Asus Routers Chained Together question

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Pierre Nakashian

Occasional Visitor
my setup looks like below, I'm just wondering if Devices connected to Access point1, Access point 2
either direct or WIFI would get in trouble because of potential circular network path?
can traffic from access point1 end up in access point2 when their destination is internet,
then back to switch1 then finally to RT-AC5300 then internet.

I don't think i have an issue related to my setup, just occasional slow internet that doesn't last long.
I've looked through all menus, haven't found anything that is intended with this type of setup.
the access points (1,2) are configured with gateway ip that points to RT-AC5300 interface br0

The switch1 is just a switch center of the house connecting all rooms together with a single cable
then going to the ASUS RT-AC5300 from it.

Spanning Tree Protocol is enabled on ALL ASUS routers, all ASUS routers are on latest Asus merlin firmware 386.2_6

rough_network_setup.JPG


Thanks
 

eibgrad

Very Senior Member
There's nothing wrong w/ the configuration. Assuming the use of DHCP on the WAN, each router behind the switch has its own unique IP assigned to its WAN (from the RT-AC5300), and is NAT'ing the local traffic behind it w/ that IP. So there's never any confusion as to how traffic bound to the internet gets routed back to each WAN.
 

Pierre Nakashian

Occasional Visitor
There's nothing wrong w/ the configuration. Assuming the use of DHCP on the WAN, each router behind the switch has its own unique IP assigned to its WAN (from the RT-AC5300), and is NAT'ing the local traffic behind it w/ that IP. So there's never any confusion as to how traffic bound to the internet gets routed back to each WAN.
Thanks for the feedback,
I just checked both of those rt-ac68u configured as Access point neither had any NAT rules, I can add one, that's not hard.
Is adding a NAT rule best practices in my type of setup on all RT-AC68u configured as Access point? my access points are the same subnet as the main RT-AC5300, and all have static IP, no chance of another device getting the access point IP.



iptables --list -vnx -t nat
Chain PREROUTING (policy ACCEPT 1197426 packets, 279252357 bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 503373 packets, 126597539 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 86254 packets, 21307558 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 86254 packets, 21307558 bytes)
pkts bytes target prot opt in out source destination
 

eibgrad

Very Senior Member
Wait a second. You specifically illustrated these routers as being configured over their WAN ports, and never said they were configured *solely* as APs (i.e., no active WAN). If what you're telling me is that these are actually LAN to LAN connections (i.e., both secondary routers are bridged to the primary router, and all three share the same IP network (e.g., 192.168.1.0/24)), that's a different issue.
 

eibgrad

Very Senior Member
Even for a LAN to LAN setup, there's no issues here. There's no confusion about how traffic gets routed correctly back to the client. Each AP has its own unique IP on the private network, along w/ all other clients of the primary router's network, regardless which AP any client happens to be using.

Again, my only concern is you specified the WAN network interface on the APs, which creates a routed configuration (each router would manage its own IP network), NOT the LAN port and a bridged configuration (all routers share the same IP network).
 

Pierre Nakashian

Occasional Visitor
yes all three share 192.168.2.0/24, when I configure the RT-AC68U as an access point, the WAN port I believe became essentially another LAN port, with firewall disabled.
I don't think I can change the WAN port change to LAN port behavior, like other Firmware's not at least in the GUI.
For easy identification, I still use the labeled WAN port off the RT-AC68U to connect to the SWITCH1.

So is my config safe, or I'll have circular network paths? Or the STP saving me from myself?
 

eibgrad

Very Senior Member
It's fine. STP is only relevant to routing. But there is no routing within the shared 192.168.2.0/24 network. There are no loops. All devices are bridged and communicate directly with each other over ethernet. Routing only occurs once one of those devices needs to access the WAN. And even then you don't need to concern yourself about STP.
 

ColinTaylor

Part of the Furniture
Again, my only concern is you specified the WAN network interface on the APs, which creates a routed configuration (each router would manage its own IP network), NOT the LAN port and a bridged configuration (all routers share the same IP network).
In AP mode the "WAN" socket on the router is reassigned as just another LAN port.

EDIT: Oops, just noticed Pierre just said the same thing.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top