Enable VLAN tagging in stock RT-N66U?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

drinkingbird

Occasional Visitor
Curious if it would just be a matter of going into the CLI or serial interface to configure VLANs on stock ASUS firmware. Would need to assign a VLAN to each wireless interface then either set up a tagged port or assign different ports to each VLAN. I know it is a feature of Tomato but would like to stick with stock if at all possible.

The stock firmware supports everything I need (just going to run it as an AP) except I need to be able to assign different VLANs to different SSIDs.

I guess I could get the source code and figure out how to do it, but really don't have that much time on my hands....
 

srinivasvaradaraj

Regular Contributor
I am not sure what impact this will have on the GUI, cause stock firmware don't account for advanced users. But in short, the nvram listing WRT VLANs are here.

vlan2ports=0 8u
wl0_vlan_prio_mode=off
vlan2hwname=et0
wl_vlan_prio_mode=off
lan_ifnames=vlan1 eth1 eth2
vlan1hwname=et0
vlan1ports=1 2 3 4 8*
landevs=vlan1 wl0 wl1
wl1_vlan_prio_mode=off


Since this is built off busybox, I think the standard DD-wrt way of doing ( separating the interface from the bridge, tagging it ) works .
 

drinkingbird

Occasional Visitor
Great info, thanks. Of course who knows if it would save it on reload etc, would probably have to reapply the custom config a lot.

Is there a CLI interface via Telnet/SSH or only serial?
 

srinivasvaradaraj

Regular Contributor
There is a telnet interface to the router (administration > telnet). I wish it was ssh though. Anyway, it drops you into the busybox shell with root(#). You should be able to write to nvram using nvram set <variable key>=<variable value> pair. Finally, do a nvram commit to save. Recommend you also modify your firewall to block telnet access from your WAN as this traffic is sent clear text.
Although I am trying to find the nvram variable that could launch a startup/shutdown script. I haven't spent much time on it.
 
Last edited:

drinkingbird

Occasional Visitor
There is a telnet interface to the router (administration > telnet). I wish it was ssh though. Anyway, it drops you into the busybox shell with root(#). You should be able to write to nvram using nvram set <variable key>=<variable value> pair. Finally, do a nvram commit to save. Recommend you also modify your firewall to block telnet access from your WAN as this traffic is sent clear text.
Although I am trying to find the nvram variable that could launch a startup/shutdown script. I haven't spent much time on it.
Unfortunately even when you commit to nvram it seems to restore the settings for some things (like vlan1ports etc) on reboot. Guess I need to play with it more, I'm not terribly familiar with these, not sure if there is some config file somewhere that needs to be updated or what.
 

drinkingbird

Occasional Visitor
Well I've gotten so close to getting this working using RMerlin's build (to add scripting support).

I'm now at the point where I have VLANs working, the bridges split so the guest networks go to the second VLAN only, and encryption up and running on my primary networks. The issue at this point is as soon as I enable encryption on the guest networks, they're unable to connect. Work fine with no encryption, and the main wireless works fine with encryption, so need to tinker around a bit more.

I'm also looking to try and find a way to enable beamforming (AI Radar) in Tomato as that's the main thing keeping me from using it. Have started researching but need to do more, not sure if it is a matter of a newer driver being needed in Tomato or just some WL command that needs to be run.
 

drinkingbird

Occasional Visitor
I'm stumped, I have VLANs working, main network is up and running with WPA2, but guest network only works with no encryption or WEP. WPA/WPA2 causes it to fail with similar symptoms to when you are putting in the wrong password. So I can do guest with WPA without VLANs no problem, or vlans without WPA no problem, but somehow both doesn't work. Even stranger that WEP works fine, maybe WEP is fully in the radio hardware where WPA needs to communicate to the CPU and it isn't able to do it for some reason. Who knows. May have to just go to Tomato.
 

aurelijusb

Occasional Visitor
And what about VLANs on LAN ports? I want to split LAN1 and LAN2-4 ports to different VLANs. How can I do this on stock firmware?
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top