Needing to use Intranet for Wi-Fi access on guest network

[Blackmagic]

I just updated the firmware in my AC68U to to version 386.11. Before the update I had two guest Wi-Fi networks setup that had access Intranet set to off. Using the new firmware, if I set the two guest networks to not access the Intranet there is no connection ability. No devices can connect to the guest networks. I don't know what's wrong here and I spent the better part of two hours trying to get these two guest networks to operate like they did before with Intranet access off.

 

[degrub]

You will get more responses if you post the issue under the Asus AC forum or Merlin forum if using Merlin.

 

[drinkingbird]

I just updated the firmware in my AC68U to to version 386.11. Before the update I had two guest Wi-Fi networks setup that had access Intranet set to off. Using the new firmware, if I set the two guest networks to not access the Intranet there is no connection ability. No devices can connect to the guest networks. I don't know what's wrong here and I spent the better part of two hours trying to get these two guest networks to operate like they did before with Intranet access off.

Generally with the 68U if you want to go to 386.11 you need to do a full factory reset after and reconfigure manually/by hand. Everything after 386.7_2 has NVRAM issues on that router. 386.11 fixes that by removing a few VPN instances and the associated NVRAM variables, but likely when you upgraded, you ran out of NVRAM and some of your settings were lost, so even if you run the script that is included in 386.11 to remove the VPN stuff, some of your stuff is still gone.

Factory reset will clear out everything and also remove the VPN variables that the script removes, leaving you with a fresh install that has sufficient NVRAM, at least assuming you don't then add a ton of custom client names etc.

 

[Blackmagic]

That's not the issue. I ran the factory reset inside the router PRIOR to updating. Then I went in and added all my settings back (which took forever) and rebooted the router.

I have a sneaky suspicion this mesh crap that is all over the router is interfering with the ability to disallow the use of Intranet in guest Wi-Fi networks.

Again, I want my guest Wi-Fi networks to NOT have the ability to use the internal Intranet. I had that disabled in the previous firmware. Now Intranet access needs to be on in order for those guest Wi-Fi networks to have network access. That is the exact opposite of what should be happening and what I'm familer with in the previous firmware. Something's broke here me thinks.

There was no script included in the zip file I downloaded at Sourceforge entitled RT-AC68U_386.11_0.zip SHA256: 384bb5d02eda880d768dec5f9400e79313d7698762af4942ace2343aed56780b with a firmware hash of: 59a7377f3b3a7d61b74ea9a6d12d0c4793020da8fe3c8c74aec174731e3f28cd

 

[drinkingbird]

That's not the issue. I ran the factory reset inside the router PRIOR to updating. Then I went in and added all my settings back (which took forever) and rebooted the router.

I have a sneaky suspicion this mesh crap that is all over the router is interfering with the ability to disallow the use of Intranet in guest Wi-Fi networks.

Again, I want my guest Wi-Fi networks to NOT have the ability to use the internal Intranet. I had that disabled in the previous firmware. Now Intranet access needs to be on in order for those guest Wi-Fi networks to have network access. That is the exact opposite of what should be happening and what I'm familer with in the previous firmware. Something's broke here me thinks.

There was no script included in the zip file I downloaded at Sourceforge entitled RT-AC68U_386.11_0.zip SHA256: 384bb5d02eda880d768dec5f9400e79313d7698762af4942ace2343aed56780b with a firmware hash of: 59a7377f3b3a7d61b74ea9a6d12d0c4793020da8fe3c8c74aec174731e3f28cd

You need to do the reset AFTER updating the router in order to remove the extraneous NVRAM variables. Either that or run the included script that comes with the firmware before re-entering all your settings. The script is loaded on the router with the firmware and you log in with SSH and run it. But now that you've entered all your stuff and probably maxed out your NVRAM, it is too late. How much NVRAM do you have free? It likely isn't enough for all of the AIMESH VLAN configs that get added when you use Guest Wireless 1.

If you don't want to go through that, you can try disabling GW1 and use GW2 and/or 3 instead as they do not add all that AIMESH stuff. If it works that way, still run the script to remove the extra stuff to free up NVRAM space.

I have a 68U with guest networks and intranet disabled and it works fine.

 

[Blackmagic]

Sounds reasonable. I'm apparently only using 30% of RAM though. See screenshot. Maybe I should just run the script anyway. Perhaps it does something in the router to clear this up? Even though I seem to have plenty of RAM?

Been a while since I used SSH with a router. I'm assuming the username and password are my router's. Now, where the literature on the command/s I need to run? Should I just factory defualt everythig once again before I run the command/s? Is a reboot necessary?

 

[drinkingbird]

Sounds reasonable. I'm apparently only using 30% of RAM though. See screenshot. Maybe I should just run the script anyway. Perhaps it does something in the router to clear this up? Even though I seem to have plenty of RAM?

Been a while since I used SSH with a router. I'm assuming the username and password are my router's. Now, where the literature on the command/s I need to run? Should I just factory defualt everythig once again before I run the command/s? Is a reboot necessary?


View attachment 52252

Not RAM. NVRAM, this is where lots of your configuration is stored.

If you factory reset now that you've upgraded to 386.11, you don't need to run the script, the variables will be removed as they are no longer present in the 386.11 firmware, they are only carried over if you upgrade and don't reset after (or run the script).

If you want to SSH in yes the user/pass is the same as the web gui. The command info is in the release notes for 386.11.

You may be able to get away with disabling all guest networks, rebooting, then running the script, then re-enabling guest.

If you have a lot of custom names in the client list, you may still be running low on NVRAM though. While logged into the CLI you can do an "nvram show" and at the end it will tell you how much is used and total.

Personally I'd want to just factory reset it and start over. If you have a lot of custom client names or DHCP reservations you can export and import those but you need the CLI for that.

 

[Blackmagic]

So, yesterday I went in and disabled all guest networks, rebooted and ran the script. Still had the same issue. So today I did a factory reset in the router, added all my settings back and the two guest networks and turned off Intranet ability for those guest networks like I had it before the firmware update and everything worked as it was before. So I thought I was good now, but nope! After I set everything up like I had it before in the settings and whatnot I rebooted the router. Once I rebooted the guest Wi-Fi networks were back to not working unless I enabled Intranet ability yet again. So, I ran the script yet again but that didn't fix anything. As a test I deleted the two Guest 1 networks and created two guest 2 networks without Intranet like I want it and they work. So now it's all working except I had to use guest 2 networks and I'm afraid if I reboot again all will come crashing done once more.

I absolutely don't understand this crap because I've updated Asus Merlin firmware many times and NEVER had an issue. It seems to me this particular version is a little bugger.

I'm wondering if I should just reflash the damn thing and THEN do yet another restore defaults from the get-go like I should have done from the jump. Or I should just go back to DD-WRT like I used many years ago.

Current NVRAM is: size: 58756 bytes (6780 left).

 

[drinkingbird]

So, yesterday I went in and disabled all guest networks, rebooted and ran the script. Still had the same issue. So today I did a factory reset in the router, added all my settings back and the two guest networks and turned off Intranet ability for those guest networks like I had it before the firmware update and everything worked as it was before. So I thought I was good now, but nope! After I set everything up like I had it before in the settings and whatnot I rebooted the router. Once I rebooted the guest Wi-Fi networks were back to not working unless I enabled Intranet ability yet again. So, I ran the script yet again but that didn't fix anything. As a test I deleted the two Guest 1 networks and created two guest 2 networks without Intranet like I want it and they work. So now it's all working except I had to use guest 2 networks and I'm afraid if I reboot again all will come crashing done once more.

I absolutely don't understand this crap because I've updated Asus Merlin firmware many times and NEVER had an issue. It seems to me this particular version is a little bugger.

I'm wondering if I should just reflash the damn thing and THEN do yet another restore defaults from the get-go like I should have done from the jump. Or I should just go back to DD-WRT like I used many years ago.

Current NVRAM is: size: 58756 bytes (6780 left).

You're not attempting to use static IPs or DHCP reservations of guest wireless 1 clients are you? GW1 uses different subnets from the main LAN now.

Also are your clients using a DNS server on your main LAN? That won't work either, they must point to the DNS the router gives them, or one on the Internet when on GW1.

I've been running 386.11 for a month or more with GW1 in use and it has been solid.

 

[Blackmagic]

No, none of that fancy stuff. I just enable the guest Wi-Fi networks and turn off Intranet capability. Nothing more, nothing less.

I'm using my second exact same Asus router now, but when I get time I'll just reflash and try this again.

 

[drinkingbird]

No, none of that fancy stuff. I just enable the guest Wi-Fi networks and turn off Intranet capability. Nothing more, nothing less.

I'm using my second exact same Asus router now, but when I get time I'll just reflash and try this again.

If you did a hard reset shouldn't need to re-flash. Can't hurt I guess. When the clients have no internet connection, what IP do they have, 192.168.101.x/192.168.102.x or something else?

You can also do both the hard reset using WPS button and the reset in the GUI with "initialize settings" checked off.

If you really want to go nuclear
1. Hard reset
2. Configure just enough to get in, flash firmware
3. Hard reset
4. Configure just enough to get in, soft reset with "initialize defaults"
5. Configure just enough to get in, let the CPU settle down
6. Set "format jffs at next boot", apply and reboot
7. Let CPUs settle, enable/configure your guest network with intranet disabled, apply and reboot

2.4 ghz clients on guest 1 should get 192.168.101.x IPs and 5ghz clients on guest 1 should get 192.168.102.x IPs (when you have intranet disabled).

Guest 2 and 3 should get IPs from your main LAN subnet whether intranet is enabled or not.

 

[Blackmagic]

You can also do both the hard reset using WPS button and the reset in the GUI with "initialize settings" checked off.

About that WPS button, this router, an AC68u has an actual reset button and I saw on Asus' website to use that. Am I missing something here?

 

[ColinTaylor]

Am I missing something here?

Yes.

[Wireless Router] When Standard Reset Isn’t Working: Hard Factory Reset - Models list | Official Support | ASUS Global

Hard Factory Reset could be an alternative solution when the standard reset procedure fails to restore your router to factory default.

 

[drinkingbird]

About that WPS button, this router, an AC68u has an actual reset button and I saw on Asus' website to use that. Am I missing something here?

Mine has the same, it basically restores factory defaults but does not format JFFS I believe. WPS method is better.