You might find the following useful (at least how *I* solved the problem).
Overview The following script adds support for the creation of additional IP networks for the ASUS RT-AC68U running Asuswrt-Merlin firmware. https://pastebin.com/hvHHic1V The impetus for the script came from another forum member. The original intent was to simply add a single VLAN to the...
www.snbforums.com
Granted, it's only for the RT-AC68U, but could be adapted for other models w/ modest effort.
Thanks. It looks like you're doing the robocfg and brctl and nvram stuff under service-event-end, but I can't quite deduce which service event you're waiting to end?
My needs are far simpler. I'm actually taking advantage of the new GN1 behavior since it creates the bridge, subnet, DHCP, firewall, and everything for me. Simply creating VLAN 999, assigning it to port 4 and 5t, and adding it to BR1. I just tested and it behaves as expected, port 4 gets a 192.168.101.x IP and cannot ping or connect to the main LAN or the 192.168.101.1. Next I will add it to port 1t to send the guest network to my outdoor AP which allows VLAN per SSID.
Actually I'm thinking I might even be able to use the VLAN 501 that it creates, (since I'm not using AIMESH) but not sure if that would conflict with some of the other special configs that it has applied for those VLANs, specifically some special "WGN" ifnames nvram entries and a vlan_rulelist entry. Haven't played with it that much yet.
I have deduced that I can't do a conf.add for any of it, so will need to use a script. Just trying to figure out the best script to use, I need it to happen before the WAN is active (due to the FIOS bug) but after the configs for the ports and VLANs and bridges are initialized.
Out of curiosity, what does adding the new interface to lan1_ifnames (or lan, or lan2) accomplish? Seems to work without it, but I'm assuming it serves some purpose.
I didn't seem to have to do anything with eapd either, I've seen some that say "killall eapd" followed by "eapd". yours just calls eapd without killing first. I didn't do it at all and it was working but again, there is probably a purpose to it.
Code:
robocfg vlan 501 ports "1t 2t 3t 4t 5t"
robocfg vlan 502 ports "1t 2t 3t 4t 5t"
#Above is to remove them from port 0 which is causing issues with FIOS. I could just remove them from all ports since I'm not using AIMESH, but they won't hurt anything on the others.
robocfg vlan 1 ports "1 2 3 5t"
#Remove port 4 from VLAN 1
robocfg vlan 999 ports "1t 4 5t"
#Port 4 into VLAN 999 and also tag it on port 1 to outside AP
vconfig add eth0 999
ifconfig vlan999 up
#Add VLAN 999 to the switch interface and bring it up
brctl addif br1 vlan999
#Add VLAN 999 to the Guest Network 1 Bridge
nvram set lan1_ifnames="wl0.1 eth0.501 eth1.501 eth2.501 vlan999"
nvram set lan2_ifnames="wl1.1 eth0.502 eth1.502 eth2.502 vlan999"
#Not sure what these do really
nvram commit
#Not sure if this is needed if running via a script every time it boots.... can't hurt
killall eapd
eapd
#Not sure if these are needed either.