isolated VAP using VLAN on RT-AC68U (SOLVED)

kyrios

New Around Here
Main router : RT-AC3200 with FreshTomato 2021.7
192.168.10.1/24 : for main network (VLAN VID : 1) with DHCP server
192.168.20.1/24 : for guest network (VLAN VID : 3) with DHCP server

Snap5.jpg

Snap6.jpg

----
AP2 = RT-N18U (FreshTomato 2021.8)
IoT can connect both main wifi and guest wifi and both can have internet access.
No problem at all.

Snap7.jpg

Snap8.jpg

Snap9.jpg

----
AP1 = RT-AC68U (AsusWRT-Merlin 386.4)
Set as AP with IP = 192.168.10.9
WAN Port = Trunk port to main router (RT-AC3200)
LAN 1 = member of VLAN3. Shall got IP address in range of 192.168.20.XXX/24. My PC never got IP address from main router (RT-AC3200)
LAN 2, 3, 4 = member of VLAN1. Shall got IP address in range of 192.168.10.XXX/24. No problem at all.
wl0 = No problem. my cellphone can have IP and can have internet access.
wl0.1 = Cellphone Never got IP address from main router (RT-AC3200)

Since I'm extremely new to AsusWRT and AsusWRT-Merlin, I paste this code into SSH
Code:
# remove LAN1 from VLAN1
robocfg vlan 1 ports "0 2 3 4 5t"
# Dedicate LAN1 for VLAN3, while WAN (port 0) is a trunk port
robocfg vlan 3 ports "0t 1 5t"
vconfig add eth0 3
ifconfig vlan3 up

brctl delif br0 wl0.1
brctl addbr br1
brctl addif br1 vlan3
brctl addif br1 wl0.1
ifconfig br1 192.168.20.9 netmask 255.255.255.0 up
ifconfig br1 up

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan3 wl0.1"
nvram set lan1_ifname="br1"
nvram commit
killall eapd
eapd

What's wrong with the code? I have no problem if this RT-AC68U is installed with FreshTomato.
But I do not know how to do it in AsusWRT-Merlin
 

eibgrad

Part of the Furniture
I have to agree w/ @ColinTaylor here. What's the benefit of using Asuswrt-Merlin, esp. since you have it configured for AP mode? AP mode eliminates virtually all the significant features found in Router mode. Like FT in AP mode, all you end up w/ is a bridged AP. I just fail to see the point of using Asuswrt-Merlin instead of FT, esp. since the former doesn't even support user-defined VLANs, bridges, etc. You end up having to hack it using the CLI.
 

kyrios

New Around Here
Just use FreshTomato. Asuswrt-Merlin doesn't officially support VLANs.
I do need AI Mesh system. (Maybe I don't, I just wanna try mesh thingy for the 1st time)
Ok... ok, I know what you thinking.
I'll buy another (used) RT-AC68U or RT-AC66U B1 to replace RT-N18U.

Is it possible 1 RT-AC68U as master mesh while in AP mode? Another RT-AC68U will be as node.
 

Tech9

Part of the Furniture
Maybe I don't, I just wanna try mesh thingy for the 1st time

No much mesh thingy in AiMesh - wireless repeaters or wired access points with one GUI on the main router.
 

Yota

Senior Member
There is no problem with the command. This is basically the method I have used over the years. I can confirm that they will work well on Asuswrt-merlin.

I made some adjustments to your commands so that it can be simpler.


Code:
# remove LAN1 from VLAN1
robocfg vlan 1 ports "0 2 3 4 5t"
# Dedicate LAN1 for VLAN3, while WAN (port 0) is a trunk port
robocfg vlan 3 ports "0t 1 5t"
vconfig add eth0 3
ifconfig vlan3 up

brctl delif br0 wl0.1
brctl addbr br1
brctl addif br1 vlan3 wl0.1
ifconfig br1 192.168.20.9 netmask 255.255.255.0
ifconfig br1 up

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan3 wl0.1"
nvram set lan1_ifname="br1"
# nvram commit # You don't need this, because it can take effect without saving, and can reduce the write to the flash memory every time you boot.
killall eapd
eapd
 
Last edited:

kyrios

New Around Here
@Yota
You genious !!! After your confirmation the code was indeed working, then I was starting to thinking why it didn't work.
Turned out, the trunk cable to main router (RT-AC3200) was wrongly plug into. It should be plug into port 1 (of RT-AC3200) ,
but I accidentally plug into port 2. Thx again for your confirmation.

Now I must read again (from forum) where to write the code. Since after restart, the code was gone (not function).
Yes... I'm totally new with AsusWRT and/or AsusWRT-Merlin.
 

Yota

Senior Member
You genious !!! After your confirmation the code was indeed working, then I was starting to thinking why it didn't work.
Turned out, the trunk cable to main router (RT-AC3200) was wrongly plug into. It should be plug into port 1 (of RT-AC3200) ,
but I accidentally plug into port 2. Thx again for your confirmation.
Glad to see it worked


Now I must read again (from forum) where to write the code. Since after restart, the code was gone (not function).
Yes... I'm totally new with AsusWRT and/or AsusWRT-Merlin.
Save it to the /jffs/scripts/ directory and name it as services-start. Make sure that the script has the appropriate permissions, and don't forget to enable the "Custom Script" function in the router GUI.

You can read more here: https://github.com/RMerl/asuswrt-merlin.ng/wiki/User-scripts


Edit:
I almost forgot to say, the first line of the script must be #!/bin/sh, like:

Code:
#!/bin/sh
robocfg vlan 1 ports "0 2 3 4 5t"
robocfg vlan 3 ports "0t 1 5t"
vconfig add eth0 3
ifconfig vlan3 up

brctl delif br0 wl0.1
brctl addbr br1
brctl addif br1 vlan3 wl0.1
ifconfig br1 192.168.20.9 netmask 255.255.255.0
ifconfig br1 up

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan3 wl0.1"
nvram set lan1_ifname="br1"
killall eapd
eapd
 
Last edited:

kyrios

New Around Here
Save it to the /jffs/scripts/ directory and name it as services-start.
Snap10.jpg


Make sure that the script has the appropriate permissions,
Snap11.jpg


and don't forget to enable the "Custom Script" function in the router GUI.
Snap12.jpg

@Yota
It's now perfectly running. But I just realize it has minor flaw cosmetically.
Client (cellphone) which connect to isolated VAP (wl0.1), can't be shown in Client Status.
Only client connect to main wifi (wl0 and wl1) can be shown.

Snap13.jpg


It does not occur when RT-N18U installed with DD-WRT
Snap14.jpg
 
Last edited:

kyrios

New Around Here
This is when RT-N18U installed with FreshTomato
Snap15.jpg

Any script to show the isolated VAP at Client Status ?
 
Last edited:

Yota

Senior Member
Client (cellphone) which connect to isolated VAP (wl0.1), can't be shown in Client Status.
The problem of network maps, network maps have many, many problems, just ignore them. And you don't need to log in to your AP to view the client, you can do this on your router.

For anyone looking for Wireless connection on VAP, click System Log ==> Wireless Log
Yes, this is also a solution, but because I forgot them after setting up the AP, I can’t even remember when I logged in last time, so I don’t really care if they will be displayed in the client list.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top