1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Asus Multi-SSIDs, VLAN flash questions

Discussion in 'Asuswrt-Merlin' started by RBJ32, Apr 15, 2019.

  1. RBJ32

    RBJ32 Occasional Visitor

    Joined:
    Apr 22, 2017
    Messages:
    42
    (Old retired) Newbee questions. I recently installed a new router (Asus RT-AC68P) which as I understand is the RT-AC68U version 2). Anyhow I have one guest SSID setup for visitor smartphone WiFi and one for Roku. Also a regular LAN 2.4 setup. I'm curious about a few things, I realize my curiosities may encompass proprietary hardware info that is not available. But you guys are pretty knowledgeable and I'm interested in your input.

    (1)How do these routers implement the multi-SSIDs (?) do they actually have more than one AP inside the router broadcasting to each SSID (?). Are they on the same channel within each frequency.

    (2a)If I check not to allow intranet (LAN) access then I surmise this is somewhat as effective but not as effective as what VLAN wired switches do?

    (2b)I read that VLANs are implemented with a tag for each port and there seems to be some firewall rules added also (correct?).

    (3)If I wanted to experiment with VLAN I surmise I'd have to flash the router with a third party firmware with dd-wrt ability (?) and be sure it's compatible or end up with a brick.

    (4)I read (somewhere) of a dd-wrt flash for the RT-AC68U but do they have one for the RT-AC68P ? Maybe I should just buy a used RT-AC68U for the flash (?)
    If it works I could NAT it behind 68P.

    Appreciate just whatever input anyone has time to give, for a curious learner.
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,049
    Location:
    UK
    (1) Guest networks are virtual interface created from the primary interface. As such they operate on the same channel as the primary does.
    (2a) The router uses netfilter to block/allow traffic to the intranet.
    (2b,3,4) Asus doesn't use VLANs (at least not in the way you're talking about). Try Tomato instead. Or just buy a cheap managed switch.
     
    RBJ32 likes this.
  3. Grisu

    Grisu Very Senior Member

    Joined:
    Aug 28, 2014
    Messages:
    1,621
    as far as I know 68P got different (newer) hardware and is not supported by DD-WRT (easy to be left with a brick), dont know about Tomato.
     
    Last edited: Apr 18, 2019 at 5:38 AM
    RBJ32 likes this.
  4. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    29,807
    Location:
    Canada
    Tomato doesn't support the BCM4709C0 used by newer RT-AC68U revisions.
     
    RBJ32 likes this.
  5. RBJ32

    RBJ32 Occasional Visitor

    Joined:
    Apr 22, 2017
    Messages:
    42
    Thanks for the replies, looking at the DD-WRT supported list most Asus had a hyphen - for the H.W. ver.
    Model || H.W. Rev || Chip data || ------------------- Min usable DD-WRT Ver.
    RT-AC68P || - || Broadcom BCM4709 @1000 || rt-ac68u build 22490 20131008 (same file 68P and 68U)
    RT-AC68U || - || Broadcom BCM4708A0 @800 || rt-ac68u build 22490 20131008
    (1) What exactly does that mean when the H.W. version is blank with a hypen?

    But as it turns out I want to leave my RT-AC68P with the Asus firmware update, it runs great and there aren't many new RT-AC68P for sale anymore.
    (2) I looked up my old Linksys (WRT54G v2.2) on the DD-WRT supported list and it does show the H.W. ver, but has a blank space in the DD-WRT firmware file. So I guess that's not supported then?

    Was looking at some older cheaper Asus models to play around with DD-WRT,
    (3) At https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices#Asus,
    At top of list is says, Recommended: use ASUS Firmware Restoration Tool for ASUS router initial flash (*.TRX file)
    So I surmise that means to do the DD-WRT flash as if you were restoring the DD-WRT firmware file and not to use the Asus manual select firmware update?
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,049
    Location:
    UK
    Unless you can find a recent discussion about a specific DD-WRT release on your exact hardware I wouldn't trust anything on the DD-WRT wiki.

    My personal experience of DD-WRT from a couple of years ago was that the wiki is hopelessly out of date, there's no interest in fixing bugs unless they're applicable to every router, they're happy to leave up router-bricking firmware builds, and the forums tend to be hostile. But YMMV.
     
    RBJ32 and L&LD like this.
  7. RBJ32

    RBJ32 Occasional Visitor

    Joined:
    Apr 22, 2017
    Messages:
    42
    Thank you Colin, I will heed your warning on that. However after I left here this morning I had a bit of tussle there this morning. I had read somewhere this user had success flashing the WRT54G v2.2 with the "dd-wrt.v24_mini_wrt54g.bin"
    So I went to https://wiki.dd-wrt.com/wiki/index.php/Linksys_WRT54G_v2.2 and there downloaded the said file with no issues.

    Then I proceeded to attempt to download the recover file (which I presume is an OEM flash?) in case I might need that. It was listed under "Reverting to OEM", Download and unzip OEM firmware WRT54G_v4.21.1_fw.zip

    ----- but as soon as I clicked on the highlighted line there as,
    Go to Administration->Firmware Upgrade and select WRT54G_v4.21.1_fw.bin

    ---- I got Norton popup warning here which basically said,
    Norton has detected a large amount of suspicious outbound traffic, your computer may be infected. Do you want to run Norton Eraser?
    --
    Uh . . well I set my coffee down and immediately closed the browser and disabled my network adapter.
    Then I ran MalwareBytes with rootkits and it found nothing.
    Then I ran CCleaner and cleaned everything except the registry.
    Then I ran AdwCeaner and it found nothing.
    So then enabled the network adapter and ran Norton Eraser and it found nothing.
    But evidently there is some activity going on at the IP of that recovery file link at 162.210.196.166.

    I will hold off for now on any further recreational activity of dd-wrt for now (lol).
    Below is the full Norton report
    -----------------------------------------
    Norton Report:
    Activity, An intrusion attempt by 162.210.196.166 was blocked.
    Date & Time, 04/18/2019 9:30:39 AM
    Status, Blocked
    Recommended Action, No action required
    -Advanced Details,
    IPS Alert Name, Web Attack: Malicious Redirection 21
    Default Action, No Action Required
    Action Taken, No Action Required (but it popped up the Norton Eraser prompt)

    Attacking Computer, "162.210.196.166, 80"

    Attacker URL, "downloads.linksysbycisco.com/downloads/firmware/1224638367382/WRT54G_v4.21.1_fw.zip?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=2024fbda-61de-11e9-b0f9-bb0345b0b91d"

    Destination Address,"192.168.1.16, 59526"

    Source Address, 162.210.196.166

    Traffic Description, TCP, www-http

    Network traffic from, downloads.linksysbycisco.com/downloads/firmware/1224638367382/WRT54G_v4.21.1_fw.zip?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=2024fbda-61de-11e9-b0f9-bb0345b0b91d

    matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE.
     
    L&LD likes this.
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,049
    Location:
    UK
    Well that's good isn't it! :eek:

    Looks like the linksysbycisco.com domain has been hijacked by scammers (or maybe they bought it after it expired). I hope when you tried to download the OEM file you didn't agree to install any of the "extensions" that pop up.
     
    Last edited: Apr 18, 2019 at 1:38 PM
    RBJ32 and L&LD like this.
  9. RBJ32

    RBJ32 Occasional Visitor

    Joined:
    Apr 22, 2017
    Messages:
    42
    No I wouldn't have done that but I never had a chance anyhow before Norton Popped up and did it's job. I run both Norton and Malwarebytes. They each catch their share of crap looking at their logs but Norton was the first out of the shute yesterday.

    I will try looking at Tomato and see if my Linksys WRT54G v2.2 is supported there. Otherwise I'll keep looking for a good deal on an older supported Asus router for Tomato. I scanned the Asuswrt-Merlin briefly but did not see any references to having Vlan features (?) which is mainly what I want to play around with.

    Thanks again everyone's help that I've gotten from this forum.
     
  10. RBJ32

    RBJ32 Occasional Visitor

    Joined:
    Apr 22, 2017
    Messages:
    42
    With my limited knowledge not going to rush this still reading docs I find and even though it's my old router will probably wait till I get battery backup for router before doing flash.
    But have a question on the firmware download.

    At Shibby's router list at, http://tomato.groov.pl/?page_id=69

    It had my wrt54g v2.2 router in it's supported list. (firmware)
    Model |CPU Type|CPU Freq | LAN | Flash/RAM | Version | Notes
    -------------------------------------------------------------------------------------------
    Linksys WRT54G/GL/GS v1-v4 | R1 | 200-240 | 100 Mbps | 4-8/32-64MB | K24 or K26 |

    On downloads I chose to download the K24 at,
    http://tomato.groov.pl/download/K24/build5x-124-EN/
    and I see this,
    -------- Name ----------------------------------Last modified------ Size
    extras.tar.gz---------------------------------2014-12-25 00:00----1.9 MB
    fileMD5SUM -----------------------------------014-12-25 00:00---0.577 B
    filetomato-ND-1.28.5x-124-SD-VPN.trx----------2014-12-25 00:00----3.7 MB
    filetomato-ND-1.28.5x-124-VPN.trx------------ 2014-12-25 00:00----3.5 MB
    filetomato-NDUSB-1.28.5x-124-Big-VPN.trx----2014-12-25 00:00----4.7 MB
    filetomato-NDUSB-1.28.5x-124-BT-VPN.trx---- 2014-12-25 00:00--- 4.9 MB
    filetomato-NDUSB-1.28.5x-124-BTgui.trx ------- 2014-12-25 00:00-----4.2 MB
    filetomato-NDUSB-1.28.5x-124-Nocat-VPN.trx---2014-12-25 00:00----4.6 MB
    filetomato-NDUSB-1.28.5x-124-VPN.trx-----------2014-12-25 00:00----4.5 MB

    ( ? ) Don't care about USB so looking at http://tomatousb.org/doc:build-types it looks like I want either
    filetomato-ND-1.28.5x-124-SD-VPN.trx or filetomato-ND-1.28.5x-124-VPN.trx
    (Not sure what the SD is for (?) also what exactly are the extras and how to install)

    But will keep looking around.
     
  11. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,049
    Location:
    UK
    This is the wrong sub-forum for your questions now, as you aren't using an Asus router and it isn't about Merlin's firmware.
     
    Jack Yaz likes this.
  12. RBJ32

    RBJ32 Occasional Visitor

    Joined:
    Apr 22, 2017
    Messages:
    42
    Oh thanks did not realize SNB was limited to Asus & Merlin, will make a note. I did find out the SD-VPN includes support for SDHC cards so all I need is the image/tomato-ND-1.28.5x-124-VPN.trx
     
  13. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    8,488
    It's not limited to Asus and RMerlin. ;)

    But this thread is in the 'Asuswrt-Merlin' subforum though. :)
     
  14. RBJ32

    RBJ32 Occasional Visitor

    Joined:
    Apr 22, 2017
    Messages:
    42
    Oh thanks, duh I was so busy searching links today I didn't catch the sub delineation. Sloppy of me (sorry) it's past due time for new eyeglass prescription. You gotta watch old guys like me sometimes.
     
    L&LD likes this.