What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

MerVLAN v0.46 Simple and Powerful VLAN Management **BETA**

r80xcore said:
Yea sorry forgot to answer that.
Simply put:
In AP mode you lose all features like DHCP, firewall and many other features and the units only work is to pass the traffic to another unit that does that.

As an example I run OPNsense as my firewall/DHCP trafficker.
So my APs goes to a managed switch via cable and that switch passes the traffic/vlans to opnsense. More advanced but often provides much more stability, security & longevity.
Click to expand...

I think we're talking at cross-purposes a little bit here and the reference to OPNSense/Firewall/DHCP etc is (hopefully) a bit of a red herring:
  • I am guessing Tekko (certainly me) and I believe @Seth Harman and @visortgw all have a Main Router in the Default Wirelss Router Mode, that does all the DHCP, Firewall etc. work. This is the first item on the Router setup list.
  • Connected to that Primary Router are AiMesh Nodes, configured using the last item on the list; AFAIK, while many still use AP mode, as AiMesh got (a bit) better, AP Mode is not as prevalent or favoured as it once was.
  • AP Mode (2nd item), if applied to the Nodes, fits your script. You say that ONLY AP Mode does.
  • Where the confusion lies (at least for me) is if I change all my AiMesh nodes to APs just to run the script on them, what happens to the Primary Router?
  • In your example(s) above you refer to a Main Router; does this retain all ROUTING/DHCP/FIREWALL functions?
  • I ask as it appears none of your own Asus devices are actually used as Routers, simply as APs and all your Routing/DHCP is done by OPNSense, correct?
So the question is, if folks do not want to delve into OPNSense or some other system that replaces their primary router (which perfoms all those functions capably well), can they leave their Asus Router as a ROUTER, change their AiMesh Units to APs AND put in a Managed Switch* (where the examples above requires it) and have it work? Because I know this is what I was thinking how it might work, and I think @Tekko did too.

* As above the same end result of VLAN Tagging at the Nodes Ethernet ports can be achieved by simply putting that same managed switch behind the non-VLAN node; and it works wirelessly.

Sorry, not trying to burst your bubble here, I think I may have (mis)interpreted, from your original posts, what the script does, but mainly what is required to be able to make it do so.

Setup.png
 
Last edited:
jksmurf said:
I think we're talking at cross-purposes a little bit here and the reference to OPNSense/Firewall/DHCP etc is (hopefully) a bit of a red herring:
  • I am guessing Tekko (certainly me) and I believe @Seth Harman and @visortgw all have a Main Router in the Default Wirelss Router Mode, that does all the DHCP, Firewall etc. work. This is the first item on the Router setup list.
  • Connected to that Primary Router are AiMesh Nodes, configured using the last item on the list; AFAIK, while many still use AP mode, as AiMesh got (a bit) better, AP Mode is not as prevalent or favoured as it once was.
  • AP Mode (2nd item), if applied to the Nodes, fits your script. You say that ONLY AP Mode does.
  • Where the confusion lies (at least for me) is if I change all my AiMesh nodes to APs just to run the script on them, what happens to the Primary Router?
  • In your example(s) above you refer to a Main Router; does this retain all ROUTING/DHCP/FIREWALL functions?
  • I ask as it appears none of your own Asus devices are actually used as Routers, simply as APs and all your Routing/DHCP is done by OPNSense, correct?
So the question is, if folks do not want to delve into OPNSense or some other system that replaces their primary router (which perfoms all those functions capably well), can they leave their Asus Router as a ROUTER, change their AiMesh Units to APs AND put in a Managed Switch* (where the examples above requires it) and have it work? Because I know this is what I was thinking how it might work, and I think @Tekko did too.

* As above the same end result of VLAN Tagging at the Nodes Ethernet ports can be achieved by simply putting that same managed switch behind the non-VLAN node; and it works wirelessly.

View attachment 68882
Click to expand...

I'm using my two XT8 in ap-mode. One is in Access Point mode and the other other in AiMesh mode.


To be able to route the VLANs you need an VLAN-aware device that can route them. This is something that is NOT included in MerVLAN Manager and frankly, if you only want to isolate clients, Guest SSIDs already so this for you.

I would be interested in adding or at least try to add this feature in a future release. As of now the only thing that will happen if you run this addon and apply VLANs without a managed switch or a Vlan-aware unit (like the pro) that can route this is that the traffic will dissappear as there is no dhcp leases available.

Adding a feature like this would involve a lot of work with both dhcp and firewall as the vlans isolates the traffic from Asus own system.
 
jksmurf said:
I think we're talking at cross-purposes a little bit here and the reference to OPNSense/Firewall/DHCP etc is (hopefully) a bit of a red herring:
  • I am guessing Tekko (certainly me) and I believe @Seth Harman and @visortgw all have a Main Router in the Default Wirelss Router Mode, that does all the DHCP, Firewall etc. work. This is the first item on the Router setup list.
  • Connected to that Primary Router are AiMesh Nodes, configured using the last item on the list; AFAIK, while many still use AP mode, as AiMesh got (a bit) better, AP Mode is not as prevalent or favoured as it once was.
  • AP Mode (2nd item), if applied to the Nodes, fits your script. You say that ONLY AP Mode does.
  • Where the confusion lies (at least for me) is if I change all my AiMesh nodes to APs just to run the script on them, what happens to the Primary Router?
  • In your example(s) above you refer to a Main Router; does this retain all ROUTING/DHCP/FIREWALL functions?
  • I ask as it appears none of your own Asus devices are actually used as Routers, simply as APs and all your Routing/DHCP is done by OPNSense, correct?
So the question is, if folks do not want to delve into OPNSense or some other system that replaces their primary router (which perfoms all those functions capably well), can they leave their Asus Router as a ROUTER, change their AiMesh Units to APs AND put in a Managed Switch* (where the examples above requires it) and have it work? Because I know this is what I was thinking how it might work, and I think @Tekko did too.

* As above the same end result of VLAN Tagging at the Nodes Ethernet ports can be achieved by simply putting that same managed switch behind the non-VLAN node; and it works wirelessly.

Sorry, not trying to burst your bubble here, I think I may have (mis)interpreted, from your original posts, what the script does, but mainly what is required to be able to make it do so.

View attachment 68882
Click to expand...
Thx for doing the heavy lifting 😉
@r80xcore was explaining the difference between AP and router (which I'm well aware of) instead of the much more relevant difference between AP and Mesh node.

In essence I indeed believe we're trying to achieve something similar @jksmurf, the difference might be that I dont have GNP so no native/full VLAN support on my router to start with.

What I thought this does is offer full, proper, VLAN (at least for wireless) across nodes (In this case AP's only so it would seem) for all guest networks setup in the main router instead of the current wonky Asus implementation across Mesh router and nodes.
 
Last edited:
Tekko said:
Thx for doing the heavy lifting 😉
@r80xcore was explaining the difference between AP and router (which I'm well aware of) instead of the much more relevant difference between AP and Mesh node.

In essence I indeed believe we're trying to achieve something similar @jksmurf, the difference might be that I dont have GNP so no native/full VLAN support on my router to start with.

What I thought this does is offer full, proper, VLAN (at least for wireless) across nodes (In this case AP's only so it would seem) for all guest networks setup in the main router.
Click to expand...
The addon work the same on AP's as nodes. There really no difference there. But with seperate AP you would need to manually set up SSH but as the node pulls this from the main AP on boot this is automatic.

As said, this needs a managed switch or vlan aware hardware. Getting full VLAN support in router mode would be a really big project. You could probably just add a dhcp on the vlan but you need the firewall for safety and there's a lot of moving parts there.

There's also the issue of hardware acceleration that might stop working and result in bad performance.

Still,when this addon is stable, I might look into that.
 
You must log in or register to reply here.

Similar threads

r80xcore
Looking for testers for MerVLAN
2 3 4
Replies
68
Views
2K
r80xcore
r80xcore
r80xcore
Tutorial Asus ZenWiFi XT8 VLAN/SSID Bridge Script (Merlin/Gnuton)
Replies
7
Views
2K
r80xcore
r80xcore
J
Guest Network Pro Issues With AiMesh Node
Replies
14
Views
2K
visortgw
visortgw
W
GT-AXE1600 Firewalla Gold
Replies
8
Views
2K
woodgray
W
J
"The wifi interface has reached its maximum" and "For older AiMesh nodes, there are limitations on syncing all bands"
Replies
1
Views
816
jksmurf
J
Similar threads
Thread starter Title Forum Replies Date
MegaMango XrayUI – A Simple Way to Manage Xray-Core on the ASUS Router Asuswrt-Merlin AddOns 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,264 (members: 17, guests: 2,247)
Back
Top