Looking for testers for MerVLAN

[visortgw]

So this is what the VLAN configuration page for AiMesh nodes looks like with multiple compliant nodes:

There is one additonal AiMesh node (ZenWiFi BQ16 Pro) that does show on VLAN page — it is not VLAN capable.

Just thinking out loud here, but here goes... One possibility for running scripts on the nodes would be to add flash drive to node, install amtm (and entware if necessary), and use cron or automatically run scripts in /jffs/scripts. What I cannot wrap my head around is how one could automatically push configuration from the primary router to nodes. Might it involve installing MerVLAN on the nodes (as well as the router) and configuring it independently? This would most likely require MerVLAN recognizing that it's installed on node instead of primary router — MerlinAU already does this.

 

[r80xcore]

So this is what the VLAN configuration page for AiMesh nodes looks like with multiple compliant nodes:

View attachment 68791​

There is one additonal AiMesh node (ZenWiFi BQ16 Pro) that does show on VLAN page — it is not VLAN capable.

Just thinking out loud here, but here goes... One possibility for running scripts on the nodes would be to add flash drive to node, install amtm (and entware if necessary), and use cron or automatically run scripts in /jffs/scripts. What I cannot wrap my head around is how one could automatically push configuration from the primary router to nodes. Might it involve installing MerVLAN on the nodes (as well as the router) and configuring it independently? This would most likely require MerVLAN recognizing that it's installed on node instead of primary router — MerlinAU already does this.

This wont be a problem. MerVLAN already is node capable and can sync to nodes and even set them up remotely. What we need is only to be able to strip the local execution from a already VLAN capable device.

I am going to try editing the GUI to detect Pro routers and strip local executions on those.

This will enable the user to setup the VLANs on a AI node from the main unit interface.

 

[visortgw]

This wont be a problem. MerVLAN already is node capable and can sync to nodes and even set them up remotely. What we need is only to be able to strip the local execution from a already VLAN capable device.

I am going to try editing the GUI to detect Pro routers and strip local executions on those.

This will enable the user to setup the VLANs on a AI node from the main unit interface.

Let me know when this is ready for testing. Currently, for my network, GT-AX6000 (x2) and GT-AXE16000 are VLAN capable, and ZenWiFI BQ16 Pro is not.

List of VLAN capable routers with minimum firmware version is here: VLAN Supported Models

 

[Seth Harman]

This wont be a problem. MerVLAN already is node capable and can sync to nodes and even set them up remotely. What we need is only to be able to strip the local execution from a already VLAN capable device.

I am going to try editing the GUI to detect Pro routers and strip local executions on those.

This will enable the user to setup the VLANs on a AI node from the main unit interface.

This whole deal is a really interesting development. I'm especially amused by the prospect of non-Pro routers magically gaining the ability to do Ethernet VLAN tagging, meaning ASUS went in and specifically disabled that feature for "business reasons".

 

[visortgw]

This whole deal is a really interesting development. I'm especially amused by the prospect of non-Pro routers magically gaining the ability to do Ethernet VLAN tagging, meaning ASUS went in and specifically disabled that feature for "business reasons".

Asus always did VLAN tagging, but they refused to admit it -- this is how they implemented isolation for guest network 1 pre-Guest Network Pro, using 501 and 502 as VLAN tags for 2.4 and 5 GHz, respectively. I know this for a fact since I had TRENDnet unmanaged 2.5 GHz switch that did not support forwarding VLAN tags (TP-Link unmanaged switches do!). There was simply no way to manage it via GUI.

 

[Seth Harman]

Asus always did VLAN tagging, but they refused to admit it -- this is how they implemented isolation for guest network 1 pre-Guest Network Pro, using 501 and 502 as VLAN tags for 2.4 and 5 GHz, respectively. I know this for a fact since I had TRENDnet unmanaged 2.5 GHz switch that did not support forwarding VLAN tags (TP-Link unmanaged switches do!). There was simply no way to manage it via GUI.

Yeah, but I'm specifically talking about LAN VLAN tagging. I'm sure they're using one general Ethernet hardware setup for everything and then making features visible/invisible in the UI depending on the model series. Frankly, I'm surprised nobody has figured this out before now and done an add-in specifically to enable LAN VLAN tagging regardless of GNP/Smart Home Master.

 

[r80xcore]

@Seth Harman @visortgw

I have updated the repo with:

1. The ability to execute the mervlan_manager on the nodes only.
2. Added many Pro models into the hw_probe. If the model isnt found it will revert to max 6 SSIDs and 4 LAN ports.

How you use it?
1. Install the addon.
2. Navigate to LAN --> MerVLAN
3. Add your node(s) to the node section and configure VLANs. Press Save.
4. Setup SSH (generate SSH key and paste it into the SSH key section in the GUI) then reboot you node(s)
5. Press Sync Nodes and wait until its finished, press INFO on the side to read the live log.
6. Press "Apply VLAN" --> "Run VLAN Manager on Nodes Only"

Check logs, see if it works. Post you findings in form of logs if any problems arise.

NOTES:
Don't enable Boot at this time as this will apply the configured VLANs on your Main unit on next boot which is something you dont want in you situation.
I will include a fix for this later on but first we want to know if it works or not.

 

[r80xcore]

Another note:

Been doing some reading and as i suspected Asus uses a proprietary tunneling for the Guest VLANS when using WiFi backhaul. This is not 802.1 VLAN but a tunnling directly from one WiFi chip to another and it will strip any real tags on the way. So while you can segregate your networks with this, you can't set up proper tags from one unit to another with WiFi backhaul. This is only achievable with Ethernet backhaul.

Well thats my findings anyway and it's in line with everything else I've read.

 

[Seth Harman]

@Seth Harman @visortgw

I have updated the repo with:

1. The ability to execute the mervlan_manager on the nodes only.
2. Added many Pro models into the hw_probe. If the model isnt found it will revert to max 6 SSIDs and 4 LAN ports.

How you use it?
1. Install the addon.
2. Navigate to LAN --> MerVLAN
3. Add your node(s) to the node section and configure VLANs. Press Save.
4. Setup SSH (generate SSH key and paste it into the SSH key section in the GUI) then reboot you node(s)
5. Press Sync Nodes and wait until its finished, press INFO on the side to read the live log.
6. Press "Apply VLAN" --> "Run VLAN Manager on Nodes Only"

Check logs, see if it works. Post you findings in form of logs if any problems arise.

NOTES:
Don't enable Boot at this time as this will apply the configured VLANs on your Main unit on next boot which is something you dont want in you situation.
I will include a fix for this later on but first we want to know if it works or not.

Thanks. I'll give this a shot later tonight and report back results.