This topic has been discussed several times before in these forums. One solution is to set up the RPI with the Ethernet connected to the LAN and the WIFI connected to the guest WIFI. This procedure will let you connect the RPI to the LAN Ethernet with a single cable and have IP addresses on the LAN and guest network (VLAN). It is also possible to have multiple VLANS.
While this is written from the features of the Asus Pro (Merlin 3006.102.x and Asus 3.0.0.6.102.x) firmwares it is possible to use on the older firmwares that have Guest networks that assign VLANs. I have also run the Pi-Holes with VLAN on Asus firmware 3.0.0.6.102_34349.
This is not written to be a comprehensive step by step procedure but a guide for those familiar with the Pi OS, Pi-Hole and Asus routers.
I have set up my RPI with the current Raspberry Pi OS Lite (64-bit). I did not enable the WIFI. Log in and update the OS.
To add VLAN to the OS run:
Set a static IP address on the Ethernet Wired connection using the Network Management Tool nmtui. If you need instructions search for "use nmtui to set static ip."
To add a VLAN, go back to Edit a connection then select Add then scroll down to add VLAN
Go back to Edit and select VLAN to edit the settings
These are my settings for the IoT guest network which uses VLAN #52. Note that the MAC address is not needed but is recommended if you want to have an IP address that you can manually reserve in an Asus router. In this case I used the MAC address of the RPI Ethernet port but changed the last character to be different from the Ethernet port.
Save the settings and activate the VLAN
Now you can set up the Pi-Hole. You can use a default installation or one of these:
DNS over HTTPS (DoH)
DNS over TLS (DoT)
DNS with Unbound
I am running a Pi3 and a Pi4 with DoH (Cloudflared) to Cloudflare Security.
Make sure you edit the Pi-Hole DNS Settings to Permit all origins
Newer Asus and Merlin firmwares have the ability to manually reserve IP addresses in the Guest Networks. While I feel that this is not necessary because the DHCP assigned addresses seldom change it is a good idea to give DNS resolvers static or manually assigned addresses if possible.
In the guest network go to the Advanced settings/Manually Assigned IP around the DHCP list, open the editor and reserve the addresses.
In the Advanced Settings/DNS Server you can assign the IP address of the Pi-Hole.
While this is written from the features of the Asus Pro (Merlin 3006.102.x and Asus 3.0.0.6.102.x) firmwares it is possible to use on the older firmwares that have Guest networks that assign VLANs. I have also run the Pi-Holes with VLAN on Asus firmware 3.0.0.6.102_34349.
This is not written to be a comprehensive step by step procedure but a guide for those familiar with the Pi OS, Pi-Hole and Asus routers.
I have set up my RPI with the current Raspberry Pi OS Lite (64-bit). I did not enable the WIFI. Log in and update the OS.
To add VLAN to the OS run:
Code:
modprobe --first-time 8021qSet a static IP address on the Ethernet Wired connection using the Network Management Tool nmtui. If you need instructions search for "use nmtui to set static ip."
To add a VLAN, go back to Edit a connection then select Add then scroll down to add VLAN
Go back to Edit and select VLAN to edit the settings
These are my settings for the IoT guest network which uses VLAN #52. Note that the MAC address is not needed but is recommended if you want to have an IP address that you can manually reserve in an Asus router. In this case I used the MAC address of the RPI Ethernet port but changed the last character to be different from the Ethernet port.
Save the settings and activate the VLAN
Now you can set up the Pi-Hole. You can use a default installation or one of these:
DNS over HTTPS (DoH)
DNS over TLS (DoT)
DNS with Unbound
I am running a Pi3 and a Pi4 with DoH (Cloudflared) to Cloudflare Security.
Make sure you edit the Pi-Hole DNS Settings to Permit all origins
Newer Asus and Merlin firmwares have the ability to manually reserve IP addresses in the Guest Networks. While I feel that this is not necessary because the DHCP assigned addresses seldom change it is a good idea to give DNS resolvers static or manually assigned addresses if possible.
In the guest network go to the Advanced settings/Manually Assigned IP around the DHCP list, open the editor and reserve the addresses.
In the Advanced Settings/DNS Server you can assign the IP address of the Pi-Hole.
