What's new

Setting up VLANs on AC68P

Roy360360

Occasional Visitor
Hey all,
I use my AC68P as an AP, and I'm trying to get VLAN tagging working on it. I've had some success but I think I need some help to complete this.

I want router to have the following VLANs:
VLANPhysical PortsWireless
1 (Default)WAN, LAN1, LAN2, LAN32.4G / 5G
202.4G / 5G
30LAN42.4G
602.4G
I can collapse the number of VLANs if it's recommended.

pfsense is handling the DCHP server for all the VLANs. A Csico switch sits inbetween pfsense and the ASUS router.

Success so far:

I was able to tag port 4 to VLAN 30 and successfully got an IP from pfsense.
Code:
# Remove Port 4 from Default LAN
robocfg vlan 1 ports "0 1 2 3 5t"
# Add Port 4 to VLAN30
robocfg vlan 30 ports "0t 4 5t"

Problems:

(1) I wanted the robocfg to persist after a reboot so I created the following script:
Code:
#!/bin/sh

# multi SSID with VLAN script for AC68P
# Trunk Port : WAN
# Ports 1 - 3: LAN (Untagged)
# Ports 4    : VLAN30
# Guest WiFi:
#         wl0.1 - ASUS [Guest]    : VLAN20
#         wl0.2 - ASUS [IOT]      : VLAN30
#         wl0.3 - ASUS [Guest 2]   : VLAN60
#         wl1.1 - ASUS_5G [Guest] : VLAN20
sleep 10

robocfg vlan 1 ports "0 1 2 3 5t"
robocfg vlan 20 ports "0t 5t"
robocfg vlan 30 ports "0t 4 5t"
robocfg vlan 60 ports "0t 5t"

touch /tmp/000services-started
However the script never runs. 000services-started is never created.
I can execute the script manually with ./service-start.sh, so I don't think it's a syntax issue.
I set permissions through winscp (0755) and my router has ' Enable JFFS custom scripts and configs ' checked.


EDIT: Fixed thanks to @ColinTaylor. I didn't realize you couldn't have .sh in the script names

(2) I never managed to get Wifi working. I can setup the bridges with the code below, but not sure where to proceed from there. Only the default WiFi works.

Code:
#!/bin/sh

# multi SSID with VLAN script for AC68P
# Trunk Port : WAN
# Ports 1 - 3: LAN (Untagged)
# Ports 4    : VLAN30
# Guest WiFi:
#         wl0.1 - ASUS [Guest]    : VLAN20
#         wl0.2 - ASUS [IOT]      : VLAN30
#         wl0.3 - ASUS [Guest 2]    : VLAN60
#         wl1.1 - ASUS_5G [Guest] : VLAN20

#        eth0 - LAN
#        eth1 - 2.4G Wifi
#        eth2 - 5G Wifi

#VLAN Setup
robocfg vlan 1 ports "0 1 2 3 5t"
robocfg vlan 20 ports "0t 5t"
robocfg vlan 30 ports "0t 4 5t"
robocfg vlan 60 ports "0t 5t"

vconfig add eth0 20
vconfig add eth0 30
vconfig add eth0 60

ifconfig vlan20 up
ifconfig vlan30 up
ifconfig vlan60 up


# Remove Guest Networks from VLAN1
brctl delif br0 wl0.1
brctl delif br0 wl0.2
brctl delif br0 wl0.3
brctl delif br0 wl1.1


# Guest WiFi
brctl addbr br1
brctl addif br1 vlan20
brctl addif br1 wl0.1
brctl addif br1 wl1.1

ifconfig br1 192.168.20.3 netmask 255.255.255.0
ifconfig br1 up

# IoT WiFi
brctl addbr br2
brctl addif br2 vlan30
brctl addif br2 wl0.2

ifconfig br2 192.168.30.3 netmask 255.255.255.0
ifconfig br2 up

# Xiaomi WiFi
brctl addbr br3
brctl addif br3 vlan60
brctl addif br3 wl0.3

ifconfig br3 192.168.60.3 netmask 255.255.255.0
ifconfig br3 up


nvram set lan_ifnames="vlan1 eth1 eth2" # not sure what this line is for....

nvram set lan1_ifnames="vlan20 wl0.1 wl1.1"
nvram set lan1_ifname="br1"

nvram set lan2_ifnames="vlan30 wl0.2"
nvram set lan2_ifname="br2"

nvram set lan3_ifnames="vlan60 wl0.3"
nvram set lan3_ifname="br3"

killall eapd
eapd
Resources I used:
 
Last edited:

Roy360360

Occasional Visitor
The script should be called "services-start" not "service-start.sh".
Thanks.
I just copied the filename that was on the github link (the missing s was a typo I made in the thread). Did not realize the .sh was missing things up. The LAN tagging is working now.
 

Roy360360

Occasional Visitor
Code:
   1: vlan1: 0 1 2 3 5t
   2: vlan2: 5t
  20: vlan20: 0t 5t
  30: vlan30: 0t 4 5t
  60: vlan60: 0t 5t
1045: vlan1045: 3 7t 8t
1046: vlan1046: 0 1 5t 7t
1047: vlan1047: 0t 1 4 5t 7t 8u
1099: vlan1099: 1 2t 3 4t 8u
1100: vlan1100: 0 1 2 3 5 7
1101: vlan1101: 0 1 4 5
1102: vlan1102: 3 5 8u
1103: vlan1103: 0t 1 2 4 7

Code:
bridge name     bridge id               STP enabled     interfaces
br0             8000.382c4ae3f5f0       no              vlan1
                                                        eth1
                                                        eth2
br1             8000.382c4ae3f5f0       no              vlan20
                                                        wl0.1
                                                        wl1.1
br2             8000.382c4ae3f5f0       no              vlan30
                                                        wl0.2
br3             8000.382c4ae3f5f0       no              vlan60
                                                        wl0.3

Code:
br0       Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1631 errors:0 dropped:0 overruns:0 frame:0
          TX packets:807 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:295414 (288.4 KiB)  TX bytes:70788 (69.1 KiB)

br1       Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          inet addr:192.168.20.3  Bcast:192.168.20.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:59 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3122 (3.0 KiB)  TX bytes:1232 (1.2 KiB)

br2       Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          inet addr:192.168.30.3  Bcast:192.168.30.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:55 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2750 (2.6 KiB)  TX bytes:1232 (1.2 KiB)

br3       Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          inet addr:192.168.60.3  Bcast:192.168.60.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:55 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2750 (2.6 KiB)  TX bytes:1232 (1.2 KiB)

dpsta     Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1606 errors:0 dropped:0 overruns:0 frame:0
          TX packets:882 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:302414 (295.3 KiB)  TX bytes:86957 (84.9 KiB)
          Interrupt:179 Base address:0x4000

eth1      Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:55
          TX packets:0 errors:1 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:163

eth2      Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F4
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:61 errors:0 dropped:0 overruns:0 frame:26
          TX packets:933 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:9871 (9.6 KiB)  TX bytes:137215 (133.9 KiB)
          Interrupt:169

ifb0      Link encap:Ethernet  HWaddr EA:C6:EB:FF:78:D1
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ifb1      Link encap:Ethernet  HWaddr 0A:A4:E9:18:06:85
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:376 errors:0 dropped:0 overruns:0 frame:0
          TX packets:376 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:90456 (88.3 KiB)  TX bytes:90456 (88.3 KiB)

lo:0      Link encap:Local Loopback
          inet addr:127.0.1.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1

vlan1     Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1410 errors:0 dropped:0 overruns:0 frame:0
          TX packets:881 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:261503 (255.3 KiB)  TX bytes:86933 (84.8 KiB)

vlan2     Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vlan20    Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:62 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3348 (3.2 KiB)  TX bytes:24 (24.0 B)

vlan30    Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:63 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3404 (3.3 KiB)  TX bytes:0 (0.0 B)

vlan60    Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:62 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3348 (3.2 KiB)  TX bytes:0 (0.0 B)

wl0.1     Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F1
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:55
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wl0.2     Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F2
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:55
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wl0.3     Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F3
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:55
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wl1.1     Link encap:Ethernet  HWaddr 38:2C:4A:E3:F5:F5
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:26
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
 

Roy360360

Occasional Visitor
Looks like I had some small mistakes in my script. The following works for me. I've updated the OP.

I haven't tested whether wireless clients are isolated, but at the very least something on ASUS [Guest] can't connect to someone on VLAN1 (untagged). DCHP server is working as intended too.

Will test over the next few days to see if the router is still working.

Code:
#!/bin/sh

# multi SSID with VLAN script for AC68P
# Trunk Port : WAN
# Ports 1 - 3: LAN (Untagged)
# Ports 4    : VLAN30
# Guest WiFi:
#         wl0.1 - ASUS [Guest]    : VLAN20
#         wl0.2 - ASUS [IOT]      : VLAN30
#         wl0.3 - ASUS [Guest 2]    : VLAN60
#         wl1.1 - ASUS_5G [Guest] : VLAN20

#        eth0 - LAN
#        eth1 - 2.4G Wifi
#        eth2 - 5G Wifi

#VLAN Setup
robocfg vlan 1 ports "0 1 2 3 5t"
robocfg vlan 20 ports "0t 5t"
robocfg vlan 30 ports "0t 4 5t"
robocfg vlan 60 ports "0t 5t"

vconfig add eth0 20
vconfig add eth0 30
vconfig add eth0 60

ifconfig vlan20 up
ifconfig vlan30 up
ifconfig vlan60 up


# Remove Guest Networks from VLAN1
brctl delif br0 wl0.1
brctl delif br0 wl0.2
brctl delif br0 wl0.3
brctl delif br0 wl1.1


# Guest WiFi
brctl addbr br1
brctl addif br1 vlan20
brctl addif br1 wl0.1
brctl addif br1 wl1.1

ifconfig br1 192.168.20.3 netmask 255.255.255.0
ifconfig br1 up

# IoT WiFi
brctl addbr br2
brctl addif br2 vlan30
brctl addif br2 wl0.2

ifconfig br2 192.168.30.3 netmask 255.255.255.0
ifconfig br2 up

# Xiaomi WiFi
brctl addbr br3
brctl addif br3 vlan60
brctl addif br3 wl0.3

ifconfig br3 192.168.60.3 netmask 255.255.255.0
ifconfig br3 up


nvram set lan_ifnames="vlan1 eth1 eth2" # not sure what this line is for....

nvram set lan1_ifnames="vlan20 wl0.1 wl1.1"
nvram set lan1_ifname="br1"

nvram set lan2_ifnames="vlan30 wl0.2"
nvram set lan2_ifname="br2"

nvram set lan3_ifnames="vlan60 wl0.3"
nvram set lan3_ifname="br3"

killall eapd
eapd
Next step is to port this script to my AC66U.


Looks like it was a mistake to buy a managed switch.
Could have just these routers instead and saved myself 60$
 
Last edited:

L&LD

Part of the Furniture
No worries! Consider the small $60 the cost of this 'education'. :)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top