1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

RT-AC5300: SPAN/bridge eth1 (WLAN) port

Discussion in 'Asuswrt-Merlin' started by Brit Davis, Mar 28, 2020.

  1. Brit Davis

    Brit Davis New Around Here

    Mar 27, 2020
    Wireless Router Mode
    Firmware 384.15

    Hello and thanks for allowing me to participate in SNB forums!

    I'm an IT admin with pretty good grasp of networking/linux/etc and am trying to solve an issue and could use some advice:

    I run a packet analysis platform whose capture interface does not have an IP address. This is by design and so I'm only working on Layer-2. All of my wired devices go through a switch that:
    • is uplinked (port 16) to port 1 on my Asus router (the other three are empty)
    • has ports (1-14) spanned to another port (15) on the switch that feeds my packet analyzer
    With this setup, I can see
    • all my wired LAN traffic (vLAN1)
    • traffic between wireless and wired (e.g. laptop on wLAN accessing server on wired LAN)
    • some wireless traffic: only broadcast traffic that finds its way via br0 into vLAN1
    However, I do NOT see traffic from wireless to/from the internet.

    Despite the fact that vLAN1 and wlan are bridged with br0, it appears that traffic ONLY bound to the internet goes to vLAN2 (WAN) via the eth0 vlan trunk to internal port 8.

    My initial thought is basically to bridge wlan to one of the unused switch ports.

    Based on research from DD-WRT resources, I believe one approach could be:
    • remove port 4 from vLAN1
    • create vLAN3 and add port 4 to it
    • create bridge br3 and add wl0, wl1, wl2, vLAN3 to it
    • patch port 4 into a second capture port on my packet analyzer
    I did instead consider bridging port 1 (as vLAN3) with vLAN2, but I think this would only show one global NAT address going to various internet IPs, instead of showing internal IPs with internet destination IPs.

    Other approaches could be:
    • use an existing solution (if it exists) that allowed me to SPAN ALL traffic to port4
    • use an existing solution that might achieve the same goal but done as a means to "convert" one of the switch ports to a wireless AP port.
    • Pointing something out to me that I might have missed that is a really easy way to do it.
    I am very open to suggestions and am already comfortable in ssh and nvram manipulation. And just a reminder: other solutions that leverage iptables and require IP routing are not possible with my setup. It has to stay as Layer-2 only.

    Thank you,
    Brit Davis
    Last edited: Apr 8, 2020
  2. Brit Davis

    Brit Davis New Around Here

    Mar 27, 2020
    * bump * :)
    Any comments appreciated!
  3. L&LD

    L&LD Part of the Furniture

    Dec 9, 2013
    Have you tried upgrading to 384.16_0 release final?
  4. Brit Davis

    Brit Davis New Around Here

    Mar 27, 2020
    Hello L&LD -- 11.5K messages, I'm honored and thank you for your reply!

    I am on 384.15 now, and I read through the .16 changelog and did not notice anything relevant to port mirroring or spanning.

    Have I overlooked something or are you just wanting to make sure you know what I am working with?

    Please let me know if I can provide any other info and thanks again.

    Last edited: Apr 8, 2020