What's new

Asus Mesh over Managed switches (VLAN issue)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

omri

New Around Here
Hi
I have ASUS routers XT8, XT9.
Main router is XT9 connected to my ISP router (wan port).
I have also cellular router connected to LAN1 which set to be backup connection.

I have other nodes which connected to managed switch which connected to LAN2 of the main XT9.

My issue is that devices connected to XT8 (which connect to the managed switch) is receiving IP coming from the backup connection.

As i understand that because my switch setup is incorrect and my ports has access to all vlans (and Asus doing the seperation fornthe backup node using vlan).

So devices connected directly to my XT9 is separate from the backup.
But devices connected using nodes over the managed switch has also access to the backup vlan.

I am trying to understand how to set up the separation on my nodes using configuration on the switch.

I need to understand how to configure the port that connected between my XT9 to the switch - it should be access/trunk/hybrid port?
Someone know what is the vlans number/name that asus using ?

Thank you
Omri
 
I have also cellular router connected to LAN1 which set to be backup connection.
:
My issue is that devices connected to XT8 (which connect to the managed switch) is receiving IP coming from the backup connection.
This sounds like it's just an invalid network design rather than something specific to VLANs or managed switches.

Having two routers (XT9 and cellular) both connected to the same LAN and presumably each running their own DHCP server is not valid. They will be conflicting with each other.

I think you need to describe how you anticipate this cellular router working with the rest of your equipment.
 
This sounds like it's just an invalid network design rather than something specific to VLANs or managed switches.

Having two routers (XT9 and cellular) both connected to the same LAN and presumably each running their own DHCP server is not valid. They will be conflicting with each other.

I think you need to describe how you anticipate this cellular router working with the rest of your equipment.
Hi
I think I explained incorrectly.

Cellular router is behind the XT9.
XT9 support dual wan.
Main WAN is my fiber router
Secondary WAN (act as hot backup) is connected to my cellular router.

This setup supported by ASUS.
 
OK that makes more sense. Although is doesn't explain how your clients are getting IP addresses from the backup router.

It would be best if you could post a diagram showing how all the routers and switches are connected to each other.
 
This setup supported by ASUS.

The switch has to pass VLAN 501, 502, 503 to the AiMesh nodes. They are used for Guest Network 1 propagation to nodes.

Dual WAN with 2x Ethernet connections has issues on many Asus routers. Advertised as feature, but doesn't work reliably. All LAN connected devices have to use router's DHCP server. Upstream routers DHCP is on the WAN side. Dual WAN in fail-over mode must show one connection as Connected and the other as Stand-By. Perhaps the managed switch has DHCP server running as well? Perhaps Dual WAN is configured by mistake with different than WAN + LAN1 ports? Check your configuration again. No client device should be getting an IP from upstream router.
 
OK that makes more sense. Although is doesn't explain how your clients are getting IP addresses from the backup router.

It would be best if you could post a diagram showing how all the routers and switches are connected to each other.
I will post one later (i need to create one).

ASUS using LAN1 port as dual port. Can be set as LAN port and as secondary WAN port.
I think ASUS implemented this dual port using VLAN settings - so in case its set as LAN its using the vlan of the LAN ports, in case its secondary WAN - they move it to vlan of the WAN.

When i use managed switch that has access to all vlans and i dont build the right vlans structure- both routers send their DHCP data to the clients
 
I will post one later (i need to create one).

ASUS using LAN1 port as dual port. Can be set as LAN port and as secondary WAN port.
I think ASUS implemented this dual port using VLAN settings - so in case its set as LAN its using the vlan of the LAN ports, in case its secondary WAN - they move it to vlan of the WAN.

When i use managed switch that has access to all vlans and i dont build the right vlans structure- both routers send their DHCP data to the clients
Yes VLANs are used by the Asus for dual WAN. But as far as I know those VLAN tags shouldn't make it onto your LAN if there's a direct connection between the backup router and the Asus' dual wan port (i.e. no intervening switches). But maybe there's a bug and that's not happening.
 
The switch has to pass VLAN 501, 502, 503 to the AiMesh nodes. They are used for Guest Network 1 propagation to nodes.

Dual WAN with 2x Ethernet connections has issues on many Asus routers. Advertised as feature, but doesn't work reliably. All LAN connected devices have to use router's DHCP server. Upstream routers DHCP is on the WAN side. Dual WAN in fail-over mode must show one connection as Connected and the other as Stand-By. Perhaps the managed switch has DHCP server running as well? Perhaps Dual WAN is configured by mistake with different than WAN + LAN1 ports? Check your configuration again. No client device should be getting an IP from upstream router.
Hi
Currently it's configured to use WAN1 (main) and backup as LAN1.
Backup works good - switch connections when the main connection drop.

The problem is that the client that connected to the switch
OK that makes more sense. Although is doesn't explain how your clients are getting IP addresses from the backup router.

It would be best if you could post a diagram showing how all the routers and switches are connected to each other.
Attached network diagram.

I think that the problem occurs because of the way ASUS implemented the dual wan (this port is LAN1 and changed in the settings to the secondary wan).
i dont have problem on the main router (XT9) - only on the nodes that connected thru the managed switch
 

Attachments

  • home-network.pdf
    46 KB · Views: 11
The switch has to pass VLAN 501, 502, 503 to the AiMesh nodes. They are used for Guest Network 1 propagation to nodes.

Dual WAN with 2x Ethernet connections has issues on many Asus routers. Advertised as feature, but doesn't work reliably. All LAN connected devices have to use router's DHCP server. Upstream routers DHCP is on the WAN side. Dual WAN in fail-over mode must show one connection as Connected and the other as Stand-By. Perhaps the managed switch has DHCP server running as well? Perhaps Dual WAN is configured by mistake with different than WAN + LAN1 ports? Check your configuration again. No client device should be getting an IP from upstream router.
Hi,
attached network diagram.

secondary WAN is based on the LAN1 ethernet port, and i choose this port on the setup of the XT9 to be secondary wan.
this configuration works great - when main WAN is dropping - it's automatically switch to LAN1 to act as main WAN connection.

i think that ASUS implemented this solutions using VLANS - so in case that WAN1 is dropping - they change the LAN1 vlan to be the WAN.

my problem is with the clients connected to the nodes that pass thru the managed switch (or directly to the switch) - this case they are mixing with the VLAN belong to LAN1 - and some time they receive the IP from the DHCP of the 5G ROUTER

i think i need to build the vlans structure on the switch, and limit the ports to access only to the vlan that belong to the LAN

in the FAQ of asus they wrote :
By using AiMesh/ZenWiFi system, please make sure the node ports are NOT connected to trunk ports.
https://www.asus.com/support/faq/1044151/

i try to understand if my theory is right, and what is the vlan id used for the LAN and if the nodes backhaul using the same vlan or need dedicated vlan
 

Attachments

  • home-network.pdf
    46 KB · Views: 6
Can you configure the PLANET switch GE9 to only accept traffic that is untagged, or tagged with VID 501, 502 or 503? Drop everything else.
 
Can you configure the PLANET switch GE9 to only accept traffic that is untagged, or tagged with VID 501, 502 or 503? Drop everything else.
I can set it to accept only untagged
Or
Set it as trunk(?) and Add vlans 501, 502, 503 and add GE9 to all of them.

501 is not belong to LAN1?
 
501 is not belong to LAN1?
Untagged traffic is "normal" LAN traffic, and VLANs 501, 502, and 503 are used to propagate isolated guest Wi-Fi networks to the AiMesh nodes. If you don't use guest Wi-Fi you could drop everything that isn't untagged.
 
Untagged traffic is "normal" LAN traffic, and VLANs 501, 502, and 503 are used to propagate isolated guest Wi-Fi networks to the AiMesh nodes. If you don't use guest Wi-Fi you could drop everything that isn't untagged.
Hi,
All ports on the managed switch configured to "access" with membership only to vlan no. 5, accepting only untagged only.
maybe they have bug and data coming from the 5G ROUTER is getting to lan as untagged data? or my configuration on the switch is removing the tag data ?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top