Is it possible to create ssids each connected to its own vlan for my parents and my own network without conflict?

[Sandman1]

Hello

im currently running a double nat issue, and i was wondering if i could create two vlans(one for my self, and parents) on my asus router and connect them to two differenet ssids for vlan tagging to take place and prevent a double nat issue

my vlan knowledge specifcally with asuswrt-merlin running on an RT-AX82U is not up to par, so im not sure if this can be done

Thanks!

 

[bennor]

Using Asus-Merlin firmware it may be possible to create VLAN's on Asus routers that do not support 3.0.0.6.102_x firmware. See the following:

Tutorial - Adding IP Networks to the ASUS RT-AC68U (et al.)

Overview The following script adds support for the creation of additional IP networks for the ASUS RT-AC68U running Asuswrt-Merlin firmware. https://pastebin.com/hvHHic1V The impetus for the script came from another forum member. The original intent was to simply add a single VLAN to the...

www.snbforums.com

Tutorial - How to use VLANs on your non-pro Asus router with 386 or 388 code (no scripting required)

With 386 and 388 code base, you can make use of two built in VLANs (plus the main LAN VLAN 1) to further segment your wired and wireless network, even on non-pro models. This definitely works in router mode on all models that support AIMESH and these code versions. From what I have seen (but...

www.snbforums.com

Otherwise you may need to look at third party firmware like FreshTomato if one's existing Asus router is supported by such firmware.
Or one can look into buying a newer router that does VLAN's. One may also want to reevaluate their network configuration to see if they can remove the double NAT setup by using one single router.

 

[Sandman1]

Thank you, i will look into these

 

[Tech9]

im currently running a double nat issue

What's the issue?

 

[Sandman1]

@Tech9
When i create networking projects with AWS, it causes problems with communicating back to my asus router as it has to go through my first isp router and then my asus router, and it never seems to get there. Theres no overview on my isp router, so i cant check whats being blocked from external traffic and wireshark doesnt show anything regarding the packet im looking for as its not entering the network in the first place

 

[Tech9]

it causes problems with communicating back to my asus router

Place your Asus router in ISP router DMZ or forward the ports you need on it.

 

[Sandman1]

@Tech9
I tried port forwarding both routers, but never received a packet

if i can make something work with the asus router like configuring two ssids each with its own vlan, ill do that instead of dmz or port forward as its a better long term solution

 

[Tech9]

I don't know what your networking projects need and can't say if eventual VLAN separation is going to solve your issue.

 

[Sandman1]

Heres the thing, intiallly i had my isp router on bridge mode so everything forwarded to my Asus router, i didnt like that because when i changed configuation settings(firewall, network settings, etc) it would cause issues with my parent devices, and so i kinda wanted my own network for my stuff and their network for their devices so i disabled bridge-mode but the problem was that after i dis-disabled bridge mode, when i tried aws projects where i send a udp wake on lan packet to my network i never received it on the first network(isp network) and their no transparency on the isp router as to why its getting blocked if it was reaching the router, so i tried port forwarding and dmz but it didnt work for some reason. Port forwarding should of worked

so i just wondering if theirs better alternative of using a single router with two seperate vlans on it

 

[Tech9]

Okay, but this ISP device in router mode is still creating double NAT condition. How is eventual VLAN separation on your Asus router solving the issue you have upstream?

 

[Sandman1]

@Tech9
I apologize, if i can get my Asus router configured to how i want it, i would put the Shaw in bridge mode so everything then gets sent to one of vlans

 

[Tech9]

Unfortunately, there is no GUI configuration of what you want to do. This router runs on firmware with no user configurable VLAN support on the LAN side and the only option is to script it yourself and make the changes persistent on reboot.

 

[Sandman1]

@Tech9
I actually have couple questions

1) my main network or ssid it dual band(2.4 and 5), the ssids i create in the cli, can i also make so that their both bands as, or does it have to be split? Because i noticed in the guest network section of the gui, i can only create 2.4 ssid and a 5hz ssid, but not combined

2) when i create an SSID thats 2.4hz from the cli, does that transfer to the guest network gui 2.4 network, or would they be different ssids, if that makes sense

 

[Tech9]

I don't know what the result is going to be when both CLI and GUI configurations are used plus Smart Connect on top. To me with your network configuration requirements you are just playing with wrong hardware.

 

[Sandman1]

@Tech9
I'm lacking a bit in my networking knowledge, I guess I could use a switch that connects each router to a different vlan?

 

[Tech9]

A switch before the routers is unlikely to work because most ISP connections don't allow two routers connected to the same ISP account. I know what equipment can do what you want, but I don't know if it will solve your issue. I know how VLAN to SSID can be done in AP Mode on Asus routers based on examples, but I don't know what needs to be done in Router mode on Asus routers.

 

[Sandman1]

what i want to do, and i dont really care i achieve it, is to just separate my parents network and segerate them to a different vlan then me, so i can still use adguard home and more secure blocklists without affecting them and all the other stuff as well

 

[Tech9]

For this you don't need separate networks. AdGuard Home can apply different filters to different clients on the same network.

 

[Sandman1]

interesting, thanks for that


from your perspective, i guest my best option would be to put isp router back into bridge mode and to have everything on one network?


all my devices are wireless, so i guess have switch wouldn't really be beneficial in that way

 

[Tech9]

The ISP device in bridge mode will solve your double NAT situation, but only if you have public WAN IP available. Everything else on one network with different filtering settings per client is possible and often used option. I don't see the need of additional hardware.