MerVLAN v0.46 Simple and Powerful VLAN Management **BETA**

[visortgw]

Hmm.. Interesting. Well maybe it can work then. I'll make the script tomorrow and we'll see were it heads!

But I am starting to see the same issues as @Seth Harman. There is no Merlin firmware for my ZenWiFi BQ16 Pro.

 

[Seth Harman]

The requirement to run Merlin on nodes is a rather important detail As well, please note this question has come up many times on the forum and I believe RMerlin himself has stated there's no point/advantage in running his firmware on AiMesh nodes so there are going to be a lot of people in this boat.

Edit: From RMerlin himself: "While Merlin-based nodes seem to work fine so far (aside from the above limitation), there is generally little benefit in running it on a node, so it's generally recommended to leave your nodes on the stock Asus firmware."

AiMesh

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

 

[visortgw]

The requirement to run Merlin on nodes is a rather important detail As well, please note this question has come up many times on the forum and I believe RMerlin himself has stated there's no point/advantage in running his firmware on AiMesh nodes.

There is no advantage when using the AiMesh node as Asus intended it — RMerlin most likely never envisioned users running scripts on their AiMesh nodes.

EDIT: For AiMesh nodes that Merlin firmware is available, it is a simple task to flash Merlin firmware to that node.

 

[jksmurf]

Well the difference it that real VLAN is 802.1Q compliant.

A real VLAN keeps its tag all the way through the network, even across switches and routers, so it works end-to-end and supports true network separation.

OK

The Asus VLAN over WiFi backhaul strips or ignores those tags — it only simulates VLAN behavior at the SSID level.

I'm sorry to come across as a bit dim on this point but if I understand @visortgw's setup correctly, with Asus VLAN HW a device attached to an ethernet port on the node that has an access or trunk Mode SDN assigned to that port, will get assigned the subnet of that SDN.

I must admit I did not ask if the device he has on that port has a static IP, i.e. starts with a defined subnet, which could then be stripped, but either way, surely there is no SSID involved here as the device is not attaching itself via Wifi, but directly via the Ethernet port? So if Wifi backhaul strips those tags, how does the main router still know (if static) or still assign the device as being on the subnet defined by the Mode/Port/SDN setting in the main Router's VLAN tab?

I don't know yet how everything will work out but hopefully you will be able to achieve what you want - on ethernet backhaul

Thank you .

 

[Seth Harman]

There is no advantage when using the AiMesh node as Asus intended it — RMerlin most likely never envisioned users running scripts on their AiMesh nodes.

Tue. But if my memory is correct I believe I've seen him previously say that since AiMesh is closed source he recommends not running his firmware on the nodes just as a nod to potential stability issues or incompatibility. I know plenty of people run asuswrt-merlin on nodes so I doubt it's much of an issue. But "Nodes need to be running asuswrt-merlin" should obviously be in big, neon letters right above the installation instructions for anyone interested in getting involved in testing the beta.

 

[jksmurf]

Tue. But if my memory is correct I believe I've seen him previously say that since AiMesh is closed source he recommends not running his firmware on the nodes just as a nod to potential stability issues or incompatibility. I know plenty of people run asuswrt-merlin on nodes so I doubt it's much of an issue. But "Nodes need to be running asuswrt-merlin" should obviously be in big, neon letters right above the installation instructions for anyone interested in getting involved in testing the beta.

I saw this recently and thought it was interesting:

Regarding all recommendations to run stock fw on AImesh.
I have never used stock fw on my nodes and it working very fine for many years.

RMerlin:

"A lot of that is based on outdated information. Years ago, there was an issue that prevented Asuswrt-Merlin nodes from succesfully onboarding nodes over wifi on multiple models (but not all of them), it only worked over Ethernet. The issue was caused by Asuswrt-Merlin not properly updating the wlceventd daemon during GPL merges. The issue was fixed in early 2023."

Suggesting, the way I read it, that the (previous) recommendation to run stock is now based on outdated information.

Ref:

RT-AX68U_3004_388.10_0 has put router repeater mode.

Hello, as the title says after upgrading my router to RT-AX68U_3004_388.10_0 it appears as a repeater. The router was part of an Ai Mesh and the other two routers in that setup are working correctly. Resetting AX68U and trying to readd to Ai Mesh has not worked. Any help is much appreciated.

www.snbforums.com

[EDIT] A pertinent post/thread on SSH Keys Main/Node?

Problem with multiple SSH keys

Hello, I am having problems accessing SSH to an AiMesh node when I have multiple SSH Authorized Keys configured. I have configured the keys using Administration > System > Authorized Keys, one key per line. I found that the main node (GT-AX6000 running Merlin 3004.388.7) and AiMesh node...

www.snbforums.com

 

[Seth Harman]

I saw this recently and thought it was interesting:


RMerlin:


Ref:

RT-AX68U_3004_388.10_0 has put router repeater mode.

Hello, as the title says after upgrading my router to RT-AX68U_3004_388.10_0 it appears as a repeater. The router was part of an Ai Mesh and the other two routers in that setup are working correctly. Resetting AX68U and trying to readd to Ai Mesh has not worked. Any help is much appreciated.

www.snbforums.com

Again, I don't think it's an issue as I know many people are running merlin on AiMesh nodes without issue. And since this is a script that's going to have a very specific audience (generally more advanced) I'm imagining any requirements like doing various minor things manually over ssh to the nodes isn't going to be much of an issue for them. And who knows? Maybe there's a way to get the required elements onto the nodes for everything to work without having to install merlin on them. But as we're discovering, there's issues surfacing because a lot of assumptions were made about the hardware/firmware environment this would operate in. Luckily, I think we've got a pretty decent initial spread of hardware/firmware to catch this stuff in testing so it can be addressed and then documented to make it clear to any new testers what the requirements are.

 

[r80xcore]

@jksmurf @Seth Harman @visortgw

Sorey if this wasn't clear. I will add this to the top in requirements of the project so it's stated clearly for the future.

And as was said, running Merlin on a node for it to function on a standard setup is not needed. Using mixed merlin with Asus is not a problem for vanilla setups. But here we setup VLANs and do quite heavy scripting on the nodes so Merlin will have to be installed for that to be done on the node.

Sorry!

Either way you've all help tremendously with everything up until the actual node so I'm really thankful!

 

[Seth Harman]

@jksmurf @Seth Harman @visortgw

Sorey if this wasn't clear. I will add this to the top in requirements of the project so it's stated clearly for the future.

And as was said, running Merlin on a node for it to function on a standard setup is not needed. Using mixed merlin with Asus is not a problem for vanilla setups. But here we setup VLANs and do quite heavy scripting on the nodes so Merlin will have to be installed for that to be done on the node.

Sorry!

Either way you've all help tremendously with everything up until the actual node so I'm really thankful!

No worries, more than happy to help. Unfortunately, the requirement for the nodes to run Merlin means I'm going to have to bow out of helping at this point because there is currently no 3006.xx-branch Merlin for my RT-BE58U nodes. If that changes while this testing is still ongoing I'll jump back in.

 

[Tech9]

If Ethernet connected devices are required I don't see why you guys deal with AiMesh. Asuswrt-Merlin supported router in AP Mode as only requirement in initial testing stage will make things simpler. We already have this for specific models. Folks have posted example scripts here on SNB Forums like this one. Automating the process in a script will be tremendous help for people not very familiar with interface identification and scripting.

To me, the real life application when using mesh systems like ZenWiFi is a bit unclear. They have good enough for home use features and security plus the needed wireless backhaul option. Running separate router/firewall is more like personal choice for complicating things. So basically we first break what ASUS provided as solution, pay extra for additional device and then we attempt saving money by fixing whatever got broken on the ASUS devices.

 

[Seth Harman]

If Ethernet connected devices are required I don't see why you guys deal with AiMesh. Asuswrt-Merlin supported router in AP Mode as only requirement in initial testing stage will make things simpler. We already have this for specific models. Folks have posted example scripts here on SNB Forums like this one. Automating the process in a script will be tremendous help for people not very familiar with interface identification and scripting.

To me, the real life application when using mesh systems like ZenWiFi is a bit unclear. They have good enough for home use features and security plus the needed wireless backhaul option. Running separate router/firewall is more like personal choice for complicating things. So basically we first break what ASUS provided as solution, pay extra for additional device and then we attempt saving money by fixing whatever got broken on the ASUS devices.

I originally started with a single Asus router because I wanted some features offered by Merlin. Over time due to hardware upgrades I ended up with multiple routers that were compatible with AiMesh. The fact that my house was pre-wired for Ethernet made putting together an AiMesh network with wireless backhaul a pretty simple matter. In the locations where the nodes are there just happen to be wired devices like a printer, a security camera NVR, etc... that were plugged into the LAN ports on the nodes. Once GNP arrived it presented the opportunity to VLAN my IoT devices, including a Hubitat and Hue hubs and a security camera NVR but since my nodes aren't Pro-series I couldn't add the wired devices to the VLANs but which was ultimately solved by adding a couple of cheap managed switches.

At this point I have no issues with my setup other than the lack of built-in ability to add wired devices to GNP VLANs using the LAN ports on the nodes so I'd say the existence of router + AiMesh nodes as designed by Asus works really well for me.

 

[Tech9]

AiMesh nodes as designed by Asus works really well for me

Indeed. Your setup is good for the needs and the discovery Smart Home Master nodes work well with Guest Network Pro router is like a small win in scratch card lottery.

 

[Seth Harman]

Indeed. Your setup is good for the needs and the discovery Smart Home Master nodes work well with Guest Network Pro router is like a small win in scratch card lottery.

Yep. But I agree if I were starting from scratch today I wouldn't necessarily go out and buy the setup I'm currently using.

 

[visortgw]

Yep. But I agree if I were starting from scratch today I wouldn't necessarily go out and buy the setup I'm currently using.

That's probably true for any home network. A home network typically evolves to accommodate evolving requirements as technology changes.

 

[Tech9]

The balance between price, features, performance is important. There is always something better, but often more expensive and not needed.

 

[r80xcore]

The balance between price, features, performance is important. There is always something better, but often more expensive and not needed.

Yes that totally right. I wanted mesh/full coverage around that house but also VLANs for my OPNsense. Landed on the XT8 with node and scripted the VLANs. Wanted a GUI for it for easier access and managing and.. Well, now where here. It's fun to make this and it's starting to come together.

The roadmap right now looks like this:

* make a trunk port script for the LAN ports so that users can daisy chain the node to the master. Here the user will set a tag for the untagged traffic as well as what tags will be preserver. Hopefully this can even make use of non-merlin firmware/routers, but with the limitation that all traffic from the node will be tagged together.
A example would be:

Merlin firmware node connected to LAN1 on merlin main running this trunk. U122 (opnsense/Pfsense sees this as VLAN 122. T123, 124,125 (this is the tags you have on the nodes SSIDs etc and will be preserved and lan in the firewall/opnsense.

Non-merlin node connected to LAN1 on merlin main running this:
U122 (all traffic from this node will be tagged as VLAN 122)

This script as almost ready for testing and if it works will be incorporated into the UI.

* the ability to configure LAN ports on individual nodes.
Right now the script can set up SSIDs seperstely on nodes. This it because it searches for the SSID. If the name doesn't match any SSID nothing happens this way you can configure the whole system through one easy list and the script will handle the rest. But this it not the same on the Lans yet. I will add a way to setup VLANs on the configured nodes that will be pushed to the nodes so we can apply then seperately.

* harden the SSH key installation. On some systems this will need to be made manually. I will add a guided installation in that the user can run easily, either in install of afterward. Probably like:
Do you want to configure SSH keys now?
If yes, the script will guide the used easily. Then all will be done via cli once.


Another note to everyone.
For easy maintenance, setting you nodes to static IPs is highly recommended.
I have though of using macs instead and will research the possibility.

 

[visortgw]

Just a warning to beta testers... I just discovered that my backupmon tasks have not been running for several days. I think that I traced it to my temporary testing with MerVLAN over the weekend. Apparently, the following files were edited by MerVLAN during install, but not properly restored upon uninstall — at a minimum (there may be others), the cru entries for backupmon were missing from services-start:

/jffs/scripts/post-mount
/jffs/scripts/service-event
/jffs/scripts/services-start

I restored these three (3) files from a backup just prior to my MerVLAN testing.

Unfortunately, this is just part of being part of the beta testing community. Yes, backups are your friend! BTW, I am no longer participating in the beta because my only non-VLAN capable node (ZenWiFi BQ16 Pro) cannot run Merlin firmware.

 

[r80xcore]

Just a warning to beta testers... I just discovered that my backupmon tasks have not been running for several days. I think that I traced it to my temporary testing with MerVLAN over the weekend. Apparently, the following files were edited by MerVLAN during install, but not properly restored upon uninstall — at a minimum (there may be others), the cru entries for backupmon were missing from services-start:

/jffs/scripts/post-mount
/jffs/scripts/service-event
/jffs/scripts/services-start

I restored these three (3) files from a backup just prior to my MerVLAN testing.

Unfortunately, this is just part of being part of the beta testing community. Yes, backups are your friend!

Thats strange MerVLAN should only target via a template, leaving all other contents unchanged.

But great that you posted your findings! I will make sure that it does not change or edit anything outside of itself.

Thank you!

 

[Tekko]

Wow, just came across this and this is a godsend! I should've been asleep an hour ago but just kept reading. I've got 2 mesh nodes that can accept Merlin FW and I've got issues currently with Smart Home Master (non-Pro) on my main router (RT-BE92) so this sounds like the perfect solution for me and I, in turn, might be a good beta tester for you @r80xcore

Only problem is I need my network relatively stable as it also runs my Home Assistant. But it's got its issues at the moment anyway, so may as well suffer some extra pain to get to the other side

Networking is probably the weakest skill on my IT resume, but happy to figure things out. Will provide more details tomorrow, gotta go catch some Zzzzs

 

[Seth Harman]

Just a warning to beta testers... I just discovered that my backupmon tasks have not been running for several days. I think that I traced it to my temporary testing with MerVLAN over the weekend. Apparently, the following files were edited by MerVLAN during install, but not properly restored upon uninstall — at a minimum (there may be others), the cru entries for backupmon were missing from services-start:

/jffs/scripts/post-mount
/jffs/scripts/service-event
/jffs/scripts/services-start

I restored these three (3) files from a backup just prior to my MerVLAN testing.

Unfortunately, this is just part of being part of the beta testing community. Yes, backups are your friend! BTW, I am no longer participating in the beta because my only non-VLAN capable node (ZenWiFi BQ16 Pro) cannot run Merlin firmware.

I run backupmon as well so I went in and checked, everything was still in there for me in regards to the cru entry within services-start.