ASUS RT-AX86U Pro ... and the allusive Guest Network Pro

[AdCo]

Help! I've been at this for days trying to work out how to get a Guest Network setup in a specific way before some guests arrive on Thursday.
I'm wanting the guests to have access to the internet via a separate SSID, and access to just a couple of my smart home devices (basically: the ability to send audio via wifi to a speaker, and the ability to use their Netflix account on their phone streamed onto the Smart TV or Apple TV).

Chat GPT and Gemeni told me that the ASUS RT-AX86U Pro would be able to do this via Guest Network Pro and VLAN, so after a false start with the RT-AXE7800) I ordered the ASUS RT-AX86U Pro.

In addition to the primary network, it said to setup a network in Guest Network Pro for IOT Devices, and a network for Guests. I put all of my IOT devices on the IOT Devices network, and (with a couple of device exceptions) I can access them from the primary network, and my guests cannot other than internet access - as was expected.

Then it said I could provide access to select devices I want the guests to be able to reach via IP or MAC address to the Guest Network so that users could send audio, etc, to those devices. It stepped me through a number of different ways it said this would work (and you'll have to forgive me a little here, as this is where my understanding of it is more sketchy) one after the other, and each ran into a dead-end, before, after hours at this, it tells me it was wrong and the router can't do it. I've probably put a little too much faith in ChatGPT and Gemeni (or maybe it's the operator) Either way, I don't trust it either way now as to whether the router can or can't do this.

From recollection it had me configuring settings related to
- DHCP server settings
- Route settings
- Firewall settings
(as different ways to solve it, as each previous way was unsuccessful)

Does anyone know - is what I'm wanting to do possible with this router?

I bought a WiiM Mini expecting that guests could send their audio to it, but if I put it on the IOT network they can't currently reach it, and so I tried putting it directly on the Guest Network, but the router doesn't allow access to it. They can reach it via the Spotify app, but this uses Spotify's internet routing rather an my internal wifi network (which isn't a big problem - but access to do this can't be reliant on all guests having a spotify account).

Any help, direction, or advice would be greatly appreciated!!
It is running the latest firmware 3.0.0.6.102_34349 and operating in Wireless Router mode.

 

[bennor]

The stock Asus 3006 firmware may not offer the granularity you seek. You may need to load Asus Merlin 3006.x firmware to the RT-AX86U Pro then use the custom scripting feature to modify the iptables to allow specific Guest Network Pro clients to access specific main LAN clients. There are a number of past discussions on Guest Network Pro and iptable scripting with Asus Merlin 3006 that can be found using the site search feature. For example, see my post at the following link for some script examples
https://www.snbforums.com/threads/t...st-network-pro-limitations.94438/#post-952345

Ps: some additional relevant discussion here:

mDNs / Bonjour / Multicast

Hi everyone, I am having issues with 3 HomePods in my home. I have 2 AirPlay receivers which work flawlessly, however my HomePods are very hit and miss to work, I took one on holiday and noticed it was much better than at home. Are there any settings or things to enable/check to ensure mDNs /...

www.snbforums.com

 

[AdCo]

The stock Asus 3006 firmware may not offer the granularity you seek. You may need to load Asus Merlin 3006.x firmware to the RT-AX86U Pro then use the custom scripting feature to modify the iptables to allow specific Guest Network Pro clients to access specific main LAN clients. There are a number of past discussions on Guest Network Pro and iptable scripting with Asus Merlin 3006 that can be found using the site search feature. For example, see my post at the following link for some script examples
https://www.snbforums.com/threads/t...st-network-pro-limitations.94438/#post-952345

Ps: some additional relevant discussion here:

mDNs / Bonjour / Multicast

Hi everyone, I am having issues with 3 HomePods in my home. I have 2 AirPlay receivers which work flawlessly, however my HomePods are very hit and miss to work, I took one on holiday and noticed it was much better than at home. Are there any settings or things to enable/check to ensure mDNs /...

www.snbforums.com

Thanks very much Bennor! The instructions on that post will be pushing my tech skills, but I really appreciate it - I'll take a look and see if I can work it out. In my case the devices I want the guest to be able to access are on the IOT SSID rather than the main network, but it sounds like this may still be possible using the same sort of approach. Am I right to think that updating to Merlin, the existing IOT and Guest networks I've created and the devices already setup are likely to remain setup and continue to work - I'd just be adding a file with firewall rules to try to handle these exceptions?

 

[bbunge]

It is a very good idea to factory reset and manually configure after a firmware change. in fact, it is more than a good idea!
If the clients you want your guests to access are on the IoT Guest WIFI, save yourself the pain of switching firmware and trying things that may not work and let them use the IoT WIFI.

 

[bennor]

Am I right to think that updating to Merlin, the existing IOT and Guest networks I've created and the devices already setup are likely to remain setup and continue to work - I'd just be adding a file with firewall rules to try to handle these exceptions?

It is generally not a bad idea to perform a factory reset when upgrading from stock Asus firmware to Asus-Merlin firmware. More on installing Asus-Merlin here: https://github.com/RMerl/asuswrt-merlin.ng/wiki/Installation
There is a dedicated Asus-Merlin subforum on this site where there is more discussion on that firmware.

Asuswrt-Merlin

Use this forum for posts about all versions of this alternative firmware for ASUS wireless routers

www.snbforums.com

How you have your router configured now can be configured the same way under Asus-Merlin firmware since Asus-Merlin firmware is based on Asus firmware.
The advantage of Asus-Merlin firmware, in addition to the many addon scripts is the customization it brings to allow one to configure the router in ways the stock firmware doesn't (easily if at all) allow.

You should give some thought as to why you would want devices on the Guest Network Pro network but still have those devices access clients on the main network. Do those Guest Network Pro clients really need to be on the guest network or would be benefit from being on the main network. If a device needs to straddle both networks, and that device has two network adapters then it may be possible to configure one network adapter for the main LAN network and the other for the Guest Network Pro/VLAN network.

 

[AdCo]

It is generally not a bad idea to perform a factory reset when upgrading from stock Asus firmware to Asus-Merlin firmware. More on installing Asus-Merlin here: https://github.com/RMerl/asuswrt-merlin.ng/wiki/Installation
There is a dedicated Asus-Merlin subforum on this site where there is more discussion on that firmware.

Asuswrt-Merlin

Use this forum for posts about all versions of this alternative firmware for ASUS wireless routers

www.snbforums.com

How you have your router configured now can be configured the same way under Asus-Merlin firmware since Asus-Merlin firmware is based on Asus firmware.
The advantage of Asus-Merlin firmware, in addition to the many addon scripts is the customization it brings to allow one to configure the router in ways the stock firmware doesn't (easily if at all) allow.

You should give some thought as to why you would want devices on the Guest Network Pro network but still have those devices access clients on the main network. Do those Guest Network Pro clients really need to be on the guest network or would be benefit from being on the main network. If a device needs to straddle both networks, and that device has two network adapters then it may be possible to configure one network adapter for the main LAN network and the other for the Guest Network Pro/VLAN network.

The intent is to have my personal devices, like my laptop on the main SSID separated from everything else, then to have the IOT devices on their own SSID, so that they can be logged into that, but still allow me to access those devices when I am connected on the primary network (that part appears to be working). The intention with the guest network is to be able to change the password with each guest, without needing to change the password for 15 IOT devices each time a guest changes - so I don't want guests connecting directly to the IOT SSID. I also don't want them to have access to all the devices on the IOT network (cameras, smart locks, etc) when they only need to be able to ise the internet, send audio to wifi connected speakers, and stream their netflix to the TV or Apple TV. I think that makes sense as a plan?

 

[AdCo]

It is a very good idea to factory reset and manually configure after a firmware change. in fact, it is more than a good idea!
If the clients you want your guests to access are on the IoT Guest WIFI, save yourself the pain of switching firmware and trying things that may not work and let them use the IoT WIFI.

OK cool, thanks for the advice re reset BBunge.
There are two problems with letting them use the IOT wifi...
(1) I don't want guests to have access to everything on the IOT (cameras, locks, etc), just a couple of devices so they can stream.
(2) From recollection I think the WiiM Mini device they'd be sending audio to also many not work on the IOT network (I'd need to re-check that) - I think the router may block sending to it unless it is on the main network.
While I can access most IOT network devices from the main network, I seem to only be able to connect to the WiiM Mini if I'm on the same network, and it is not a guest network.