RT-AC5300: SPAN/bridge eth1 (WLAN) port

[Brit Davis]

Wireless Router Mode
Firmware 384.15

Hello and thanks for allowing me to participate in SNB forums!

I'm an IT admin with pretty good grasp of networking/linux/etc and am trying to solve an issue and could use some advice:

I run a packet analysis platform whose capture interface does not have an IP address. This is by design and so I'm only working on Layer-2. All of my wired devices go through a switch that:

• is uplinked (port 16) to port 1 on my Asus router (the other three are empty)
• has ports (1-14) spanned to another port (15) on the switch that feeds my packet analyzer

With this setup, I can see

• all my wired LAN traffic (vLAN1)
• traffic between wireless and wired (e.g. laptop on wLAN accessing server on wired LAN)
• some wireless traffic: only broadcast traffic that finds its way via br0 into vLAN1

However, I do NOT see traffic from wireless to/from the internet.

Despite the fact that vLAN1 and wlan are bridged with br0, it appears that traffic ONLY bound to the internet goes to vLAN2 (WAN) via the eth0 vlan trunk to internal port 8.

My initial thought is basically to bridge wlan to one of the unused switch ports.

Based on research from DD-WRT resources, I believe one approach could be:

• remove port 4 from vLAN1
• create vLAN3 and add port 4 to it
• create bridge br3 and add wl0, wl1, wl2, vLAN3 to it
• patch port 4 into a second capture port on my packet analyzer

I did instead consider bridging port 1 (as vLAN3) with vLAN2, but I think this would only show one global NAT address going to various internet IPs, instead of showing internal IPs with internet destination IPs.

Other approaches could be:

• use an existing solution (if it exists) that allowed me to SPAN ALL traffic to port4
• use an existing solution that might achieve the same goal but done as a means to "convert" one of the switch ports to a wireless AP port.
• Pointing something out to me that I might have missed that is a really easy way to do it.

I am very open to suggestions and am already comfortable in ssh and nvram manipulation. And just a reminder: other solutions that leverage iptables and require IP routing are not possible with my setup. It has to stay as Layer-2 only.

Thank you,
Brit Davis

 

[Brit Davis]

* bump *
Any comments appreciated!

 

[L&LD]

Have you tried upgrading to 384.16_0 release final?

 

[Brit Davis]

Hello L&LD -- 11.5K messages, I'm honored and thank you for your reply!

I am on 384.15 now, and I read through the .16 changelog and did not notice anything relevant to port mirroring or spanning.

Have I overlooked something or are you just wanting to make sure you know what I am working with?

Please let me know if I can provide any other info and thanks again.

Brit