Help setting up VLAN on ASUS RT-AC68U

[FalconB]

Doing a 'VLANswitch.sh 40" yields the same error as before (ifconfig: bad address 'up'). Here's the output from 'VLANswitch 40 status verbose':

        v1.19b non-Public Beta VLAN Switch Port 4 Configuration Status:


        'None40' vlan40 Robocfg Status
        ==============================
   1: vlan1: 1 2 3 4t 5t
  40: vlan40: 4t 5t


        'None40' vlan40 Bridge Status
        =============================



        'None40' vlan40 Status
        ======================
vlan40    Link encap:Ethernet  HWaddr 38:D5:47:20:D3:A8
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

          alias None40


        'None40' vlan40 Statistics
        ==========================
vlan40  VID: 40  REORDER_HDR: 1  dev->priv_flags: 1
         total frames received            0
          total bytes received            0
      Broadcast/Multicast Rcvd            0

      total frames transmitted            0
       total bytes transmitted            0
            total headroom inc            0
           total encap on xmit            0
Device: eth0
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
 EGRESS priority mappings:

                Firewall rules
                ==============
Chain MyInput (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     udp  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            multiport dports 53,67
2        0     0 ACCEPT     tcp  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
3        0     0 DROP       all  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            state NEW

Chain MyVLANs (1 references)
num   pkts bytes target     prot opt in     out     source               destination
3        0     0 DROP       all  --  br0    vlan+   0.0.0.0/0            0.0.0.0/0            state NEW
4        0     0 DROP       all  --  vlan+  br0     0.0.0.0/0            0.0.0.0/0            state NEW
5        0     0 ACCEPT     all  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            state NEW

                DNS VPN rules
                =============


        'None40' vlan40 ACTIVE devices (ARP only accurate within 60secs?)
        =================================================================

 

[Martineau]

Doing a 'VLANswitch.sh 40" yields the same error as before (ifconfig: bad address 'up'). Here's the output from 'VLANswitch 40 status verbose':

        v1.19b non-Public Beta VLAN Switch Port 4 Configuration Status:


        'None40' vlan40 Robocfg Status
        ==============================
   1: vlan1: 1 2 3 4t 5t
  40: vlan40: 4t 5t


        'None40' vlan40 Bridge Status
        =============================



        'None40' vlan40 Status
        ======================
vlan40    Link encap:Ethernet  HWaddr 38:D5:47:20:D3:A8
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

          alias None40


        'None40' vlan40 Statistics
        ==========================
vlan40  VID: 40  REORDER_HDR: 1  dev->priv_flags: 1
         total frames received            0
          total bytes received            0
      Broadcast/Multicast Rcvd            0

      total frames transmitted            0
       total bytes transmitted            0
            total headroom inc            0
           total encap on xmit            0
Device: eth0
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
 EGRESS priority mappings:

                Firewall rules
                ==============
Chain MyInput (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     udp  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            multiport dports 53,67
2        0     0 ACCEPT     tcp  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
3        0     0 DROP       all  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            state NEW

Chain MyVLANs (1 references)
num   pkts bytes target     prot opt in     out     source               destination
3        0     0 DROP       all  --  br0    vlan+   0.0.0.0/0            0.0.0.0/0            state NEW
4        0     0 DROP       all  --  vlan+  br0     0.0.0.0/0            0.0.0.0/0            state NEW
5        0     0 ACCEPT     all  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            state NEW

                DNS VPN rules
                =============


        'None40' vlan40 ACTIVE devices (ARP only accurate within 60secs?)
        =================================================================

What happens if you run the command again?

Also check

cat /etc/dnsmasq.conf

cat /jffs/configs/dnsmasq.conf.add

 

[FalconB]

What happens if you run the command again?

Also check

cat /etc/dnsmasq.conf

cat /jffs/configs/dnsmasq.conf.add

Ok, here it is. I wonder what VLAN 141 is?

XXX@RT-AC68U:<path># ./vlanswitch.sh 40

(vlanswitch.sh): 6382 v1.19b non-Public Beta © 2016-2018 Martineau. VLAN configuration utility.


ifconfig: bad address 'up'

        (vlanswitch.sh): 6382 VLAN 'vlan40' alias 'None40' (.0/24) via Switch Port 4 created for downstream VLAN switch(s)


XXXX@RT-AC68U:<path># ./vlanswitch.sh 40

(vlanswitch.sh): 6679 v1.19b non-Public Beta © 2016-2018 Martineau. VLAN configuration utility.


ifconfig: bad address 'up'

        (vlanswitch.sh): 6679 VLAN 'vlan40' alias 'None40' (.0/24) via Switch Port 4 created for downstream VLAN switch(s)

/etc/dnsmasq.conf:

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
no-poll
no-negcache
cache-size=1500
min-port=4096
bogus-priv
domain-needed
dhcp-range=lan,192.168.1.230,192.168.1.250,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=tun21
interface=tun22
trust-anchor=.,19036,8,2,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
trust-anchor=.,20326,8,2,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dnssec
stop-dns-rebind
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
# Auto created by VLANSwitch.sh VLAN=vlan141 uses DHCP pool 192.168.141.2 - 192.168.141.20
interface=br40
dhcp-range=vlan141,192.168.141.2,192.168.141.20,255.255.255.0,14400s
dhcp-option=vlan141,3,192.168.141.1
dhcp-option=vlan141,6,192.168.141.1,208.67.220.220,8.8.8.8
server=127.0.0.1#65053
# start of Diversion directives #
addn-hosts=/opt/share/diversion/list/blacklist
addn-hosts=/opt/share/diversion/list/blockinglist
log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log
# end of Diversion directives #

/jffs/configs/dnsmasq.conf.add:

# Auto created by VLANSwitch.sh VLAN=vlan141 uses DHCP pool 192.168.141.2 - 192.168.141.20
interface=br40
dhcp-range=vlan141,192.168.141.2,192.168.141.20,255.255.255.0,14400s
dhcp-option=vlan141,3,192.168.141.1
dhcp-option=vlan141,6,192.168.141.1,208.67.220.220,8.8.8.8

 

[Martineau]

Ok, here it is. I wonder what VLAN 141 is?

XXX@RT-AC68U:<path># ./vlanswitch.sh 40

(vlanswitch.sh): 6382 v1.19b non-Public Beta © 2016-2018 Martineau. VLAN configuration utility.


ifconfig: bad address 'up'

        (vlanswitch.sh): 6382 VLAN 'vlan40' alias 'None40' (.0/24) via Switch Port 4 created for downstream VLAN switch(s)


XXXX@RT-AC68U:<path># ./vlanswitch.sh 40

(vlanswitch.sh): 6679 v1.19b non-Public Beta © 2016-2018 Martineau. VLAN configuration utility.


ifconfig: bad address 'up'

        (vlanswitch.sh): 6679 VLAN 'vlan40' alias 'None40' (.0/24) via Switch Port 4 created for downstream VLAN switch(s)

/etc/dnsmasq.conf:

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
no-poll
no-negcache
cache-size=1500
min-port=4096
bogus-priv
domain-needed
dhcp-range=lan,192.168.1.230,192.168.1.250,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=tun21
interface=tun22
trust-anchor=.,19036,8,2,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
trust-anchor=.,20326,8,2,XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dnssec
stop-dns-rebind
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
# Auto created by VLANSwitch.sh VLAN=vlan141 uses DHCP pool 192.168.141.2 - 192.168.141.20
interface=br40
dhcp-range=vlan141,192.168.141.2,192.168.141.20,255.255.255.0,14400s
dhcp-option=vlan141,3,192.168.141.1
dhcp-option=vlan141,6,192.168.141.1,208.67.220.220,8.8.8.8
server=127.0.0.1#65053
# start of Diversion directives #
addn-hosts=/opt/share/diversion/list/blacklist
addn-hosts=/opt/share/diversion/list/blockinglist
log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log
# end of Diversion directives #

/jffs/configs/dnsmasq.conf.add:

# Auto created by VLANSwitch.sh VLAN=vlan141 uses DHCP pool 192.168.141.2 - 192.168.141.20
interface=br40
dhcp-range=vlan141,192.168.141.2,192.168.141.20,255.255.255.0,14400s
dhcp-option=vlan141,3,192.168.141.1
dhcp-option=vlan141,6,192.168.141.1,208.67.220.220,8.8.8.8

What happens if you enter

 ./vlanswitch.sh   40   1   bridge   notag

 

[Martineau]

I wonder what VLAN 141 is?

I cannot predict in advance which VLANs already exist in your environment, so (probably over ambitious) I try and make sure that for the 'bridge autodnsmasq' method, the unique dnsmasq.conf directives inserted shouldn't clash and create an issue.

Hence, because my downstream switches are VLAN tagging capable, their naming convention is VLAN30,VLAN40 etc. but in your case 'VLAN141' should match the IP subnet for 'br40 Port 1'

i.e. 100+40+1 where VLANs > 100 in my environment are recognised as assigned to bridges.

Clearly, you may edit the /jffs/configs/dnsmasq.conf directives to suit your naming convention or create them manually.

 

[FalconB]

What happens if you enter

 ./vlanswitch.sh   40   1   bridge   notag

The router hangs as it did yesterday, needing a power-cycle to come alive again. I'm not sure it's your script that's not working, it could well be my environment. I'm thinking of doing a complete reset of my router since I did a "dirty"-firmware upgrade to latest merlin-fw, just to be sure I start from scratch/vanilla with no junk left in the configs. But that will have to wait a couple of days.

So i think I'll pause my experiments with the script for now, the family don't like when internet goes down because I have to "fix" something that wasn't broken in the first place . I'll update the thread once I've resetted the router and tried the script once again after that.

Once again, thanks for your efforts and support!

 

[mzuri]

OK I think I have found the bug.
Please download v1.19b

Hi Martneau,

Can you share vlanswitch.sh please with me too mate?

Thanks
Mzuri

 

[Martineau]

All beta testers.....

Please download v1.20

 

[58chev]

@Martineau I'd be interested in looking at the functionality of vlanswitch.sh.

I do have a switch that supports VLANS and it would be nice to be able to segregate some of the devices on my network.

 

[58chev]

Only had a limited time to do an initial test run. SWMBO stepped out to the store.

First impressions:
inserted directives for VLAN 20 into dnsmasq.conf
Ran vlanswitch to create vlan 20

GOOD SIGN, my router did not hang. I was still able to continue with my laptop on wifi connected to another router in AP mode.

I can only surmise that the script worked fine, it knocked my FTP server off the network which is hard coded to 192.168.1.7 and on a switch connected to port 4.

@RT-AC66U_B1:/jffs/scripts# sh vlanswitch.sh 20

(vlanswitch.sh): 22390 v1.21 non-public Beta © 2016-2018 @Martineau. VLAN configuration utility.



        (vlanswitch.sh): 22390 VLAN 'vlan20' alias 'None20' (10.88.20.0/24) via Switch Port 4 created for downstream VLAN switch(s)

When I ran vlanswitch.sh 20 del in output on my putty looked like all went well with the removal of the vlan.
Unfortunately the switch connected to port 4, all the devices on it lost network. After a reboot, all is OK.

 

[Martineau]

inserted directives for VLAN 20 into dnsmasq.conf

Did you manually create the 'dnsmasq.conf.add' entries or did you use the 'autodnsmasq' directive?

GOOD SIGN, my router did not hang. I was still able to continue with my laptop on wifi connected to another router in AP mode.

Always a GOOD sign when using my shoddy scripts , but the reported crash only seemingly occurs when using the 'bridge notag' method

I can only surmise that the script worked fine, it knocked my FTP server off the network which is hard coded to 192.168.1.7 and on a switch connected to port 4.

@RT-AC66U_B1:/jffs/scripts# sh vlanswitch.sh 20
        (vlanswitch.sh): 22390 VLAN 'vlan20' alias 'None20' (10.88.20.0/24) via Switch Port 4 created for downstream VLAN switch(s)

Is your LAN subnet 10.88.xx.xx?

When I ran vlanswitch.sh 20 del in output on my putty looked like all went well with the removal of the vlan.
Unfortunately the switch connected to port 4, all the devices on it lost network.

You will need to check the VLAN configuration after it is created using:

sh vlanswitch.sh 20 status verbose

but did you correctly configure the downstream switch connected to Port 4 to tag/pass VLAN20 traffic i.e. VLAN20 for the port the FTP server is attached to, and define the port on the switch connecting it to the router as a VLAN 'trunk' port?
Which switch model?

After a reboot, all is OK.

Apart from the entries in 'dnsmasq.conf.add' until you add the VLAN creation to the boot sequence, then a reboot will reset everything, but expecting the downstream devices to immediately re-request/use their original IP without being unplugged/power cycled isn't immediate/automatic i.e. instead of rebooting when you delete VLAN20 try unplugging the downstream switch's ethernet or power it off/on?
​

As per the title of the thread, the script is RT-AC68U specific (although it also works on RT-AC56Us), yet there are requests from users like yourself running different hardware.

v1.21 adds your 'RT-AC66_B1' to the accepted/supported router models in the script, so whilst it should be identical to the RT-AC68U I can't be 100% sure - but the differences (if any) should be cosmetic hence your inclusion in the Beta.

 

[joe scian]

Looks Like its created successfully Martineau - so if I want to assign my Guest Wifi 1 ( 2.4ghz only ) wl0.1 to VLAN 111 and remove wl0.1 from br0 and assign to br10 is this catered for in the script? Since I am using LAN Ports 2,3 4 ( VLAN1 ) I wanted to assign newly created VLAN 111 to my IOT devices ( they are all 2.4ghz ). Hope this makes sense.

joescian@RT-AC5300-0680:/jffs/scripts# robocfg show
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 2 jumbo: off mac: fc:5b:39:27:de:50
Port 1: DOWN enabled stp: none vlan: 111 jumbo: off mac: 00:00:00:00:00:00
Port 2: 10HD enabled stp: none vlan: 1 jumbo: off mac: 00:25:9b:9c:36:68
Port 3: 100FD enabled stp: none vlan: 1 jumbo: off mac: 00:05:fe:85:23:55
Port 4: 100FD enabled stp: none vlan: 1 jumbo: off mac: 7c:2f:80:b5:b8:ed
Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 94:e3:6d:67:7d:12
Port 7: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 50:1a:c5:f6:9a:85
Port 8: 1000FD enabled stp: none vlan: 2 jumbo: off mac: d0:17:c2:ec:06:80
VLANs: BCM5301x enabled mac_check mac_hash
1: vlan1: 2 3 4 5t 7 8t
2: vlan2: 0 8u
111: vlan111: 1 8t

 

[Martineau]

Martineau does this support the AC5300- I just wanted to use option "VLANSwitch 10 1 bridge notag" - I cant see any option for AC5300 in the code.....saw that you released v1.21 with support for RT-AC5300 - thank you

sh VLANSwitch.sh 10 1 bridge notag autodnsmasq
(VLANSwitch.sh): 6302 VLAN 'vlan111' alias 'None111' (192.168.111.0/24) via Switch Port 1 created.

So the 'bridge notag' method didn't crash your router?

Looks Like its created successfully Martineau

robocfg show
<snip>
VLANs: BCM5301x enabled mac_check mac_hash
1: vlan1: 2 3 4 5t 7 8t
2: vlan2: 0 8u
111: vlan111: 1 8t

Since you are the first to use the script on non-RT-AC68U/RT-AC56U hardware
i.e. RT-AC5300,did you actually attach a device to Port 1? - was it able to access the Internet, and did you run

sh VLANSwitch.sh 10 status verbose

to confirm/examine the configuration/stats? since my shoddy script (previously untested on RT-AC5300s) may not have completed everything correctly

Since I am using LAN Ports 2,3 4 ( VLAN1 ) I wanted to assign newly created VLAN 111 to my IOT devices ( they are all 2.4ghz ).

Hope this makes sense.

Not sure? - do you actually want a switch port on a VLAN subnet?

I originally wrote WiFIVPN.sh to create the bridge mapping for the (VPN) subnet, then wrote VLANSwitch.sh to map a switch port VLAN to the existing (VPN) bridge which is the reverse of what you are asking?

If I want to assign my Guest Wifi 1 ( 2.4ghz only ) wl0.1 to VLAN 111 and remove wl0.1 from br0 and assign to br10

Is this catered for in the script?

No, but WiFIVPN.sh (even though you are not using VPNs) is able to map the appropriate WiFi interface(s) to a switch port.
e.g. Create a VLAN subnet for Guest 2.4GHz #1 where vlan1 equates to switch Port 1 aka br1

./WiFiVPN.sh wl0.1 novpn vlan1

(WiFiVPN.sh): 1931 v1.04 © 2016-2018 Martineau, Guest WiFi VPN Bridge request.....[wl0.1 novpn vlan1]

(WiFiVPN.sh): 1931 WiFi (wl0.1) 2.4GHz Guest 1 G241 (192.168.101.0/24) via bridge:br1

Spoiler: Example

./WiFiVPN.sh wl0.1 status

(WiFiVPN.sh): 3097 v1.04 © 2016-2018 Martineau, WiFi VPN status request.....[status diag]

    WiFi->VPN Configuration Diagnostics for interfaces:

    NVRAM lan_ifnames='vlan1 eth1 eth2

bridge name bridge id       STP enabled interfaces
br0     8000.ac22xxxxxxxx   yes     vlan1
                            eth1
                            eth2
br1     8000.ac22xxxxxxxx   no      wl0.1

    wl0.1   G241             2.4GHz Guest 1  (***ERROR no entry in table 111; br1 NOT) routed through tunnel VPN Client 1 (***ERROR VPN is DOWN) is MISSING a valid DNS entry in '-t nat DNSVPN1' via bridge:br1
br1     8000.ac22xxxxxxxx   no      wl0.1
    Delete this WiFi->VPN configuration? [ Type 'del' ] > n
    Show   this WiFi VPN configuration? [ Y/N ] > n

    -----   (ASUS_Guest2)    2.4GHz Guest 2  ** Disabled **
    -----   (ASUS_Guest3)    2.4GHz Guest 3  ** Disabled **
    -----   (ASUS_5G_Guest1) 5GHz   Guest 1  ** Disabled **
    -----   (ASUS_5G_Guest2) 5GHz   Guest 2  ** Disabled **
    -----   (ASUS_5G_Guest3) 5GHz   Guest 3  ** Disabled **
    eth1    RT-AC56U         2.4GHz Network
    eth2    RT-AC56U_5G      5GHz   Network

WAN DNS 192.168.0.1

ifconfig br1

br1       Link encap:Ethernet  HWaddr AC:xx:xx:xx:xx:xx
          inet addr:192.168.101.1  Bcast:192.168.101.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2449 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1281 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:209816 (204.8 KiB)  TX bytes:457644 (446.9 KiB)

However, if this doesn't meet your requirements, then it may be easier to simply manually add the desired wl0.x/wl1.x interface to br10 using appropriate commands in a small auxiliary script.

 

[58chev]

Did you manually create the 'dnsmasq.conf.add' entries or did you use the 'autodnsmasq' directive?

I copied the directives directly into dnsmasq.conf I guess this was not correct?

Is your LAN subnet 10.88.xx.xx?

No, I will have to modify to match what my subnet is to be.

You will need to check the VLAN configuration after it is created using:

sh vlanswitch.sh 20 status verbose

​

This I will do the next chance I get to test.

but did you correctly configure the downstream switch connected to Port 4 to tag/pass VLAN20 traffic i.e. VLAN20 for the port the FTP server is attached to, and define the port on the switch connecting it to the router as a VLAN 'trunk' port?
Which switch model?

I did not get a chance to configure the downstream switch, last time I tried to put the port into TRUNK mode, I lost connection.
When I test again I will configure the uplink port with the following:
switchport trunk native vlan 1
switchport trunk allowed vlan 1-20
switchport mode trunk

Cisco 2960X - 28 port. Port 25 is connected via copper gig SFP.

Saturday is when I will have more time to play. Then I can reconfigure trunk port , set a couple of ports to vlan 20 an reconfigure my Cisco AP (has vlan capability) Will be nice to keep guests off my internal network.

instead of rebooting when you delete VLAN20 try unplugging the downstream switch's ethernet or power it off/on?

I tried the unplug the connection first but not reboot it, It is actually quicker to reboot the router than the switch.

 

[Martineau]

I copied the directives directly into dnsmasq.conf I guess this was not correct?

Unless you fully understand the difference between '/jffs/configs/dnsmasq.conf' and '/jffs/configs/dnsmasq.conf.add' and their impact on '/etc/dnsmasq.conf' then I suggest you simply follow the script 'help' and let the script initially create dnsmasq entries automatically by specifying the 'autodnsmasq' directive.

 

[58chev]

@Martineau
You are a genius
Client PC got an IP on VLAN20 and was able to browse the internet.

(SWMBO) Wife stepped out so I had some time to play.
Had to first configure a few ports on my switch for VLAN20 and add an IP Route

Gi1/0/20 connected 1 a-full a-100 10/100/1000BaseTX
Gi1/0/21 notconnect 20 auto auto 10/100/1000BaseTX
Gi1/0/22 notconnect 20 auto auto 10/100/1000BaseTX
Gi1/0/23 notconnect 20 auto auto 10/100/1000BaseTX
Gi1/0/24 connected 20 a-full a-1000 10/100/1000BaseTX
Gi1/0/25 To Router connected trunk a-full a-1000 10/100/1000BaseTX SFP

added ip route 192.168.20.0 255.255.255.0 192.168.20.1

NIC Config after connecting, success getting an IP Address.

Connection-specific DNS Suffix:
Description: Intel(R) 82579V Gigabit Network Connection #2
Physical Address: ‎38-EA-A7-FE-BE-65
DHCP Enabled: Yes
IPv4 Address: 192.168.20.2
IPv4 Subnet Mask: 255.255.255.0
Lease Obtained: Wednesday, October 17, 2018 6:48:28 PM
Lease Expires: Wednesday, October 17, 2018 10:48:25 PM
IPv4 Default Gateway: 192.168.20.1
IPv4 DHCP Server: 192.168.20.1
IPv4 DNS Servers: 192.168.20.1, 208.67.220.220, 8.8.8.8
IPv4 WINS Server:
NetBIOS over Tcpip Enabled: Yes

vlanswitch.sh 20 4 autodnsmasq

********@RT-AC66U_B1:/jffs/scripts# ./vlanswitch.sh  20   4   autodnsmasq

(vlanswitch.sh): 12200 v1.21 non-public Beta © 2016-2018 Martineau. VLAN configuration utility.



        (vlanswitch.sh): 12200 VLAN 'vlan20' alias 'None20' (192.168.20.0/24) via Switch Port 4 created for downstream VLAN switch(s)

sh vlanswitch.sh 20 status verbose

*******@RT-AC66U_B1:/jffs/scripts# sh vlanswitch.sh 20 status verbose

        v1.21 non-public Beta VLAN Switch Port 4 Configuration Status:


        'None20' vlan20 Robocfg Status
        ==============================
   1: vlan1: 1t 2 3 4t 5t
  20: vlan20: 4t 5t


        'None20' vlan20 Bridge Status
        =============================



        'None20' vlan20 Status
        ======================
vlan20    Link encap:Ethernet  HWaddr XX:1E:E7:XX:XX:XX
          inet addr:192.168.20.1  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: fe80::ca1e:e7ff:fe88:db5b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2154 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2405 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:366772 (358.1 KiB)  TX bytes:2793449 (2.6 MiB)

          alias None20


        'None20' vlan20 Statistics
        ==========================
vlan20  VID: 20  REORDER_HDR: 1  dev->priv_flags: 1
         total frames received         2154
          total bytes received       366772
      Broadcast/Multicast Rcvd          703

      total frames transmitted         2405
       total bytes transmitted      2793449
            total headroom inc            0
           total encap on xmit         2405
Device: eth0
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
 EGRESS priority mappings:

                Firewall rules
                ==============
Chain MyInput (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1       46  3808 ACCEPT     udp  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            multiport dports 53,67
2        0     0 ACCEPT     tcp  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
3      268 26993 DROP       all  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            state NEW

Chain MyVLANs (1 references)
num   pkts bytes target     prot opt in     out     source               destination
3        0     0 DROP       all  --  br0    vlan+   0.0.0.0/0            0.0.0.0/0            state NEW
4      124 68072 DROP       all  --  vlan+  br0     0.0.0.0/0            0.0.0.0/0            state NEW
5       43 12231 ACCEPT     all  --  vlan+  *       0.0.0.0/0            0.0.0.0/0            state NEW

                DNS VPN rules
                =============


        'None20' vlan20 ACTIVE devices (ARP only accurate within 60secs?)
        =================================================================
192.168.20.2    <incomplete>            N/A             (?)
192.168.20.100  d4:2c:44:98:56:41       N/A             (?)

cat /jffs/configs/dnsmasq.conf.add

********@RT-AC66U_B1:/jffs/scripts# cat /jffs/configs/dnsmasq.conf.add
ipset=/smtp.gmail.com/Gmail_smtp
ipset=/smtp.gmail.com/Gmail_smtp
# Auto created by vlanswitch.sh VLAN=vlan20 uses DHCP pool 192.168.20.2 - 192.168.20.20
interface=vlan20
dhcp-range=vlan20,192.168.20.2,192.168.20.20,255.255.255.0,14400s
dhcp-option=vlan20,3,192.168.20.1
dhcp-option=vlan20,6,192.168.20.1,208.67.220.220,8.8.8.8

If there is any other checking or testing you need please let me know.

So all I have to do is add the following line to firewall-start?

sh /jffs/scripts/vlanswitch.sh 20 4 autodnsmasq alias=GUEST

Can I add more than one VLAN on port 4?
Too do this, would I just add another line to firewall-start?

 

[Martineau]

@Martineau Client PC got an IP on VLAN20 and was able to browse the internet.

You are a genius

I doubt it ...but glad it works.

If there is any other checking or testing you need please let me know.

No, but I appreciate you taking time to test my script on your official RT-AC68U (RT-AC66U_B1) clone

So all I have to do is add the following line to firewall-start?

sh /jffs/scripts/vlanswitch.sh 20 4 autodnsmasq alias=GUEST

Can I add more than one VLAN on port 4?

Yes

However, I suggest you create a separate script such as my 'GS108E.sh' ... perhaps you could call it 'Cisco2960X.sh' as it makes it more convenient to manually manage ALL of the VLANs i.e. check the status/stats in one command:

Spoiler: GS108E.sh

#!/bin/sh
VER="v1.01"
#======================================================================================================= © 2016-2018 Martineau, v1.01
#
# Manage the VLANs (call this script from appropriate system script e.g. init-start/nat-start/services-start)
#

#  Validate the request
OPTION=
if [ "$1" == "del" ]; then
    OPTION="del"
fi
# Allow use of abbreviated 'status verbose'
if [ "$1" == "verbose" ]; then
    OPTION="status verbose"
fi
# Allow use of abbreviated 'status diag'
if [ "$1" == "diag" ]; then
    OPTION="status diag"
fi
# Set 'status' as the Default action if no args
if [ -z "$1" ] || [ "$(echo $@ | grep -cw "status")" -gt 0 ];then
    OPTION="status"
    if [ "$2" == "verbose" ];then
        OPTION=$OPTION" "$2
    fi
fi

# Multiple VLANs on Port 4 (Tagged Trunk) for downstream VLAN capable switches
#
#    GS-108PEv3==> TL-SG2008 ==> GS-108Ev3 ==> GS-108Ev2
#             |
#             +==> TL-SG2008
#             |
#             +==> TL-SG2008
#
/jffs/scripts/VLANSwitch.sh 20  $OPTION "alias=Media"               # VLAN20
/jffs/scripts/VLANSwitch.sh 30  $OPTION "alias=IoT"                 # VLAN30
/jffs/scripts/VLANSwitch.sh 40  $OPTION "alias=Internet"            # VLAN40
/jffs/scripts/VLANSwitch.sh 50  $OPTION "vpn1" "vlanfw" "alias=VPN" # VLAN50  force via VPN Client bridge (br1) and use explicit vlan50 Firewall rules
/jffs/scripts/VLANSwitch.sh 200 $OPTION                             # VLAN200 for testing

# VLAN on Port 1 (UnTagged)
/jffs/scripts/VLANSwitch.sh 70  $OPTION "1 bridge notag alias=CCTV" # VLAN70 (Artificially exclude 60!)

if [ "$1" == "del" ] || [ "$1" == "status" ];then
    # Perform any additional post-deletion or status activities here
    exit 0
fi

# Perform any additional post-creation activities here

exit 0

 

[joe scian]

So the 'bridge notag' method didn't crash your router?

NO it did NOT - worked fine -

Since you are the first to use the script on non-RT-AC68U/RT-AC56U hardware
i.e. RT-AC5300,did you actually attach a device to Port 1? - was it able to access the Internet, and did you run

sh VLANSwitch.sh 10 status verbose

to confirm/examine the configuration/stats? since my shoddy script (previously untested on RT-AC5300s) may not have completed everything correctly


v1.21 non-public Beta VLAN Switch Port 1 Configuration Status:
'None111' vlan111 Robocfg Status
================================
1: vlan1: 2 3 4 5t 7 8t
111: vlan111: 1 8t
'None111' vlan111 Bridge Status
===============================
bridge name bridge id STP enabled interfaces
br10 8000.d017c2ec0680 no vlan111
br10 Link encap:Ethernet HWaddr D0:17:C2:EC:06:80
inet addr:192.168.111.1 Bcast:192.168.111.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3126 errors:0 dropped:0 overruns:0 frame:0
TX packets:141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:597371 (583.3 KiB) TX bytes:17969 (17.5 KiB)
'None111' vlan111 Status
========================
vlan111 Link encap:Ethernet HWaddr D0:17:C2:EC:06:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3149 errors:0 dropped:0 overruns:0 frame:0
TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:611469 (597.1 KiB) TX bytes:18227 (17.7 KiB)
alias None111
'None111' vlan111 Statistics
============================
vlan111 VID: 111 REORDER_HDR: 1 dev->priv_flags: 8001
total frames received 3149
total bytes received 611469
Broadcast/Multicast Rcvd 2580
total frames transmitted 138
total bytes transmitted 18227
total headroom inc 138
total encap on xmit 138
Device: eth0
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:
Firewall rules
==============
Chain MyInput (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP tcp -- br10 * 192.168.2.0/24 0.0.0.0/0 multiport dports 22,23,80,443,51893
2 88 7037 ACCEPT udp -- br10 * 0.0.0.0/0 0.0.0.0/0 multiport dports 53,67
3 0 0 ACCEPT tcp -- br10 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
4 108 14031 DROP all -- br10 * 0.0.0.0/0 0.0.0.0/0 state NEW
Chain MyVLANs (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- br10 * 0.0.0.0/0 192.168.2.0/24 state NEW
2 0 0 DROP all -- br10 br0 0.0.0.0/0 0.0.0.0/0 state NEW
3 0 0 ACCEPT all -- br10 * 0.0.0.0/0 0.0.0.0/0 state NEW
DNS VPN rules
=============
'None111' (vlan111) br10 ACTIVE devices (ARP only accurate within 60secs




Not sure? - do you actually want a switch port on a VLAN subnet?

I originally wrote WiFIVPN.sh to create the bridge mapping for the (VPN) subnet, then wrote VLANSwitch.sh to map a switch port VLAN to the existing (VPN) bridge which is the reverse of what you are asking?

No, but WiFIVPN.sh (even though you are not using VPNs) is able to map the appropriate WiFi interface(s) to a switch port.
e.g. Create a VLAN subnet for Guest 2.4GHz #1 where vlan1 equates to switch Port 1 aka br1

./WiFiVPN.sh wl0.1 novpn vlan1

Thanks - I have Version 1.03 -  is there much difference between 1.03 and 1.04?


However, if this doesn't meet your requirements, then it may be easier to simply manually add the desired[B] wl0.x/wl1.x[/B] interface to [B]br10[/B] using appropriate commands in a small auxiliary script.[/SPOILER][/QUOTE]

 

[joe scian]

Martineau - yes i did attach a device to Port 1 and it was able to connect to Internet. It gave me a dhcp address within range as described in script and used the default DNS again as described in the script. All Good !!

 

[Martineau]

Martineau - yes i did attach a device to Port 1 and it was able to connect to Internet. It gave me a dhcp address within range as described in script and used the default DNS again as described in the script. All Good !!

Glad it works on your RT-AC5300 , and many thanks for the feedback.