ASUS RT-N66U use VLAN's

[jao]

Based on the information I found on this forum and on other websites I suppose it is possible to use VLAN's on the ASUS RT-N66U. Can I do this in the default firmware or do I need to load another firmware?

What I'm trying to get is a WLAN router that does both corporate access and guest access, seperated by VLAN ID's. I already have a network set up with different VLANs, now I need to have the router have two SSID´s for each VLAN.

I hope someone can point me in the right direction.

 

[jyavenard]

Based on the information I found on this forum and on other websites I suppose it is possible to use VLAN's on the ASUS RT-N66U. Can I do this in the default firmware or do I need to load another firmware?

What I'm trying to get is a WLAN router that does both corporate access and guest access, seperated by VLAN ID's. I already have a network set up with different VLANs, now I need to have the router have two SSID´s for each VLAN.

I hope someone can point me in the right direction.

The hardware is certainly capable.
With the Asus Firmware you can do it using the telnet access and issuing command lines.

If you use the Tomato Firmware, either Toastman or Shibby: you have a nice UI to do it

 

[jao]

Thank you.
it looks like all the toastman directories are emtpy, so Shibby looks more promising.
Can I assign a VLAN to a wireless interface?

 

[drinkingbird]

I tried for days to get the stock (Rmerlins builds due to needing startup scripts) firmware to do VLANs, to no avail. You can get VLANs and even Trunking working, and a second bridge up and running with the guest wireless and second VLAN assigned, but I just could not get traffic to flow across that bridge. May have missed something but I exhausted every possibility I could find.

I'm running Shibby 0.93 with guest wireless assigned to a 2nd VLAN, been running solid for a few weeks now.

I'm only using it as an AP and my performance/throughput is excellent.

Only complaint is you don't seem to be able to adjust the TX power, the setting takes, but I don't see any change in signal no matter what I set it to, at least not beyond 80mW, I think changing the default 42 to 80 did help a little.

 

[StevenG]

So I'm trying to get this to work, but have not been successful. I'm sure I've set something wrong.

I have a second wireless AP I want to use for a guest network. I assume I just needed to create a 2nd VLAN with a specific port active (and not active on any other VLAN), and then that would do it. But I need to create a new LAN bridge, is that right? I tried that, and could not get out to the internet.

I'm running Shibby's 097 64k AIO firmware.

Any tips would be greatly appreciated.

Thanks!

 

[drinkingbird]

So you want to plug the 2nd AP into the RT-N66U? Trying to figure out what your design is, you can do dual wireless networks on dual VLANs using just the 66u (and Tomato of course).

So I'm trying to get this to work, but have not been successful. I'm sure I've set something wrong.

I have a second wireless AP I want to use for a guest network. I assume I just needed to create a 2nd VLAN with a specific port active (and not active on any other VLAN), and then that would do it. But I need to create a new LAN bridge, is that right? I tried that, and could not get out to the internet.

I'm running Shibby's 097 64k AIO firmware.

Any tips would be greatly appreciated.

Thanks!

 

[StevenG]

Thanks for the reply.

You are correct, I was going to hand a second AP off the Asus for the guest wireless. I wanted to create a second VLAN to completely isolate the LANs so noone on the guest LAN could see anything, including the router IP itself, on the private VLAN.

I know Tomato and the Asus can do the guest wireless, but everything I read said it was really still experimental and not ready for primetime. I figured I had an old Buffalo router (also running Tomato), that I could use.

But if the mod version I'm using (Shibby 097 64k nvram) is stable, I'll give it a go. You would still need a separate VLAN for the guest wireless right?

Thanks!

 

[drinkingbird]

Thanks for the reply.

You are correct, I was going to hand a second AP off the Asus for the guest wireless. I wanted to create a second VLAN to completely isolate the LANs so noone on the guest LAN could see anything, including the router IP itself, on the private VLAN.

I know Tomato and the Asus can do the guest wireless, but everything I read said it was really still experimental and not ready for primetime. I figured I had an old Buffalo router (also running Tomato), that I could use.

But if the mod version I'm using (Shibby 097 64k nvram) is stable, I'll give it a go. You would still need a separate VLAN for the guest wireless right?

Thanks!

I've been running .95 with guest wireless on separate VLAN for a couple months and it has been rock solid. I'm using it as an AP only but the setup is basically the same, I just gave my 2nd bridge a dummy IP (don't want guests accessing it) and disabled DHCP. If you give both bridges a real IP (two different subnets) and enable DHCP with two matching ranges, you should be good to go. You set the non guest wireless to one bridge/vlan and the guest to another obviously.

 

[StevenG]

First, thanks for trying to help me out. I really appreciate it.

I just tried to do it all with Tomato, and no luck. I'm not even seeing the virtual wireless SSID being broadcast. If I manually enter, my devices can't find it.

Here's what I did.

1. Set up a new LAN, br1 with a different subnet as br0, and with DHCP enabled.
2. Created a virtual wireless interface wl0.1. SSID is set to broadcast and it's defined as an access point. This virtual wireless interface is bridged to br1 (set up in step 1).
3. (not sure if I needed this part) Created a new VLAN, vlan 3, set to bridge to br1.

So I can't see the SSID and can't access it manually. Perhaps it won't work on an Asus? You have it going on an Asus Rt-N66U as well?

Thanks again!

 

[drinkingbird]

Yes 66u using v 0.95 Shibby.

After you configure everything, may need to reboot the router to see the guest network.

First, thanks for trying to help me out. I really appreciate it.

I just tried to do it all with Tomato, and no luck. I'm not even seeing the virtual wireless SSID being broadcast. If I manually enter, my devices can't find it.

Here's what I did.

1. Set up a new LAN, br1 with a different subnet as br0, and with DHCP enabled.
2. Created a virtual wireless interface wl0.1. SSID is set to broadcast and it's defined as an access point. This virtual wireless interface is bridged to br1 (set up in step 1).
3. (not sure if I needed this part) Created a new VLAN, vlan 3, set to bridge to br1.

So I can't see the SSID and can't access it manually. Perhaps it won't work on an Asus? You have it going on an Asus Rt-N66U as well?

Thanks again!

 

[StevenG]

Hmmm. I did. No luck.

Are the 3 things I did what I needed? Did I need to create the VLAN (step 3)?

Thank you again.

 

[drinkingbird]

Hmmm. I did. No luck.

Are the 3 things I did what I needed? Did I need to create the VLAN (step 3)?

Thank you again.

I would do a hard reset (Administration - Configuration - restore default - thorough), then start from scratch.

First set up your two bridges on the basic setup page, and your main wireless settings, should be mostly defaults except for your network name and security method.

Then create your vlan3 and assign to br1. You shouldn't need to assign any physical ports into it if you don't need them.

Then create your WL0.1 and WL1.1 (optional but I'm assuming you want both bands) and use a different SSID than your primary wireless. Ensure both are assigned to BR1.

 

[StevenG]

Ok. Still not broadcasting. Maybe I'm missing a switch or something somewhere for the wl0.1 virtual wireless network?

I did a full NVRAM wipe, but I did restore a config I had saved. I have a lot of IPs and stuff set up for static DHCP as well as some access restrictions. I really didn't want to start from scratch. You really think it might make a difference?

Unless it's just not working in 097?

 

[RMerlin]

Restoring to factory default then reloading saved settings pretty much ends up doing nothing - all the same settings will be reapplied, and you're back to square one

 

[StevenG]

Thanks. I thought that might be the case. So I just did it fresh, and just started over.

I did get it to broadcast, but not until I hit "Scan" next to the wifi channel on the BASIC network page. But I can't connect to it. I get an error, saying can't join. This is the case when I have any encryption set. When I have it wide open, it connects ok and works. If I then switch it to encryption, it doesn't switch. I can connect (if I scan in tomato again), without any security...

In this case though (when it worked), I was able to still connect to the router's IP, on a different subnet, from the guest network. I thought the whole idea of a VLAN would prevent that. Wonder if I missed something.

And after a while, the guest network disappears from the list of available networks. So it's not staying broadcasting.

I really wish I could get this going. I know it's still considered experimental. I was originally just hooking up another AP I had, that I wanted on its own VLAN, but since others have this working, it seems like a better solution.

Thanks again all.

 

[drinkingbird]

I haven't tried 0.97 yet, so maybe try 0.95? I've set up 95 several times with no issues, other than having to reboot after changing any wireless settings or the guest network will show no signal to clients, a known bug.

When you changed to tomato, and/or when upgrading to 0.97 from a previous version, did you do that total NVRAM wipe reset? If not, you're going to have a lot of problems like this, it is a required step.

Like Merlin said, wiping and restoring does nothing. If you have a lot of a certain thing you could probably copy the command line, reset, then paste it back in to make it faster to restore.

Thanks. I thought that might be the case. So I just did it fresh, and just started over.

I did get it to broadcast, but not until I hit "Scan" next to the wifi channel on the BASIC network page. But I can't connect to it. I get an error, saying can't join. This is the case when I have any encryption set. When I have it wide open, it connects ok and works. If I then switch it to encryption, it doesn't switch. I can connect (if I scan in tomato again), without any security...

In this case though (when it worked), I was able to still connect to the router's IP, on a different subnet, from the guest network. I thought the whole idea of a VLAN would prevent that. Wonder if I missed something.

And after a while, the guest network disappears from the list of available networks. So it's not staying broadcasting.

I really wish I could get this going. I know it's still considered experimental. I was originally just hooking up another AP I had, that I wanted on its own VLAN, but since others have this working, it seems like a better solution.

Thanks again all.

 

[octopus]

Use 099V from Shibby, multi wifi bug is fixed.

 

[StevenG]

I always clear NVRAM when going to new versions. Always. In this case, I figured same version, just try the reload.

But Octopus, sounds like there's a bug in 97. Didn't know a 99 existed, must have just come out. I'll check it out!

Thanks.

 

[StevenG]

I meant to ask when all this is working, should an IP issues on wl0.1 be able to access an IP, including the router IP, on br0? I thought VLANs would keep it all separate.

Thanks

 

[drinkingbird]

I meant to ask when all this is working, should an IP issues on wl0.1 be able to access an IP, including the router IP, on br0? I thought VLANs would keep it all separate.

Thanks

Only if you enable it on the lan access screen, by default it should not be able to do that, as far as I know anyway.