (I can access the full network when connected via the guest network). What's the most straightforward way (if any) of making this happen? I undertsand that Merlin also does not provide this out of the box.

Basic requirement is that I want the AC68U to be a wireless access point but for any device to that connects to it wirelessly to be isolated from the rest of may network but still access the internet.

RT-AC68U, latest firmware 3.0.0.4.385_20633

EDIT - Some comments speak about AIMesh - i do not need that. I have one draytek router and 1 Asus. Draytek remains the router. Asis is the AP for the Draytek, originally via an ethernet cable.

EDIT 2 - reply from Asus [why have that option then? Very misleading]


Customer Service Feedback


Dear ASUS Customer,
Thank you for contacting ASUS Support.

Unfortunately it cannot isolate clients when operating in AP mode,only when set in Router mode.
 
Last edited:

Klueless

Very Senior Member
I've observed the same.

An Asus in "router" mode:
  • Ethernet - Full Access
  • Main SSID - Full Access
  • "Guest" SSID - Optional Isolation
An Asus "AP" simply inherits the attributes of its connection into the router thus a simple solution is to connect the AP wirelessly to the router's guest SSID.

Somewhat unrelated I had a Ruckus AP installed at one of my sites. Even though it connects to an Asus router over Ethernet it can be configured to set its own isolation rules. I can even give guests access to, say, a printer while isolating them from everything else on my network.
 

forum_vimes

New Around Here
Hi so you mean
a) router-modem (eg ISPRouter) set up guest SSID (ISP_GUEST_SSID)
b) AC68U wireless connection to ISP_GUEST_SSID

is b) in repeater mode?
 

OzarkEdge

Part of the Furniture
Just found out from testing and online that Asus's guest network does not act as a guest network in AP mode (I can access the full network when connected via the guest network). What's the most straightforward way (if any) of making this happen? I undertsand that Merlin also does not provide this out of the box.

Basic requirement is that I want the AC68U to be a wireless access point but for any device to that connects to it wirelessly to be isolated from the rest of may network but still access the internet.

RT-AC68U, latest firmware 3.0.0.4.385_20633

Asuswrt RC2-7 AiMesh 2.0 beta introduces isolated guest WLANs across all wired/wireless AiMesh nodes. I assume this requires using AiMesh across the main router/root node and the remote node/AP(s). That's as good as it gets with this consumer gear.

OE
 

Klueless

Very Senior Member
Hi so you mean
a) router-modem (eg ISPRouter) set up guest SSID (ISP_GUEST_SSID)
b) AC68U wireless connection to ISP_GUEST_SSID

is b) in repeater mode?
Uh oh. ISP Router? I mistakenly assumed you were using an Asus Router which allows multiple SSIDs, some guest and some not. Does your ISP router allow similar? If so then yes to a, yes to b and yes, I do believe the vernacular would be "repeater mode".
 

forum_vimes

New Around Here
Uh oh. ISP Router? I mistakenly assumed you were using an Asus Router which allows multiple SSIDs, some guest and some not. Does your ISP router allow similar? If so then yes to a, yes to b and yes, I do believe the vernacular would be "repeater mode".

Actual is

Draytek Router - LAN port - Ethernet cable - Asus AC68U as wifi access point

The Draytek is all singing all dancing multiple VLANs, multiple SSIDs etc. I don't expect to replicate that with the Asus. What I am hoping is to get the Asus to be able to provide wifi in an isolated fashion via its Guest network. "Repeater mode" is one of the options in the Asus.

I'll try the repeater mode, if it exactly replicates the Draytek SSIDs even better.
 

L&LD

Part of the Furniture
You can run the 386.1 Alpha 2 RMerlin firmware now in testing (which is, as usual, extremely stable).


Of course, you will need 2x RMerlin supported Asus routers to get the features you want from AiMesh 2.0.
 

bbunge

Very Senior Member
Just found out from testing and online that Asus's guest network does not act as a guest network in AP mode (I can access the full network when connected via the guest network). What's the most straightforward way (if any) of making this happen? I undertsand that Merlin also does not provide this out of the box.

Basic requirement is that I want the AC68U to be a wireless access point but for any device to that connects to it wirelessly to be isolated from the rest of may network but still access the internet.

RT-AC68U, latest firmware 3.0.0.4.385_20633
You are correct. I am working on the same issue with a small office network and I have just about concluded that the Asus router will have to be in router mode and the ISP modem/router bridged. I am planning to either use Asus 386 firmware (still in beta) or Merlin 386.1 (still in alpha) which will enable guest network across AiMesh. I hope!
 

L&LD

Part of the Furniture
Just an observation: RMerlin's 'Alpha' releases are historically substantially more polished than Asus' 'Beta' releases (they are based and improved upon those beta's, after all).

This is why I would not even consider using the stock firmware, even if they still offered the same features (or more). :)
 

OzarkEdge

Part of the Furniture
Just an observation: RMerlin's 'Alpha' releases are historically substantially more polished than Asus' 'Beta' releases (they are based and improved upon those beta's, after all).

The AiMesh bits are the same closed code, so no more polished. I wonder where the new guest WLAN VLANs fit into that picture.

OE
 

Klueless

Very Senior Member
The Draytek is all singing all dancing multiple VLANs, multiple SSIDs etc ... I'll try the repeater mode, if it exactly replicates the Draytek SSIDs even better.
With the Asus in "Repeater" mode you will connect to one of the Draytek "guest" SSIDs. The Asus will then broadcast a SSID for clients. I "think", by default, the client SSID will have a slightly different name but can be renamed to the SSID name you prefer.

If/when you get that working we can then talk about an easy "tweak" for performance.

Now you say that the Draytek supports VLANs. Do you know if the Draytek will allow you to set up a VLAN/Ethernet Port for "limited" access? IF it does then you should be able to hardwire the Asus to the limited access Ethernet port and run it as an AP (better performance).
 

L&LD

Part of the Furniture
@OzarkEdge the same bits do not always add up to the same experience. A master baker can even make a more appetizing entrée, with less. :)

It's not just what you put into a recipe, it's also what you leave out. ;)
 

forum_vimes

New Around Here
You can run the 386.1 Alpha 2 RMerlin firmware now in testing (which is, as usual, extremely stable).


Of course, you will need 2x RMerlin supported Asus routers to get the features you want from AiMesh 2.0.
Hi just to be clear would the above work a) if i do not want AImesh and b) i do not have two asus routers?
 

forum_vimes

New Around Here
With the Asus in "Repeater" mode you will connect to one of the Draytek "guest" SSIDs. The Asus will then broadcast a SSID for clients. I "think", by default, the client SSID will have a slightly different name but can be renamed to the SSID name you prefer.

If/when you get that working we can then talk about an easy "tweak" for performance.

Now you say that the Draytek supports VLANs. Do you know if the Draytek will allow you to set up a VLAN/Ethernet Port for "limited" access? IF it does then you should be able to hardwire the Asus to the limited access Ethernet port and run it as an AP (better performance).

I am going to try this in Repeater mode and copy the SSID. My initial look shows it can only repeat one SSID, I was greedily hoping for more than one. In any case I have found you can't repeat an SSID and have that split into Guest network and non Guest network.

You are exactly right on the VLAN for the Draytek but I can't physically do that is the short story.
 

Klueless

Very Senior Member
You are exactly right on the VLAN for the Draytek but I can't physically do that is the short story.
That is unfortunate.
EDIT 2 - reply from Asus [why have that option then? Very misleading]
The Asus is a "Router". AP, Repeater, etc. are simply tweaks, configuration alternatives. As such I'm not surprised that they didn't clean up the main GUI to reflect their limitations. I am a little surprised you bought a router to dumb down to serve as an AP when one could have simply bought an AP. A Netgear AP (cheaper) would have had the same limitations while a Ruckus AP (pricier) would have given you everything you were hoping for.
 

forum_vimes

New Around Here
With the Asus in "Repeater" mode you will connect to one of the Draytek "guest" SSIDs. The Asus will then broadcast a SSID for clients. I "think", by default, the client SSID will have a slightly different name but can be renamed to the SSID name you prefer.

If/when you get that working we can then talk about an easy "tweak" for performance.

Now you say that the Draytek supports VLANs. Do you know if the Draytek will allow you to set up a VLAN/Ethernet Port for "limited" access? IF it does then you should be able to hardwire the Asus to the limited access Ethernet port and run it as an AP (better performance).
OK I set up an isolated SSID on my Draytek and have repeated that in wireless mode on the ASUS and this appears to work. It's not ideal and I will see if I can get the signal strong and realiably enough to wjere I want it. Also you can't change the channel of the Asus when in repeater mode - it inherits the existing one.
 

octopus

Very Senior Member
You can run the 386.1 Alpha 2 RMerlin firmware now in testing (which is, as usual, extremely stable).


Of course, you will need 2x RMerlin supported Asus routers to get the features you want from AiMesh 2.0.
You can use Merlin in first nod and asus stock on node. Working just fine.
AiMesh 2.0 working just fine.
 

Klueless

Very Senior Member
OK I set up an isolated SSID on my Draytek and have repeated that in wireless mode on the ASUS and this appears to work. It's not ideal and I will see if I can get the signal strong and realiably enough to wjere I want it. Also you can't change the channel of the Asus when in repeater mode - it inherits the existing one.
Congratulations! Now I'm left wondering; Can you connect to the Draytek using, say, the 2.4 GHz radio only thus leaving the 5 GHz radio / SSID for clients only? (I've set up repeaters/extender before but never the Asus version.)
 

Ronald Schwerer

Very Senior Member
I have a 2.4 and 5 GHz guest on my router. I'm using an AC68U as a Guest repeater to improve access for 2.4 GHz IoT clients in and around my garage. I only use 5GHz as the backhaul to my main router. I repeat the same 2.GHz SSID as the main router. I don't really need the 5GHz repeated but I haven't figured out how to turn it off on the repeater. So I just use that SSID to harass the neighbors with political messages :)
 

forum_vimes

New Around Here
That is unfortunate.

The Asus is a "Router". AP, Repeater, etc. are simply tweaks, configuration alternatives. As such I'm not surprised that they didn't clean up the main GUI to reflect their limitations. I am a little surprised you bought a router to dumb down to serve as an AP when one could have simply bought an AP. A Netgear AP (cheaper) would have had the same limitations while a Ruckus AP (pricier) would have given you everything you were hoping for.
I had the Asus knocking around from ~4 years ago, so thought to use it as an access point rather than fork out for a full MESH network and
Congratulations! Now I'm left wondering; Can you connect to the Draytek using, say, the 2.4 GHz radio only thus leaving the 5 GHz radio / SSID for clients only? (I've set up repeaters/extender before but never the Asus version.)
Draytek is quite old (but still pretty good) 2.4 GHz only unfortunately...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top