What's new

Getting vlans to work on an RT-AC88U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

tjhastings91

New Around Here
Hardware: RT-AC88U
Firmware: 382.1_beta3

After expending a whole lot of effort, I thought I might be able to block wired IoT smart devices at the port level from being able to access the local network. After reading 24 threads on this website, I cobbled together a script that was similar to what others had created. I think only one of those threads mentioned the same router. The script commands complete successfully, but wired devices can't connect to the router.

This wan-start script is supposed to allow the device connected to port 2 to access the Internet without access to the local network.
Code:
ip link add link eth0 name vlan20 type vlan id 20
ip addr add 192.168.20.1/24 brd 192.168.20.255 dev vlan20
ip link set dev vlan20 address 00:00:00:00:00:20
ip link set dev vlan20 up
brctl addif br0 vlan20
robocfg vlan 1 ports "0 1 3 5 7 8t"
robocfg vlan 20 ports "2t 8t"
ebtables -t broute -I BROUTING -p IPv4 -i vlan20 --ip-src 192.168.20.0/24 -j DROP
ebtables -t broute -I BROUTING -p ARP -i vlan20 --arp-ip-src 192.168.20./24 -j DROP
ebtables -I FORWARD -i vlan20 -o ! eth0 -j DROP
ebtables -I FORWARD -i ! eth0 -o vlan20 -j DROP

This dnsmasq.postconf script supports DHCP on the isolated network.
Code:
interface=vlan20
dhcp-range=vlan20,192.168.20.2,192.168.20.254,255.255.255.0,6h
dhcp-option=vlan20,3,192.168.20.1
dhcp-option=vlan20,6,208.67.222.222

Can you see what is blocking this setup from working ?
 
Could the problem be with using the ip command instead vconfig ?

I also notice that if an IP address and MAC address is not assigned to the vlan, the brctl command will cause the router to become unresponsive.
 
@Praveen Reddy :
I have a working solution with ac88u for my network...:)
I am not too good at english,
I can provide the scripts.
I have several networks / VLans provided, including iot devices and guest network ...
and they work!:)..
various tests are still pending..
before I post publicly, give me your e-mail adress if you want ..

best regards R. Hellmann / Germany
 
PS:
there is a difference between the installed firmware versions, I have the current! merlin firmeware 384.3
 
looking for users who also want to get a lot out of the ac88u ..
 
Hi, yes i have
and I work with several guest networks ...
Sorry, the link posted is no longer valid. I compile the new scripts and then put them back to download ...
 
Thanks here1310 - the scripts worked a dream (except for assigning router guest wifi 2 to br12 which was easily modified) :). Just need to understand why my wired printer drops off the network (I'll get there).

I've looked around unsuccessfully for a reasonable robocfg reference to answer what the 'ports' syntax is; I know that "T means Tagged, U for Untagged." (Merlin), but what does this *really* do:

robocfg vlan 100 ports "1t 2u 3"
  • "1t" - stuff turning up on port 1, already tagged as vlan 100, should be accepted as vlan 100; everything else is ignored (unless picked up via another port command).
  • "2u" - stuff turning up on port 2 which is not tagged as a vlan, should be accepted as vlan 100; everything tagged with a vlan is ignored.
  • "3" - everything turning up on port 3 will be treated as vlan 100, whether tagged or not.
... how far away is this from reality?
 
sorry, I have not used these settings since the productive switch to an rt-ac86u, because the HND routers are structured differently in this regard.
may be that the settings in the guest VLan contain an error ... it was a long time ago and rummaged from the archives ...
Good luck with further studying / trying!
best regards...
 
Hi all,

I am very happy that I have found this thread.
But, could you please let me know if all LAN 8 ports are usable (speaking about AC88U) using ?
Because I know that there's no way to configure VLANs on the Realtek switch. (4 ports are on this switch)

I intend to use something like this.

Code:
robocfg vlan 1 ports "1 2 3t 5 7 8t"
robocfg vlan 10 ports "3t 8t"

Please, should this vlan 10 work while all other LAN on Realtek usable at the same time?

Thank you very much,
amplatfus
 
It is not working in my case on AC88U.
I tried also:
Code:
robocfg vlan 10 ports "3 8t"
With this is working but randomly, I guess because port 3 is on both VLANs. The result is:
Code:
roocfg show
   1: vlan1: 0 1 2 3 5 7 8t
   2: vlan2: 4 8u
  10: vlan10: 3 8t

I tried also
Code:
robocfg vlan 1 ports "1 2 5 7 8t"
robocfg vlan 10 ports "3 8t"
In this case is working, but LAN 5-8 are down, I guess because there's no way to configure VLANs on the Realtek switch.

Please if you have any ideas how to separate LAN 1 on AC88U on a separate VLAN, please share it.
Thank you so much,
amplatfus
 
Hi,

I have found this info and I think maybe it wil be helpfull:
Code:
No robocfg?
The first problem is that robocfg is no more provided on AX88U (Broadcom’s HND platform). An alternative to robocfg on HND platform seems to be vlanctl2. However, after several hours of searching, trying and error, I believe vlanctl can only create tagged VLAN, which unfortunately can’t satisfy my need.

Source:
LAN port isolation (port-based VLAN) on ASUS RT-AX88U with Asuswrt-Merlin 384.16
Approach with Separate Bridge

All the best!
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top