AC86U VLAN Tagging with MerlinWRT

[Eric Lieb]

Finally got it working on the AC86U so figured I would share incase anyone else is interested.
In my setup my main network is VLAN 1 Untagged and then VLAN 200 Tagged on the port with the AC86U in AP mode

Adopted from https://gist.github.com/Jimmy-Z/6120988090b9696c420385e7e42c64c4

This will take Guest Network 1 for 2.4 and 5ghz and push it into its own VLAN

#!/bin/sh
# multi SSID with VLAN script, for ASUS AC86U with merlin
#
# setup before hand:
#       set "router" to "AP Mode"
#               this will put all ports and wireless in br0
#       create 2 guest network
#       enable Administration => System => Enable JFFS custom scripts and configs
#       put this script in /jffs/scripts/, name should be "services-start"
#               remember `chmod a+x services-start`
#       I strongly suggest you use static IP instead of DHCP
#               In my test, the "router" will pickup DHCP lease from VLAN 1 instead of VLAN 227
#       reboot
# some basic info of the original AP mode:
#       eth0 => WAN port
#       eth1~4 => LAN port 4~1, they're reversed
#       eth5 => WiFi 2.4G
#       eth6 => WiFi 5G
#       wl0.1, wl0.2 => WiFi 2.4G guest networks
# this setup:
#       WAN port (eth0) will be repurposed as a tagged port
#       LAN ports (eth1~4) and primary WiFi (eth5,6) will be on Untagged VLAN (In my case VLAN 1 is untagged on this port)
#       guest network 1 will be on VLAN 200


#echo "============== START 1 $(date) ==================" >> /jffs/scripts/log
#ip a >> /jffs/scripts/log
#ip r >> /jffs/scripts/log
#brctl show >> /jffs/scripts/log
#echo "============== END 1 $(date) ==================" >> /jffs/scripts/log
# take down both radios to force all clients to deauth
wl -i eth5 down
wl -i eth6 down

# sleep to allow deauth to finish
sleep 1
# echo $PATH > /tmp/script_debug
# remove interfaces we're gonna move to other bridges
brctl delif br0 wl0.1
brctl delif br0 wl1.1

ip link add link eth0 name eth0.200 type vlan id 200
ip link set eth0.200 up

# set up br1, guest LAN, more wl0.1 and wl1.1 to br1 for Guest Networks
brctl addbr br1
brctl addif br1 eth0.200
brctl addif br1 wl0.1
brctl addif br1 wl1.1
ip link set br1 up


# seems like eapd reads config from these
# no need to set lan_ifname since it's already there
nvram set lan_ifnames="eth1 eth2 eth3 eth4 eth5 eth6 eth0"

nvram set lan1_ifnames="wl0.1 wl1.1 eth0.200"
nvram set lan1_ifname="br1"


# doesn't seem to affect anything, just make it align
nvram set br0_ifnames="eth1 eth2 eth3 eth4 eth5 eth6 eth0"

nvram set br1_ifnames="wl0.1 wl1.1 eth0.200"
nvram set br1_ifname="br1"

# we do NOT issue `nvram commit` here since it won't survive reboot anyway

# is there a better way to do this like `service restart eapd` ?
killall eapd
eapd

#echo "============== START 2 $(date) ==================" >> /jffs/scripts/log
#ip a >> /jffs/scripts/log
#ip r >> /jffs/scripts/log
#brctl show >> /jffs/scripts/log
#echo "============== END 2 $(date) ==================" >> /jffs/scripts/log



# sleep for 5 seconds just incase a script is still running before we bring up the radios
sleep 5

# bring back up the radios
wl -i eth5 up
wl -i eth6 up

Edit:

Added rules to take down the wifi radios to force all clients to DeAuth and Disassociate and then at the end bring the radios back up and all clients should Auth






Just sharing incase anyone else is interested. I am running a PFSense router and a 24 port managed switch.

 

[drinkingbird]

Finally got it working on the AC86U so figured I would share incase anyone else is interested.
In my setup my main network is VLAN 1 Untagged and then VLAN 200 Tagged on the port with the AC86U in AP mode

Adopted from https://gist.github.com/Jimmy-Z/6120988090b9696c420385e7e42c64c4

This will take Guest Network 1 for 2.4 and 5ghz and push it into its own VLAN

#!/bin/sh

# multi SSID with VLAN script, for ASUS AC86U with merlin
#
# setup before hand:
#       set "router" to "AP Mode"
#               this will put all ports and wireless in br0
#       create 2 guest network
#       enable Administration => System => Enable JFFS custom scripts and configs
#       put this script in /jffs/scripts/, name should be "services-start"
#               remember `chmod a+x services-start`
#       I strongly suggest you use static IP instead of DHCP
#               In my test, the "router" will pickup DHCP lease from VLAN 1 instead of VLAN 227
#       reboot
# some basic info of the original AP mode:
#       eth0 => WAN port
#       eth1~4 => LAN port 4~1, they're reversed
#       eth5 => WiFi 2.4G
#       eth6 => WiFi 5G
#       wl0.1, wl0.2 => WiFi 2.4G guest networks
# this setup:
#       WAN port (eth0) will be repurposed as a tagged port
#       LAN ports (eth1~4) and primary WiFi (eth5,6) will be on Untagged VLAN (In my case VLAN 1 is untagged on this port)
#       guest network 1 will be on VLAN 200


#echo "============== START 1 $(date) ==================" >> /jffs/scripts/log
#ip a >> /jffs/scripts/log
#ip r >> /jffs/scripts/log
#brctl show >> /jffs/scripts/log
#echo "============== END 1 $(date) ==================" >> /jffs/scripts/log

# echo $PATH > /tmp/script_debug
# remove interfaces we're gonna move to other bridges
brctl delif br0 wl0.1
brctl delif br0 wl1.1

ip link add link eth0 name eth0.200 type vlan id 200
ip link set eth0.200 up

# set up br1, guest LAN, more wl0.1 and wl1.1 to br1 for Guest Networks
brctl addbr br1
brctl addif br1 eth0.200
brctl addif br1 wl0.1
brctl addif br1 wl1.1
ip link set br1 up


# seems like eapd reads config from these
# no need to set lan_ifname since it's already there
nvram set lan_ifnames="eth1 eth2 eth3 eth4 eth5 eth6 eth0"

nvram set lan1_ifnames="wl0.1 wl1.1 eth0.200"
nvram set lan1_ifname="br1"


# doesn't seem to affect anything, just make it align
nvram set br0_ifnames="eth1 eth2 eth3 eth4 eth5 eth6 eth0"

nvram set br1_ifnames="wl0.1 wl1.1 eth0.200"
nvram set br1_ifname="br1"

# we do NOT issue `nvram commit` here since it won't survive reboot anyway

# is there a better way to do this like `service restart eapd` ?
killall eapd
eapd

#echo "============== START 2 $(date) ==================" >> /jffs/scripts/log
#ip a >> /jffs/scripts/log
#ip r >> /jffs/scripts/log
#brctl show >> /jffs/scripts/log
#echo "============== END 2 $(date) ==================" >> /jffs/scripts/log
runner disable
fc disable

The last 2 lines are necessary to disable HW acceleration


Just sharing incase anyone else is interested. I am running a PFSense router and a 24 port managed switch.

Pretty straightforward in AP mode looks like (other than the oddity of having to disable HW acceleration, which you'd think wouldn't come into play). In router mode a bit more complex but just building on the above really.

I don't know that your "br1_ifname(s)" NVRAM variables will actually do anything since those variables would have to be known and called by code somewhere. But not hurting anything either. I think the LAN0 and LAN1 are the big ones, though in AP mode even those may not matter much.

Your previous iteration with duplicate/incorrect NVRAM variables may have worked fine if you disabled HW acceleration, who knows.

 

[Tech9]

The last 2 lines are necessary to disable HW acceleration

Why is HW acceleration enabled in AP Mode in first place?

 

[drinkingbird]

Why is HW acceleration enabled in AP Mode in first place?

Probably required to run the lights.

 

[Eric Lieb]

Why is HW acceleration enabled in AP Mode in first place?

I was wondering the same thing but couldn't find any documentation.

I may test if both need to be disabled or maybe none of them have to be disabled for sure. I just rewrote everything to it worked so didnt want to start removing parts and testing when I needed it up yesterday but I can probably play with it tonight and see if they really need to be disabled.

Not sure what HW acceleration would even do in AP mode since all NAT functions and DHCP are handled by the PFSense router.

 

[maxbraketorque]

Finally got it working on the AC86U so figured I would share incase anyone else is interested.
In my setup my main network is VLAN 1 Untagged and then VLAN 200 Tagged on the port with the AC86U in AP mode

Adopted from https://gist.github.com/Jimmy-Z/6120988090b9696c420385e7e42c64c4

This will take Guest Network 1 for 2.4 and 5ghz and push it into its own VLAN
...

Presumably this is meant to get around the fact that when using the 386 and 388 firmwares, guest networks on APs aren't isolated from the primary network. I have two AC86U main/AP setups that I manage, and I would really like to resolve the lack of guest network isolation on the APs. Can you more fully explain what your script does? Some specific questions I have are:

• Can the SSID of the AP guest network match the name of the guest network SSID on the main router? If yes, will devices seamlessly transition between the main and AP guest networks as the user moves around the site?
• It says in the script notes, "#wl0.1, wl0.2 => WiFi 2.4G guest networks". I guess these are 2.4 GHz guest networks 1 and 2, and presumably wl0.3 is the third 2.4 GHz guest network?
• The notes in your script don't state it, but from what I can find, wl1.1 thru wl1.3 are the 5 GHz guest networks. Is that correct?
• If I only want to enable 2.4 GHz guest network, then presumably I can remove the wl1.1 entries in the script, correct?
• Do I need to do anything on my main AC86U for this to work?

 

[Eric Lieb]

Presumably this is meant to get around the fact that when using the 386 and 388 firmwares, guest networks on APs aren't isolated from the primary network. I have two AC86U main/AP setups that I manage, and I would really like to resolve the lack of guest network isolation on the APs. Can you more fully explain what your script does? Some specific questions I have are:

• Can the SSID of the AP guest network match the name of the guest network SSID on the main router? If yes, will devices seamlessly transition between the main and AP guest networks as the user moves around the site?
• It says in the script notes, "#wl0.1, wl0.2 => WiFi 2.4G guest networks". I guess these are 2.4 GHz guest networks 1 and 2, and presumably wl0.3 is the third 2.4 GHz guest network?
• The notes in your script don't state it, but from what I can find, wl1.1 thru wl1.3 are the 5 GHz guest networks. Is that correct?
• If I only want to enable 2.4 GHz guest network, then presumably I can remove the wl1.1 entries in the script, correct?
• Do I need to do anything on my main AC86U for this to work?

If you are using the ac86 with merlinwrt as a router then it 100% supports ap isolation on the guest networks (you can also install yazfi to set additional properties like subnets). This is for vlan configuration when using an enterprise router (I am using pfsense) setup with a managed switch and the ac86 as a wireless ap and want to establish different tagged vlan configurations on different interfaces.

If you are running an ac86 as a router and another one as an ap, I believe you can use aimesh to push the guest network with isolation onto the mesh node.

But yes wl0.x is guest 2.4 gighz (1-3) and wl1.x is guest 5 GHz (1-3).

You can remove whichever you want from the script and shouldn't have any issues, you can also split them into different vlans too.

If you are matching ssid names you should I able roam assistant and set it properly to get your device to roam between nodes (roam assistance is still available in ap mode).

 

[maxbraketorque]

If you are using the ac86 with merlinwrt as a router then it 100% supports ap isolation on the guest networks (you can also install yazfi to set additional properties like subnets). This is for vlan configuration when using an enterprise router (I am using pfsense) setup with a managed switch and the ac86 as a wireless ap and want to establish different tagged vlan configurations on different interfaces.

If you are running an ac86 as a router and another one as an ap, I believe you can use aimesh to push the guest network with isolation onto the mesh node.

But yes wl0.x is guest 2.4 gighz (1-3) and wl1.x is guest 5 GHz (1-3).

You can remove whichever you want from the script and shouldn't have any issues, you can also split them into different vlans too.

If you are matching ssid names you should I able roam assistant and set it properly to get your device to roam between nodes (roam assistance is still available in ap mode).

Neither stock nor Merlin support guest network isolation on an AP in AP operation mode. Aimesh apparently supports it, but I have no interest in that mess. I've tried YazFi, and it didn't work well, although its been a few years now, and I've forgotten the reason why I abandoned it.

So it sounds like I would have to setup an appropriate VLAN on the main AC86U and link it to the guest networks on the main router?

 

[Eric Lieb]

Neither stock nor Merlin support guest network isolation on an AP in AP operation mode. Aimesh apparently supports it, but I have no interest in that mess. I've tried YazFi, and it didn't work well, although its been a few years now, and I've forgotten the reason why I abandoned it.

So it sounds like I would have to setup an appropriate VLAN on the main AC86U and link it to the guest networks on the main router?

Do you need the 2nd ap to have your primary lan AND a guest isolated or is the 2nd ap just for guest isolated

 

[maxbraketorque]

Do you need the 2nd ap to have your primary lan AND a guest isolated or is the 2nd ap just for guest isolated

I have two sites (not linked to each other in any way) where I have a pair of AC86Us operating in main/AP mode. I know nothing about VLANs, but in looking at your script, I'm wondering whether I can specify a guest VLAN on the main router in the same way that you did on the AP.

 

[Tech9]

Not sure what HW acceleration would even do in AP mode since all NAT functions and DHCP are handled by the PFSense router.

This situation reminds me of my experiments with older AC68U and variants. There are a lot of weird things around Asuswrt. If you have HW acceleration turned off in router mode and then switch to Media Bridge - the connection was more stable. There is no routing in Media Bridge or AP Mode and what is HW acceleration doing is unclear. There is no WAN interface.

 

[Eric Lieb]

Probably required to run the lights.

Nope the LEDs are still working without the HW acceleration.

I will say the only small issue I have found is that inbetween the router booting up and then applying the services file, the wireless radio is turned on and some devices start connecting to it which means they are getting DHCP leases in the wrong subnet. They seem to eventually resolve themselves but would be nice if this script could run before the AP radios are ready to negotiate connections.

 

[Eric Lieb]

I have two sites (not linked to each other in any way) where I have a pair of AC86Us operating in main/AP mode. I know nothing about VLANs, but in looking at your script, I'm wondering whether I can specify a guest VLAN on the main router in the same way that you did on the AP.

Was thinking about this and wondering if Asuswrt (merlinwrt) uses VLANs when establishing guest networks in router mode. You can determine this I think by enabling the guest networks on the router and then running these commands

ip a
brctl show

See what that lists. None of my Asus routers are in router mode (all in AP mode)

 

[maxbraketorque]

Nope the LEDs are still working without the HW acceleration.

I will say the only small issue I have found is that inbetween the router booting up and then applying the services file, the wireless radio is turned on and some devices start connecting to it which means they are getting DHCP leases in the wrong subnet. They seem to eventually resolve themselves but would be nice if this script could run before the AP radios are ready to negotiate connections.

Isn't there a command to enable and disable the radios? Could disable radios at the beginning of the script and then enable after the vlan commands are issued.

Was thinking about this and wondering if Asuswrt (merlinwrt) uses VLANs when establishing guest networks in router mode. You can determine this I think by enabling the guest networks on the router and then running these commands

ip a
brctl show

See what that lists. None of my Asus routers are in router mode (all in AP mode)

On the AP AC86U...

"ip a" gives

XXXXXXX:/tmp/home/root# ip a
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0
       valid_lft forever preferred_lft forever
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether 6a:4f:8d:d3:81:f7 brd ff:ff:ff:ff:ff:ff
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether f6:23:8b:c0:24:40 brd ff:ff:ff:ff:ff:ff
4: imq0: <NOARP> mtu 16000 qdisc noop state DOWN group default qlen 11000
    link/void
5: imq1: <NOARP> mtu 16000 qdisc noop state DOWN group default qlen 11000
    link/void
6: imq2: <NOARP> mtu 16000 qdisc noop state DOWN group default qlen 11000
    link/void
7: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default
    link/sit 0.0.0.0 brd 0.0.0.0
8: bcmsw: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noop state UNKNOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
9: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
10: eth1: <NO-CARRIER,BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
11: eth2: <NO-CARRIER,BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
12: eth3: <NO-CARRIER,BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
13: eth4: <NO-CARRIER,BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
14: spu_us_dummy: <NOARP,UP,LOWER_UP> mtu 3072 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
15: spu_ds_dummy: <NOARP,UP,LOWER_UP> mtu 3072 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
16: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
17: eth5: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
18: eth6: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:ac brd ff:ff:ff:ff:ff:ff
19: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.68.250/24 brd 192.168.68.255 scope global br0
       valid_lft forever preferred_lft forever
20: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:aa brd ff:ff:ff:ff:ff:ff

"brctl show" gives

XXXXX:/tmp/home/root# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.2cfda1a141a8    no        eth0
                            eth1
                            eth2
                            eth3
                            eth4
                            eth5
                            eth6
                            wl0.2

So wl0.2 is listed here, and I do have the 2.4 GHz guest network enabled, but not sure if that means a vlan is being used.

 

[drinkingbird]

Was thinking about this and wondering if Asuswrt (merlinwrt) uses VLANs when establishing guest networks in router mode. You can determine this I think by enabling the guest networks on the router and then running these commands

ip a
brctl show

See what that lists. None of my Asus routers are in router mode (all in AP mode)

On 386 code base, if you enable guest wireless 1 with "intranet" disabled when in router mode, it creates VLANs - 501 and 502, on triband models also 503. If you set up Aimesh, it will propagate those to the nodes and use them to segment guests end to end via 802.1Q trunk. It does not do this for GW2 or 3 (or 4 if you have 4 of them) or if you enable intranet access.

 

[drinkingbird]

Isn't there a command to enable and disable the radios? Could disable radios at the beginning of the script and then enable after the vlan commands are issued.



On the AP AC86U...

"ip a" gives

XXXXXXX:/tmp/home/root# ip a
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0
       valid_lft forever preferred_lft forever
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether 6a:4f:8d:d3:81:f7 brd ff:ff:ff:ff:ff:ff
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether f6:23:8b:c0:24:40 brd ff:ff:ff:ff:ff:ff
4: imq0: <NOARP> mtu 16000 qdisc noop state DOWN group default qlen 11000
    link/void
5: imq1: <NOARP> mtu 16000 qdisc noop state DOWN group default qlen 11000
    link/void
6: imq2: <NOARP> mtu 16000 qdisc noop state DOWN group default qlen 11000
    link/void
7: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default
    link/sit 0.0.0.0 brd 0.0.0.0
8: bcmsw: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noop state UNKNOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
9: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
10: eth1: <NO-CARRIER,BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
11: eth2: <NO-CARRIER,BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
12: eth3: <NO-CARRIER,BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
13: eth4: <NO-CARRIER,BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
14: spu_us_dummy: <NOARP,UP,LOWER_UP> mtu 3072 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
15: spu_ds_dummy: <NOARP,UP,LOWER_UP> mtu 3072 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
16: dpsta: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
17: eth5: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
18: eth6: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:ac brd ff:ff:ff:ff:ff:ff
19: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 2c:fd:a1:a1:41:a8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.68.250/24 brd 192.168.68.255 scope global br0
       valid_lft forever preferred_lft forever
20: wl0.2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether 2c:fd:a1:a1:41:aa brd ff:ff:ff:ff:ff:ff

"brctl show" gives

XXXXX:/tmp/home/root# brctl show
bridge name    bridge id        STP enabled    interfaces
br0        8000.2cfda1a141a8    no        eth0
                            eth1
                            eth2
                            eth3
                            eth4
                            eth5
                            eth6
                            wl0.2

So wl0.2 is listed here, and I do have the 2.4 GHz guest network enabled, but not sure if that means a vlan is being used.

No because you are using Guest Wireless 2 (WL0.2) so it won't create the VLANs. If you use Guest Wireless 1 with intranet disabled, it will create them.

 

[drinkingbird]

Nope the LEDs are still working without the HW acceleration.

I will say the only small issue I have found is that inbetween the router booting up and then applying the services file, the wireless radio is turned on and some devices start connecting to it which means they are getting DHCP leases in the wrong subnet. They seem to eventually resolve themselves but would be nice if this script could run before the AP radios are ready to negotiate connections.

Yeah as the other suggested, you could try disabling and re-enabling the radios at the end of your script which should cause clients to renew their lease. Or maybe use ifconfig to down the port going to your router then turn it back up after (in an earlier running script). Probably have to toy with it to get it to happen at the right time.

 

[Eric Lieb]

Yeah as the other suggested, you could try disabling and re-enabling the radios at the end of your script which should cause clients to renew their lease. Or maybe use ifconfig to down the port going to your router then turn it back up after (in an earlier running script). Probably have to toy with it to get it to happen at the right time.

Have to figure out how to disable and re-enable the radios.. tried some stuff that doesnt seem to be working.

 

[FernandoF]

Have to figure out how to disable and re-enable the radios.. tried some stuff that doesnt seem to be working.

RT-AC86U owner, but not an expert. With that, I can offer the following suggestions:

To disable the radios, try properly adding these to init-start (hopefully that's not too early in the boot process):

wl -i eth5 down     # 2.4 GHz radio
wl -i eth6 down     # 5.0 GHz radio

EDIT: If it's indeed too early, you could potentially mitigate that by inserting a few seconds of "sleep" before the "wl -i" commands. Based on my experience, init-start is triggered about 5 or 6 seconds before services-start.

And to re-enable the radios, add these somewhere in your script:

wl -i eth5 up     # 2.4 GHz radio
wl -i eth6 up     # 5.0 GHz radio

I'd appreciate if you could report back. I hope it works!

 

[maxbraketorque]

On 386 code base, if you enable guest wireless 1 with "intranet" disabled when in router mode, it creates VLANs - 501 and 502, on triband models also 503. If you set up Aimesh, it will propagate those to the nodes and use them to segment guests end to end via 802.1Q trunk. It does not do this for GW2 or 3 (or 4 if you have 4 of them) or if you enable intranet access.

Is there a way to get an AP router (not a mesh-enable satellite router) to utilize the VLANs setup by the main router?