OPNSense VLAN tagging with Merlin routers as AiMesh APs

ToasterPC · Jan 9, 2024

Hey there!

I've been up all night banging my head against this problem. I'm trying to get both a GT-AX11000 and a RT-AX86U (both running Merlin version 3004.388.5_0) to work using a 2.5GbE backhaul for AiMesh in AP mode with separate VLANs for each of the Guest Networks, but so far, the GT has been inconsistent with the tag been applied to each network, and after applying them the router itself loses connectivity but anything connected wirelessly to it maintains it.

Running brctl show gets me the following output:

Code:

bridge name     bridge id               STP enabled     interfaces
br0             8000.40b076c1b820       no              eth0
                                                        eth1
                                                        eth2
                                                        eth3
                                                        eth4
                                                        eth5
                                                        eth6
                                                        eth7
                                                        eth8
                                                        wl0.1
                                                        wl0.2
                                                        wl0.3
                                                        wl1.1
                                                        wl1.2
                                                        wl1.3
                                                        wl2.1
                                                        wl2.2
                                                        wl2.3

And I'm trying to run the following script to handle the tagging:

Bash:

#### Info #########################################################
#                             GT-AX11000
#
# eth0      Physical port WAN
# eth1      Physical port 1
# eth2      Physical port 2
# eth3      Physical port 3
# eth4      Physical port 4
# eth5      Physical port 2.5GbE
#
# eth6      WiFi 2.4GHz
# eth7      WiFi 5.0GHz
#
# wl0.1     WiFi 2.4GHz guest1
# wl0.2     WiFi 2.4GHz guest2
# wl0.3     WiFi 2.4GHz guest3
#
# wl1.1     WiFi 5.0GHz-1 guest1
# wl1.2     WiFi 5.0GHz-1 guest2
# wl1.3     WiFi 5.0GHz-1 guest3

# wl2.1     WiFi 5.0GHz-2 guest1
# wl2.2     WiFi 5.0GHz-2 guest2
# wl2.3     WiFi 5.0GHz-2 guest3
###################################################################
script="/jffs/scripts/services-start"
ip="192.168.3.2" # Default network static IP
taggedPort="eth5" # Tagged "WAN" port
otherPorts="eth0 eth1 eth2 eth3 eth4 eth6" # Other ports
guest1_1="wl0.1" # Guest network 1 interface 2.4GHz
guest1_2="wl0.2" # Guest network 2 interface 2.4GHz
guest1_3="wl0.3" # Guest network 3 interface 2.4GHz
guest2_1="wl1.1" # Guest network 1 interface 5GHz-1
guest2_2="wl1.2" # Guest network 2 interface 5GHz-1
guest2_3="wl1.3" # Guest network 3 interface 5GHz-1
guest3_1="wl2.1" # Guest network 1 interface 5GHz-2
guest3_2="wl2.2" # Guest network 2 interface 5GHz-2
guest3_3="wl2.3" # Guest network 3 interface 5GHz-2
vlanId0=10 # Default network VLAN ID
vlanId1=40 # Guest network 1 VLAN ID (Guests)
vlanId2=20 # Guest network 2 VLAN ID (IoT)
vlanId3=30 # Guest network 3 VLAN ID (Security)

tee "${script}" > /dev/null << EOF
#!/bin/sh

# Remove separate networks from default bridge
brctl delif br0 ${taggedPort}
brctl delif br0 ${guest1_1}
brctl delif br0 ${guest1_2}
brctl delif br0 ${guest1_3}
brctl delif br0 ${guest2_1}
brctl delif br0 ${guest2_2}
brctl delif br0 ${guest2_3}
brctl delif br0 ${guest3_1}
brctl delif br0 ${guest3_2}
brctl delif br0 ${guest3_3}

# Add VLANs
ip link add link ${taggedPort} name ${taggedPort}.${vlanId0} type vlan id ${vlanId0}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId1} type vlan id ${vlanId1}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId2} type vlan id ${vlanId2}
ip link add link ${taggedPort} name ${taggedPort}.${vlanId3} type vlan id ${vlanId3}
ip link set ${taggedPort}.${vlanId0} up
ip link set ${taggedPort}.${vlanId1} up
ip link set ${taggedPort}.${vlanId2} up
ip link set ${taggedPort}.${vlanId3} up

# Default network
ifconfig br0 "${ip}" netmask 255.255.255.0
brctl addif br0 ${taggedPort}.${vlanId0}
nvram set lan_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"
nvram set br0_ifnames="${otherPorts} ${taggedPort}.${vlanId0}"

# Guest network 1
brctl addbr br1
brctl addif br1 ${taggedPort}.${vlanId1}
brctl addif br1 ${guest1_1}
brctl addif br1 ${guest1_2}
brctl addif br1 ${guest1_3}
ip link set br1 up
nvram set lan1_ifnames="${guest1_1} ${taggedPort}.${vlanId1}"
nvram set br1_ifnames="${guest1_1} ${taggedPort}.${vlanId1}"
nvram set lan1_ifnames="${guest1_2} ${taggedPort}.${vlanId1}"
nvram set br1_ifnames="${guest1_2} ${taggedPort}.${vlanId1}"
nvram set lan1_ifnames="${guest1_3} ${taggedPort}.${vlanId1}"
nvram set br1_ifnames="${guest1_3} ${taggedPort}.${vlanId1}"
nvram set lan1_ifname="br1"
nvram set br1_ifname="br1"
nvram set ${guest1_1}_ap_isolate=0
wl -i ${guest1_1} ap_isolate 0
nvram set ${guest1_2}_ap_isolate=0
wl -i ${guest1_2} ap_isolate 0
nvram set ${guest1_3}_ap_isolate=0
wl -i ${guest1_3} ap_isolate 0

# Guest network 2
brctl addbr br2
brctl addif br2 ${taggedPort}.${vlanId2}
brctl addif br2 ${guest2_1}
brctl addif br2 ${guest2_2}
brctl addif br2 ${guest2_3}
ip link set br2 up
nvram set lan2_ifnames="${guest2_1} ${taggedPort}.${vlanId2}"
nvram set br2_ifnames="${guest2_1} ${taggedPort}.${vlanId2}"
nvram set lan2_ifnames="${guest2_2} ${taggedPort}.${vlanId2}"
nvram set br2_ifnames="${guest2_2} ${taggedPort}.${vlanId2}"
nvram set lan2_ifnames="${guest2_3} ${taggedPort}.${vlanId2}"
nvram set br2_ifnames="${guest2_3} ${taggedPort}.${vlanId2}"
nvram set lan2_ifname="br2"
nvram set br2_ifname="br2"
nvram set ${guest2_1}_ap_isolate=0
wl -i ${guest2_1} ap_isolate 0
nvram set ${guest2_2}_ap_isolate=0
wl -i ${guest2_2} ap_isolate 0
nvram set ${guest2_3}_ap_isolate=0
wl -i ${guest2_3} ap_isolate 0
# Guest network 3
brctl addbr br3
brctl addif br3 ${taggedPort}.${vlanId3}
brctl addif br3 ${guest3_1}
brctl addif br3 ${guest3_2}
brctl addif br3 ${guest3_3}
ip link set br3 up
nvram set lan2_ifnames="${guest3_1} ${taggedPort}.${vlanId3}"
nvram set br2_ifnames="${guest3_1} ${taggedPort}.${vlanId3}"
nvram set lan2_ifnames="${guest3_2} ${taggedPort}.${vlanId3}"
nvram set br2_ifnames="${guest3_2} ${taggedPort}.${vlanId3}"
nvram set lan2_ifnames="${guest3_3} ${taggedPort}.${vlanId3}"
nvram set br2_ifnames="${guest3_3} ${taggedPort}.${vlanId3}"
nvram set lan2_ifname="br3"
nvram set br2_ifname="br3"
nvram set ${guest3_1}_ap_isolate=0
wl -i ${guest3_1} ap_isolate 0
nvram set ${guest2_2}_ap_isolate=0
wl -i ${guest2_2} ap_isolate 0
nvram set ${guest2_3}_ap_isolate=0
wl -i ${guest2_3} ap_isolate 0
# Restart eapd
killall eapd
eapd
EOF

chmod a+x "${script}"
#reboot

But so far I'm not able to reach a stable configuration. Is there anything I might be missing?

Thread starter	Title	Forum	Replies	Date
	AX88U Pro VLAN support: AP Mode?	Asuswrt-Merlin	4	Mar 16, 2024
J	VLAN support GT-AXE16000	Asuswrt-Merlin	5	Feb 29, 2024
	VLAN tab missing	Asuswrt-Merlin	10	Dec 30, 2023
I	Asus Merlin VLAN performance for TV Set-Top-Box	Asuswrt-Merlin	0	Dec 23, 2023
T	RT-AX88U Vlan bridge/port questions	Asuswrt-Merlin	25	Nov 28, 2023
F	Help with routing 2 VLAN's to the same Ethernet Port	Asuswrt-Merlin	36	Nov 1, 2023
G	RT-AC86U VLAN-like modifications to guest network	Asuswrt-Merlin	19	Sep 26, 2023
B	GT-AX 6000 - firmware 3004.388.4 -VLAN	Asuswrt-Merlin	5	Sep 20, 2023
R	mDNS repeater with guest network/vlan	Asuswrt-Merlin	3	Aug 25, 2023
	AC68 intermittently VLAN tagging	Asuswrt-Merlin	8	Aug 19, 2023

Search

Search

OPNSense VLAN tagging with Merlin routers as AiMesh APs

ToasterPC

Occasional Visitor

Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Members online