Merlin VLAN Manager

[r80xcore]

Merlin VLAN Manager – Simple and Powerful HTTP VLAN Management

I am making a VLAN management add-on for Merlin routers that can be configured and operated entirely through a web interface.
The project has now reached beta status, and I’m looking for users interested in testing it and providing feedback or logs if any issues are found.


The tool was developed on an ASUS XT8 Mesh System, but it is hopefully designed to work with most newer (officially supported by Merlin/Gnuton) single access point (AP) mode routers and mesh AP systems.

---

Features

• Configure up to 12 VLANs via SSID instead of interfaces or VAPs.
  The script automatically detects and configures the correct interfaces on both main units and mesh nodes.
• Choose whether to enable or disable AP isolation per SSID.
• Configure Ethernet VLANs directly from the web interface.
• Manage up to five nodes using Node Sync, which automatically configures and deploys files across all nodes.
• Automatic detection of single-unit or multi-node setups, with the option to run locally or across all nodes.
• View all configured VLANs, including connected MAC addresses, across every node.
• Access full logs directly from the web interface, including a visual CLI-style output for debugging.
• Auto-configure on boot and hooked via service-event to check if VLANS are properly configured, auto-configure if not.
• No extra dependencies, entware etc. is needed. The system is .flag and logbased and uses lighttpd.
• All files (except static persistent files) are written in RAM to save the flash storage from excessive wear.

---

Limitations

• The maximum number of VLANs (up to 12) depends on the number of SSIDs your device supports.
  For example, if your router supports only 5 SSIDs, you cannot configure more than 5 VLANs.
• Mesh functionality is limited by ASUS’s firmware design.
  For instance, some models support nine guest SSIDs but only three (one per band) are mesh-enabled.
  Non-mesh SSIDs can still be assigned VLANs but will only broadcast from the main node.
• Devices connected to VLANs cannot be bound to specific nodes.
• VLAN devices use standard band steering, which cannot currently be customized per VLAN.
• Mesh users: VLAN tagging is only supported when nodes are connected via Ethernet backhaul. This limitation is due to the underlying hardware and wireless driver design—the WiFi backhaul does not support passing VLAN-tagged traffic. It's currently tested with Node - > Switch topology, daisy chaining is not tested and will most likely drop tagged traffic, but Daisy Chaining mode is planned for future release!

---

Beta Testing


Beta testing will be coordinated via Discord for easier log collection and discussion.
The installation process requires only a single command, and detailed setup guides are available on the Discord server.
Join via the link if you want to be a part of the Beta testing! Merlin VLAN Manager

 

[RaccoonNL]

I am interested in following this project, unfortunately the discord invitation link is not valid anymore.
Can you tell me if your VLAN manager also works when the router is setup in ap-mode?

 

[r80xcore]

I am interested in following this project, unfortunately the discord invitation link is not valid anymore.
Can you tell me if your VLAN manager also works when the router is setup in ap-mode?

Hi!
I will update the link tonight when I'm home, sorry for that.

The vlan manager is specifically made for routers in AP mode as running vlan in router mode generally isn't recommended and can introduce double NAT (as you need another firewall/router routing the vlans.

So if you're running in Ap mode you're hopefully good to go.

I'm currently in the process in porting this program to a real Addon where it's accessible from within the merlin GUI. It probably ready in a week or so. Until then, feel free to try the beta that uses it's own gui and adress.

 

[RaccoonNL]

Thanks for getting back at me so promptly.

I was asking because I am exploring the posibility to run an OPNsense mini pc as router/firewall and want to re-use my two Asus routers as access points in combination with VLAN tagging over Wifi and multiple SSID's (Main, Guests, IoT).

I will follow this thread with much interest.
Thanks for investing your time in what promisses to be a great addon.

Keep up the good work.

 

[r80xcore]

Thanks for getting back at me so promptly.

I was asking because I am exploring the posibility to run an OPNsense mini pc as router/firewall and want to re-use my two Asus routers as access points in combination with VLAN tagging over Wifi and multiple SSID's (Main, Guests, IoT).

I will follow this thread with much interest.
Thanks for investing your time in what promisses to be a great addon.

Keep up the good work.

No problems!

I'm running OPNsense myself and using this addon to tag three different guest networks in mesh and vlan 187,188,189, and it works great. then the plan is to run the untagged as 186 in the switch so everything ends up tagged in opnsense.

 

[Tech9]

Mesh users: VLAN tagging is only supported when nodes are connected via Ethernet backhaul.

But... this is not technically Mesh anymore and whoever has Ethernet available may find AP Mode much better with more control per AP and better spectrum utilization with up to 2x higher aggregate throughput to wirelessly connected clients. So when Ethernet is available and there is VLAN capable APs (native or via custom script) this AiMesh option is actually a limitation and has to be avoided.

Thanks for sharing your work! It may save someone money by reusing available hardware.

 

[r80xcore]

But... this is not technically Mesh anymore and whoever has Ethernet available may find AP Mode much better with more control per AP and better spectrum utilization with up to 2x higher aggregate throughput to wirelessly connected clients. So when Ethernet is available and there is VLAN capable APs (native or via custom script) this AiMesh option is actually a limitation and has to be avoided.

Thanks for sharing your work! It may save someone money by reusing available hardware.

What I mean by that is that the WiFi in these devices does not support vlan trunking which means that the tagged VLAN packets is stripped if they travel from the mesh node using WiFi backhaul. So you need to connect the the mesh nodes via ethernet to a managed switch. Daisy chaining is planned but not something I will start with until everything is up and running.

When setting up mesh you do that via the gui as normal. This addon only tags traffic on the chosen SSID.

So TLDR.
Mesh is supported but only if device is connected via cable. Which honestly is the preffered way anyhow for an AP, especially when using VLAN.

My devices work on mesh VLAN at home.

 

[Tech9]

Mesh is supported but only if device is connected via cable.

Some terms mismatch. Mesh is wireless only in networking. Wired mesh is consumer products marketing invention.

 

[r80xcore]

Some terms mismatch. Mesh is wireless only in networking. Wired mesh is consumer products marketing invention.

Right, when I said device, I meant the other AiMesh nodes, not client devices like phones or laptops. I was probably a bit unclear there.

You’re correct that mesh in enterprise networking usually means a wireless interconnect between access points. But in ASUS AiMesh (and most consumer systems), the term mesh also includes setups that use Ethernet backhaul — it’s still the same AiMesh control layer, just with wired links instead of wireless ones. In other words, one SSID covered by several APs.

So yes, VLAN Manager fully supports AiMesh, but only when the nodes are connected via Ethernet backhaul. That ensures VLAN tags are preserved end-to-end while keeping the roaming benefits without breaking isolation. This setup must use Ethernet backhaul only so VLAN tags travel correctly. Mixed Ethernet + Wi-Fi backhaul can break VLAN isolation.

The key difference is that AiMesh can’t “control” or steer clients on a VLAN-tagged SSID. Those SSIDs still broadcast on all nodes, but AiMesh’s smart-connect and steering logic won’t apply to them. Clients just roam naturally between nodes.

 

[jksmurf]

But... this is not technically Mesh anymore

Can you please expand on why not? Asus WebGui makes no differentiation as to how nodes are connected. Is there a standardized Mesh definition?

 

[Tech9]

There is nothing to expand. Mesh is wirelessly connected re-transmitters. It was invented long before Wi-Fi. Consumer products marketing invented wired mesh. It's a key word. What ASUS (or others on the same market) have in their App or Web GUI is whatever they decided to call specific feature. There are many strictly marketing terms like Game Boost (QoS), Game Accelerator (QoS), OpenNAT (port forwarding), WTFast (some paid VPN service), as well as mimicking common abbreviations like SDN (as per ASUS - Self-Defined Network), Ai/AI (as per ASUS for some products - Always Incredible), etc. Part of the learning curve when moving to more business oriented products comes from technically incorrect terms used in consumer products.

 

[jksmurf]

There is nothing to expand.

OK thanks.

 

[r80xcore]

I am interested in following this project, unfortunately the discord invitation link is not valid anymore.
Can you tell me if your VLAN manager also works when the router is setup in ap-mode?

Sorry for the delay. I got caught up in work and forgot to send you the link. Here's a new link for you.

Join the r80xcores-Merlin-VLAN Discord Server!

Check out the r80xcores-Merlin-VLAN community on Discord - hang out with 5 other members and enjoy free voice and text chat.

discord.gg

The version available there is v0.44 with its own ui on another Web adress. I would suggest you wait until v0.45 is done. It will be installed as an addon and be a part of the official Gui under the "Tools". Has been a learning curve to get it right but it should be finished and ready for use by the weekend.

Full changelog will be available when released as there are a lot of changes under the hood. It's more sturdy, self-contained and most important following the addon api and guidelines as well as a new GUI following the system css.

See you on Discord!