MerVLAN v0.52.93 Simple and Powerful VLAN Management **BETA**

[mistermoonlight1]

In this you don't have boot or cron enabled at all. You try pressing "enable services", copy the file again. Make sure it sticks after a reboot too.

Everytime you uninstall the addon the boot gets disabled. This have happened before when updating too but should be fixed but I'll double check it anyway.

The timing are there to give the unit a little more time to get the SSIDs up. I could move them to the scripts themselves but is doesn't really make any difference for the file. It will just wait 5s/10s then continue. I think the problem is either:

Boot parameter is resetting for some reason. Need to figure out when and where in that case.

Or the manager is executed before the install resulting in missing files and folders. I. Might fix that by making the install always get before the manager. Or doing a guard by making the folder/files creation part of the manager too to guard it. But it should already create the needed parts itself. I'll check in to that.

Hi

One thing is sure, even adding a long 120s sleep in the services-start script before your section at the end of this script does not change anything at all (so the timing issue is not there if there is one)

Each time i do a full uninstall then a complete reinstall, create the vlan manually, put the dry mode at off, saves, apply vlan (that works), and then enable the service. And if i query the service status, it is enabled (when the boot did not reinstall the defined vlan):

before refresh of the log windows:

2026-02-07 13:20:03 [INFO] Installed service-event with MERV_BASE=/jffs/addons/mervlan (setup-only)
2026-02-07 13:20:03 [INFO] Skipping node propagation for 'setupenable' (MERV_SKIP_NODE_SYNC=1)

after refresh of log window:

2026-02-07 13:20:03 [INFO] Installed service-event with
MERV_BASE=/jffs/addons/mervlan (setup-only)
2026-02-07 13:20:03 [INFO] Skipping node propagation for 'setupenable'
(MERV_SKIP_NODE_SYNC=1)
2026-02-07 13:25:19 [INFO] === VLAN Client Collection Started ===
2026-02-07 13:25:19 [INFO] Collecting clients from main router (JSON)...
2026-02-07 13:25:19 [INFO] Collecting VLAN clients (MAC-only) on Main
Router
2026-02-07 13:25:19 [INFO] collect_local_clients:
COLLECTDIR='/tmp/mervlan_tmp/client_collection'
OUT='/tmp/mervlan_tmp/client_collection/main.json'
2026-02-07 13:25:20 [INFO] Detected trunk ports: none
2026-02-07 13:25:20 [INFO] No active clients found on Main Router
2026-02-07 13:25:20 [INFO] ✓ Main router collection completed
2026-02-07 13:25:20 [INFO] No nodes configured in settings.json
2026-02-07 13:25:20 [INFO] Merging JSON results...
2026-02-07 13:25:20 [INFO] ✓ Client collection completed - JSON saved to
 /tmp/mervlan_tmp/results/vlan_clients.json
2026-02-07 13:25:20 [INFO] === VLAN Client Collection Finished ===

And if i am just doing a status query:

2026-02-07 13:27:25 [INFO] Status:
2026-02-07 13:27:25 [INFO] <--- Main Unit --->
2026-02-07 13:27:25 [INFO] RT-AC86U boot=enabled addon=active service-event=active cron=absent is_node=no

So the boot service is enable, but no vlan reinstalled, the cron was not installed. But i made this boot test with a very long 120secs sleep so everything should be settled down i guess once your install script was ran. But if i click to enable the service at this point (it is already enabled according to the status), the cron will install and self-healing will occur shortly to repair the unconfigured vlan at startup...

 

[mistermoonlight1]

@r80xcore

Is this normal expected script content:

### >>> MERVLAN START: services-start [tpl=services-start-addon.v2.tpl md5=87a767c5ef943a3116de34dfd2f61566]
# MerVLAN mount addon on boot
sleep 5
/jffs/addons/mervlan/install.sh >/dev/null 2>&1 || :
### <<< MERVLAN END: services-start [tpl=services-start-addon.v2.tpl md5=87a767c5ef943a3116de34dfd2f61566]

at the end of this line with content "mervlan/install.sh", there are these ending characters " || :"?
I was just not sure this is correct script behavior with the following content. It just looks something is missing visually...

Thanks

 

[r80xcore]

@r80xcore

Is this normal expected script content:

### >>> MERVLAN START: services-start [tpl=services-start-addon.v2.tpl md5=87a767c5ef943a3116de34dfd2f61566]
# MerVLAN mount addon on boot
sleep 5
/jffs/addons/mervlan/install.sh >/dev/null 2>&1 || :
### <<< MERVLAN END: services-start [tpl=services-start-addon.v2.tpl md5=87a767c5ef943a3116de34dfd2f61566]

at the end of this line with content "mervlan/install.sh", there are these ending characters " || :"?
I was just not sure this is correct script behavior with the following content. It just looks something is missing visually...

Thanks

the "|| :" means that we continue on errors. This is to prevent the addon from stalling the services-start if there are other inserts here.

But why i wanted to see the full file was so see the order thing have been injected.
Is install.sh first or last?

 

[mistermoonlight1]

the "|| :" means that we continue on errors. This is to prevent the addon from stalling the services-start if there are other inserts here.

But why i wanted to see the full file was so see the order thing have been injected.
Is install.sh first or last?

At the end of the script, i posted the full content a few posts ago. There is a single other line at the beginning that install a cron job ran each hour that was there before mervlan was installed...

see: https://www.snbforums.com/threads/m...werful-vlan-management-beta.95936/post-983950

i will make a test and disable the other line, just in case at boot time it creates an error that makes the script aborts...

 

[r80xcore]

At the end of the script, i posted the full content a few posts ago. There is a single other line at the beginning that install a cron job ran each hour that was there before mervlan was installed...

see: https://www.snbforums.com/threads/m...werful-vlan-management-beta.95936/post-983950

i will make a test and disable the other line, just in case at boot time it creates an error that makes the script aborts...

I'm currently fixing the last stuff in the new update.

I have tried to fix the boot issues by using a wrapper instead. This way we have clear rules on what needs to be present when we boot but keep the services-start clean.
Hopefully this will fix this for you.

I'll post when it's up.

 

[mistermoonlight1]

"i will make a test and disable the other line, just in case at boot time it creates an error that makes the script aborts..."

This does not change anything to mervlan behavior, it does not start. I may say that i think it is worst than v0.52.7 for this specific behavior: i never see v0.52.8 started correctly at boot time. The previous version was around 50% failure. So i guess with enough traces to follow the normal script operation behavior in the logs, we could see between what points it is going bad as it is never working each boot now?

 

[r80xcore]

"i will make a test and disable the other line, just in case at boot time it creates an error that makes the script aborts..."

This does not change anything to mervlan behavior, it does not start. I may say that i think it is worst than v0.52.7 for this specific behavior: i never see v0.52.8 started correctly at boot time. The previous version was around 50% failure. So i guess with enough traces to follow the normal script operation behavior in the logs, we could see between what points it is going bad as it is never working each boot now?

I have updated the addon and the boot now correctly runs and creates full logs when i reboot (i also suffered the bug before, i just realized too late). Sorry for this pesky boot issue.

I had a problem with the mervlan_update not running correctly on 0.52.8. This can be due to the test enviroment but if you have any issues with that update with this command :

/usr/sbin/curl -fsL --retry 3 "https://raw.githubusercontent.com/r80xcore/mervlan/dev/functions/update_mervlan.sh" -o "/jffs/addons/mervlan/functions/update_mervlan.sh" && \
chmod 0755 /jffs/addons/mervlan/functions/update_mervlan.sh && \
/jffs/addons/mervlan/functions/update_mervlan.sh update dev

Or just update via the tarball in install.sh


This update also improves the already half implemented STP feature to a full STP that can handle more complex configurations like nodes and trunks.

I have removed the deprecated "persistent" feature and have put the STP option there instead .

The trunk feature has been improved but needs heavy testing. But thats also why it's labeled as an experimental feature. Fun to test, but i would not rely on it yet.

I have improved the help section to include a more detailed help flow. Still under construction, but most of the features are covered there now.

 

[mistermoonlight1]

@r80xcore
Hi!

Fully install from clean dev v0.52.9. I reconfigured everything from scratch, as usual. 1st boot attemp, it works correctly installed the cron, reapplied the defined vlan, etc. 2nd boot attempt, it did not work with similar behavior as previously. Now searching through syslog in an attempt to identfy the last mervlan related trace i found outside of the event manager...

Thanks

 

[mistermoonlight1]

@r80xcore
Hi

It looks like this of a fail boot of v0.52.9 for syslog mervlan traces:

Dec 31 19:00:26 mervlan: Mounting mervlan as user1.asp
Dec 31 19:00:26 mervlan: Logs & folder structure complete!
Dec 31 19:00:26 mervlan: Backup directory created successfully
Dec 31 19:00:26 mervlan: SSH public key not present yet, skipping publish
Dec 31 19:00:26 mervlan: Symlinks created successfully
Dec 31 19:00:26 mervlan: Installed tab 'MerVLAN' under LAN -> user1.asp

Dec 31 19:00:27 mervlan: addon setupenable completed (post-install)
Dec 31 19:00:27 mervlan: Nodeenable skipped (no nodes configured or SSH keys not installed)

and mervlan log looks like trhis after a status request:

2023-12-31 19:00:27 [INFO] Installed service-event with
MERV_BASE=/jffs/addons/mervlan (setup-only)
2023-12-31 19:00:27 [INFO] Skipping node propagation for 'setupenable'
(MERV_SKIP_NODE_SYNC=1)
2026-02-07 17:26:17 [INFO] Status:
2026-02-07 17:26:17 [INFO] <--- Main Unit --->
2026-02-07 17:26:17 [INFO] RT-AC86U boot=enabled addon=active
service-event=active cron=absent is_node=no
2026-02-07 17:41:25 [INFO] === VLAN Client Collection Started ===
2026-02-07 17:41:25 [INFO] Collecting clients from main router (JSON)...
2026-02-07 17:41:25 [INFO] Collecting VLAN clients (MAC-only) on Main
Router
2026-02-07 17:41:25 [INFO] collect_local_clients:
COLLECTDIR='/tmp/mervlan_tmp/client_collection'
OUT='/tmp/mervlan_tmp/client_collection/main.json'
2026-02-07 17:41:25 [INFO] Detected trunk ports: none
2026-02-07 17:41:26 [INFO] No active clients found on Main Router
2026-02-07 17:41:26 [INFO] ✓ Main router collection completed
2026-02-07 17:41:26 [INFO] No nodes configured in settings.json
2026-02-07 17:41:26 [INFO] Merging JSON results...
2026-02-07 17:41:26 [INFO] ✓ Client collection completed - JSON saved to
 /tmp/mervlan_tmp/results/vlan_clients.json
2026-02-07 17:41:26 [INFO] === VLAN Client Collection Finished ===
2026-02-07 17:41:48 [INFO] Status:
2026-02-07 17:41:48 [INFO] <--- Main Unit --->
2026-02-07 17:41:48 [INFO] RT-AC86U boot=enabled addon=active
service-event=active cron=absent is_node=no

boot_wrap.log

2023-12-31 19:00:26 [INFO] === boot_wrap invoked: mode=install ===
2023-12-31 19:00:26 [INFO] Flag not found — running install.sh
[install] Mounting web UI page: user1.asp
[install] Creating runtime directories and logs
[install] Runtime symlinks created
[install] Web UI tab installed: LAN -> MerVLAN (user1.asp)
[install] Installing service-event hooks
[install] Service-event hooks installed
[install] Installation complete!
2023-12-31 19:00:27 [INFO] install.sh completed successfully (rc=0)
2023-12-31 19:00:27 [INFO] Flag written: /tmp/mervlan_tmp/flags/.install_ok
2023-12-31 19:00:27 [INFO] === boot_wrap finished: mode=install ===

Thanks

 

[mistermoonlight1]

@r80xcore
Hi!

Ok i think i found something now. I just made a little manual patch for experiment and got four correct boots in a row with vlan reinstalled and the gui logs seeing also the active vlan. It is not a suggestion that it must be changed that way as may be things are not made in correct order with that experiment. Here is what i changed:

services-start.sh:

/jffs/addons/mervlan/functions/mervlan_boot.sh enable
### >>> MERVLAN START: services-start [tpl=services-start-addon.v2.tpl md5=fbcdf6b57b146caf6aa383947bdb8b01]
# MerVLAN mount addon on boot
sleep 5
/jffs/addons/mervlan/functions/mervlan_boot_wrap.sh install </dev/null >/dev/null 2>&1 &
### <<< MERVLAN END: services-start [tpl=services-start-addon.v2.tpl md5=fbcdf6b57b146caf6aa383947bdb8b01]

Probably with a wrong boot this line is never call to install the cron job?

Additionnals tests to be done in quest of side effects...

Thanks

 

[r80xcore]

@r80xcore
Hi!

Ok i think i found something now. I just made a little manual patch for experiment and got four correct boots in a row with vlan reinstalled and the gui logs seeing also the active vlan. It is not a suggestion that it must be changed that way as may be things are not made in correct order with that experiment. Here is what i changed:

services-start.sh:

/jffs/addons/mervlan/functions/mervlan_boot.sh enable
### >>> MERVLAN START: services-start [tpl=services-start-addon.v2.tpl md5=fbcdf6b57b146caf6aa383947bdb8b01]
# MerVLAN mount addon on boot
sleep 5
/jffs/addons/mervlan/functions/mervlan_boot_wrap.sh install </dev/null >/dev/null 2>&1 &
### <<< MERVLAN END: services-start [tpl=services-start-addon.v2.tpl md5=fbcdf6b57b146caf6aa383947bdb8b01]

Probably with a wrong boot this line is never call to install the cron job?

Additionnals tests to be done in quest of side effects...

Thanks

mervlan v0.52.91

mervlan_boot.sh — Hotfix
- Fixed a bug where the boot template injection could silently remove other
template blocks from services-start. When the addon block was re-injected
on boot, everything after it (including the manager and cron entries) was
dropped. This caused VLANs and the health-check cron job to not be restored
on the second reboot, even though the first boot worked fine.

I confirmed the bug and it was indeed removing the injections. But now after a reboot everything is enabled.

Make sure to remove you custom "mervlan_boot.sh enable" before rebooting and make sure services are enabled before rebooting

 

[mistermoonlight1]

@r80xcore

Hi!

Good news!
I made a quick test for dev v0.52.91 fully install on a clean system, reconfigured everything (after removing the patch i added as an experiment manually), and it booted correctly 4 times in a row (the vlan was restored)!

I will continue deeper testing once i have additionnal time...

Thanks!

 

[Stpa67]

Can you install this on an RT-AX58U in AP mode? and is it possible assign specific wifi devices to vlans based on mac? and get tagged traffic out the wan port?

 

[r80xcore]

Can you install this on an RT-AX58U in AP mode? and is it possible assign specific wifi devices to vlans based on mac? and get tagged traffic out the wan port?

Hi! The RT-AX58U is a supported device. Yes, this addon is made specifically for AP mode and it while it can't do MAC based VLAN tagging you can tag a SSID or a LAN port. This will give you tagged traffic out of the WAN port for all the devices connected to the specific SSID or port.

An an example, I have six SSIDs on my two XT8 configured as mesh.
Three SSIDs are untagged and three SSIDs are tagged like this:
SSID1 VLAN 187
SSID2 VLAN 188
SSID3 VLAN 189

On my managed switch I have T187,T187,T189, U1 on those two ports. The it all goes to opnsense.

 

[Stpa67]

Hi! The RT-AX58U is a supported device. Yes, this addon is made specifically for AP mode and it while it can't do MAC based VLAN tagging you can tag a SSID or a LAN port. This will give you tagged traffic out of the WAN port for all the devices connected to the specific SSID or port.

An an example, I have six SSIDs on my two XT8 configured as mesh.
Three SSIDs are untagged and three SSIDs are tagged like this:
SSID1 VLAN 187
SSID2 VLAN 188
SSID3 VLAN 189

On my managed switch I have T187,T187,T189, U1 on those two ports. The it all goes to opnsense.

If you could do that, mac based vlan tagging from wifi devices it would be supergreat.

I have everything on wifi nowadays (no cabling) and separating wifi devices to tagged or untagged vlans based on mac would be really great.

I mean i could connect my rt-ax58u with one cable to my router and separete all devices to their appropriate vlans.

Untagged goes to the default native vlan and tagged is put on their separete vlans with their separete policies like printers, iot's, departments and stuff

 

[r80xcore]

If you could do that, mac based vlan tagging from wifi devices it would be supergreat.

I have everything on wifi nowadays (no cabling) and separating wifi devices to tagged or untagged vlans based on mac would be really great.

I mean i could connect my rt-ax58u with one cable to my router and separete all devices to their appropriate vlans.

Untagged goes to the default native vlan and tagged is put on their separete vlans with their separete policies like printers, iot's, departments and stuff

MAC based VLANs could theoretically be possible using iptables but it would require a substantial amount of work from the ground up. Even then it would be CPU bound which could be a problem. Interesting though. I'm using some iptables right now but that's only to seperate the vlans if a trunk port is configured for daisy chaining units.

I'm only using one cable to my AP. On it I have one WiFi SSID for IoT, one for the kids and one for media, TV and computers.

On my IoT WiFi I have printers, light bulbs, Google devices etc then I make the rules in opnsense for what devices are allowed to talk to other networks or clients.

This seperate my not so secure devices from my more secure devices and gives me more granular control.

So right now you can get that separation, just not via Mac, instead you decide by connecting the device to the appropriate WiFi network.

Functionwise the result is the same.

Edit. All untagged traffic on the device is untouched so you can safely pass that too.

 

[Stpa67]

MAC based VLANs could theoretically be possible using iptables but it would require a substantial amount of work from the ground up. Even then it would be CPU bound which could be a problem. Interesting though. I'm using some iptables right now but that's only to seperate the vlans if a trunk port is configured for daisy chaining units.

I'm only using one cable to my AP. On it I have one WiFi SSID for IoT, one for the kids and one for media, TV and computers.

On my IoT WiFi I have printers, light bulbs, Google devices etc then I make the rules in opnsense for what devices are allowed to talk to other networks or clients.

This seperate my not so secure devices from my more secure devices and gives me more granular control.

So right now you can get that separation, just not via Mac, instead you decide by connecting the device to the appropriate WiFi network.

Functionwise the result is the same.

Edit. All untagged traffic on the device is untouched so you can safely pass that too.

I am gonna test and see what can be done with different ssid's. I got a unifi cloud gateway ultra for christmas and fired it up a 2 days ago. Thats why i changed my ax58u from router to AP mode.

 

[Stpa67]

MAC based VLANs could theoretically be possible using iptables but it would require a substantial amount of work from the ground up. Even then it would be CPU bound which could be a problem. Interesting though. I'm using some iptables right now but that's only to seperate the vlans if a trunk port is configured for daisy chaining units.

I'm only using one cable to my AP. On it I have one WiFi SSID for IoT, one for the kids and one for media, TV and computers.

On my IoT WiFi I have printers, light bulbs, Google devices etc then I make the rules in opnsense for what devices are allowed to talk to other networks or clients.

This seperate my not so secure devices from my more secure devices and gives me more granular control.

So right now you can get that separation, just not via Mac, instead you decide by connecting the device to the appropriate WiFi network.

Functionwise the result is the same.

Edit. All untagged traffic on the device is untouched so you can safely pass that too.

I think ssid based vlans could work, unfortunately the unifi is heavily used right now and if i start to tinker with it there will be a lot of screaming but i will give merVLAN a try next week when when everyone is out.

 

[r80xcore]

I think ssid based vlans could work, unfortunately the unifi is heavily used right now and if i start to tinker with it there will be a lot of screaming but i will give merVLAN a try next week when when everyone is out.

I feel you. I'm currently in the process of upgrading from my 1GbE Netgear 108tv1 switch to a 10GbE/2.5GbE MikroTik CRS310. So I'm going to change out both my switch and one of my network cards. Figure it will be fairly easy but something always finds a way to bite you so when the kids & wife are out next week or so I'm going at it!

 

[RaccoonNL]

@r80xcore I am trying to configure Mervlan, but need some extra help. You mentioned before that you use Opnsense also, so that's why I am asking you.

My setup:
ONT --> Opnsense --> Asus RT-AC5300

Opnsense has two VLAN's at the WAN side, vlan 4 needed for multicast IPTV and vlan 6 needed for internet access. ( this is required from ISP)
At the LAN side I have setup 4 vlan's; main, IoT, guest and IPTV
I am using Kea DHCP and added all interfaces, subnets and ip pools for each internal vlan.

Asus RT-AC5300 is my old/spare router I am using to test mervlan and Opnsense setup. When I get everything working I am replacing with two RT-AX88U Pro routers.
To test, I unplug my main AX88U pro router from ONT and connect my Opnsense router to it.

My question is, how do I setup mervlan in combination with vlans of Opnsense?
My main network uses vlan 10 on Opnsense. When I add vlan 10 to my main ssid using mervlan, I am no longer able to connect to my main wifi network, as if my laptop does not recieve an ip. ( I think).

What am I missing?

Thanks in advance,
RaccoonNL