Switch capabilities of AIMesh Nodes?

[jksmurf]

A managed switch configured to VLAN tag by port can only add a single ID onto all traffic coming into a given Ethernet port.

Thank you Seth, you provided a really good explanation of multiple vs single IDs with a managed switch, very much appreciated.

I was trying to use the node as a normal AIMesh Node for Wi-Fi Clients (multiple VLANs) plus I thought I could somehow get the managed switch to assign multiple (Trunk?) IDs like GNP does when a VLAN capable node is attached to it (i.e. between Primary and Node). No such luck.

Your clarification that only a single ID is possible “wired or wireless” makes it a show stopper for me. I need Guest and IoT (VLANs 52 and 53) on the Nodes Ethernet Ports.

Guest and IoT (VLANs 52 and 53) Wi-Fi connectivity is fine on the nodes however, that works (albeit with interfaces limited by ASUS, refer yellow wording in AIMesh section of the GNP setup when you try and add too many channels per interface per node).

 

[Seth Harman]

Thank you Seth, you provided a really good explanation of multiple vs single IDs with a managed switch, very much appreciated.

Your clarification that only a single ID is possible “wired or wireless” makes it a show stopper for me. I need Guest and IoT (VLANs 52 and 53) on the Nodes.

My pleasure. Unfortunately, I don't believe anything is going to be able to cleanly solve the problem you and the OP are having without upgrading your nodes to ones that support 3006.

 

[jksmurf]

My pleasure. Unfortunately, I don't believe anything is going to be able to solve the problem you and the OP are having without upgrading your nodes to ones that support 3006.

In my case it’s not just 3006; it’s 3006 VLAN capable.

 

[Seth Harman]

In my case it’s not just 3006; it’s 3006 VLAN capable.

Sure, but luckily the VLAN part (in regards to wired clients) is easily solvable with a managed switch if necessary. The selection of models from ASUS that support node LAN port VLAN tagging is pretty lean at the moment.

 

[visortgw]

Thank you Seth, you provided a really good explanation of multiple vs single IDs with a managed switch, very much appreciated.

I was trying to use the node as a normal AIMesh Node for Wi-Fi Clients (multiple VLANs) plus I thought I could somehow get the managed switch to assign multiple (Trunk?) IDs like GNP does when a VLAN capable node is attached. No such luck.

Your clarification that only a single ID is possible “wired or wireless” makes it a show stopper for me. I need Guest and IoT (VLANs 52 and 53) on the Nodes.

VLAN tagging for AiMesh wireless devices works for either 3004 OR 3006 firmware AiMesh nodes when connected to a 3006 primary router with Guest Network Pro (GNP) configured. The primary router takes care of the VLAN configuration for the AiMesh nodes — this has been the case for 3004 firmware as well for guest network 1 as well (if you disable intranet access for guest network 1 created VLANs 102 and 103, but they were not configurable).

What you are tryiing to do with the managed switch does in fact work IF you:

1. Connect the switch to one of the downstraem LAN ports of the AiMesh node (i.e., output from the AiMesh Node).
2. You properly configure the switch as described in the TP-Link community forum: Setting up VLAN tagging on ports.

This is how my TL-SG108E is configured to connect multiple VLAN 52 IoT devices. I added the switch as a proof of concept — I have successfully moved all of my IoT wired devices to the same IoT VLAN used by IoT guest network. Yes, I could have used an unmanaged switch by configuring one of the VLAN ports, but I needed to buy an extra switch anyway:

NOTE: I left port 1 configured as tagged for VLAN 1 as described at the bottom of the community forum post in order to maintain easy configuration access from the primary network.

 

[Seth Harman]

VLAN tagging for AiMesh wireless devices works for either 3004 OR 3006 firmware AiMesh nodes when connected to a 3006 primary router with Guest Network Pro (GNP) configured. The primary router takes care of the VLAN configuration for the AiMesh nodes — this has been the case for 3004 firmware as well for guest network 1 as well (if you disable intranet access for guest network 1 created VLANs 102 and 103, but they were not configurable).

As we just saw earlier up in this thread at least some AiMesh nodes running 3004 aren't properly tagging wireless clients with GNP VLAN IDs so when wireless clients are connecting to a 3004 node they're getting tagged with VLAN ID 1 (or no tag at all) even when GNP is operating correctly on the main router:

I finally upgraded my RT-AX86U Pro (running in AP Mode) from 3.0.0.4_388_24199 to 3.0.0.6.102_34349. Of course doing that changed the way Guest Networks work -- now with VLAN functionality.

• I have two AiMesh nodes: RT-AC86U on 3.0.0.4.386_51967 (latest) and RT-AC68U on 3.0.0.4.386_51733 (latest)..
• All 3 were connected (Ethernet backhaul) via a Netgear unmanaged switch. So I just replaced it yesterday with a TP-Link TL-SG108E to get VLAN support.
• My main WiFi network IP range is 192.168.2.X and my Guest Network (VLAN 52) is 192.168.52.X. All DHCP is handled by my pfSense firewall.

I've tried configuring the TP-Link switch many different ways based on this Asus FAQ and this one too. No luck.

Whenever a wireless IoT device (Amazon Echo, EZVIZ Camera, Kasa Smart Switch, etc.) connects to one of the Asus AiMesh nodes, it gets a 192.168.2.X IP address instead of a 192.168.52.X address. The only way I can force the devices to get the correct IP is to simply cut power to both my Asus nodes so everything connects to the main RT-AX86U router.

The managed switch can VLAN tag wired clients regardless of what firmware an AiMesh node is running, it's the wireless clients that are an issue.

 

[visortgw]

As we just saw earlier up in this thread at least some AiMesh nodes running 3004 aren't properly tagging wireless clients with GNP VLAN IDs so when wireless clients are connecting to a 3004 node they're getting tagged with VLAN ID 1 (or no tag at all) even when GNP is operating correctly on the main router:

• I have two AiMesh nodes: RT-AC86U on 3.0.0.4.386_51967 (latest) and RT-AC68U on 3.0.0.4.386_51733 (latest)..
• All 3 were connected (Ethernet backhaul) via a Netgear unmanaged switch. So I just replaced it yesterday with a TP-Link TL-SG108E to get VLAN support.
• My main WiFi network IP range is 192.168.2.X and my Guest Network (VLAN 52) is 192.168.52.X. All DHCP is handled by my pfSense firewall.

I've tried configuring the TP-Link switch many different ways based on this Asus FAQ and this one too. No luck.

Whenever a wireless IoT device (Amazon Echo, EZVIZ Camera, Kasa Smart Switch, etc.) connects to one of the Asus AiMesh nodes, it gets a 192.168.2.X IP address instead of a 192.168.52.X address. The only way I can force the devices to get the correct IP is to simply cut power to both my Asus nodes so everything connects to the main RT-AX86U router.

The managed switch can VLAN tag wired clients regardless of what firmware an AiMesh node is running, it's the wireless clients that are an issue.

Using a managed switch may have caused the issue -- direct connection to router or an unmanaged switch that properly passes VLAN tags (TP-Link or QNAP good, TRENDnet bad, others ???) will work.

 

[Seth Harman]

Using a managed switch may have caused the issue -- direct connection to router or an unmanaged switch that properly passes VLAN tags (TP-Link or QNAP good, TRENDnet bad, others ???) will work.

That's really the question: if he has not setup VLAN port tagging on his TL-SG108E it should be passing whatever tags are present in the traffic coming from the nodes without altering anything so I'd like to know what happens if that managed switch is used with no VLAN setup whatsoever (i.e. used as a normal switch). But can you confirm you've got/had nodes running 3004-firmware, a main router with 3006 running GNP, and the wireless clients connecting to the nodes can properly get tagged with a GNP VLAN ID other than 1?

 

[Tech9]

This node on 3004 firmware situation has variables as well. The older now EoL devices running 3004.386 branch behave differently than the newer updated devices running 3004.388 branch. As everything mixed AiMesh - YMMV.

 

[Seth Harman]

This node on 3004 firmware situation has variables as well. The older now EoL devices running 3004.386 branch behave differently than the newer updated devices running 3004.388 branch. As everything mixed AiMesh - YMMV.

Why am I not surprised. This kind of thing right here is why everything involving GNP/AiMesh is a hot mess.

 

[bennor]

This kind of thing right here is why everything involving GNP/AiMesh is a hot mess.

Yes it's a hot mess, something that has been repeatedly pointed out in these subforums since people first started experimenting with Guest Network Pro and AiMesh. Asus has not been forthcoming on details so its left to the users, as evidenced in a number of discussions now, to find the boundaries when combining those two features.

 

[Tech9]

Why am I not surprised.

Replace consumer routers with VLAN capable SMB APs and the moment of surprise will disappear. Some AX1800-class devices start under $100.

 

[Seth Harman]

Maybe it's time we start a running list of what works and what doesn't?

Here's my contribution:

RT-AX88U Pro, Merlin firmware 3006.102.4, running as Main Router: Guest Network Pro works, VLAN tagging of local Ethernet ports works
2xRT-BE58U, Asus Firmware 3.0.0.6.102_37073-g3124d2d_968-gc6148_BB0B, running as AiMesh nodes: Guest Network Pro works, VLAN tagging local Ethernet ports does NOT work, instead I am using a TP-Link TL-SG108E Managed Switch plugged into the RT-BE58U to provide VLAN ID tagging for wired clients

If someone thinks it's better to start an entirely new thread so it's easier to follow I can delete this post and move it.

 

[visortgw]

That's really the question: if he has not setup VLAN port tagging on his TL-SG108E it should be passing whatever tags are present in the traffic coming from the nodes without altering anything so I'd like to know what happens if that managed switch is used with no VLAN setup whatsoever (i.e. used as a normal switch). But can you confirm you've got/had nodes running 3004-firmware, a main router with 3006 running GNP, and the wireless clients connecting to the nodes can properly get tagged with a GNP VLAN ID other than 1?

My router and nodes are NOW all running 3006.102 firmware. I have in the past had GT-AX6000 and RT-AX86U nodes with 3004.388 firmware supporting segregated WiFi IoT devices on the nodes (segregated meaning their own VLAN with no access to intranets) — now that I have all 3006 nodes (including the same GT-AX6000 devices with updated firmware), I am finally able to support segregated wired IoT devices on the same segregated IoT VLAN.

 

[Seth Harman]

My router and nodes are NOW all running 3006.102 firmware. I have in the past had GT-AX6000 and RT-AX86U nodes with 3004.388 firmware supporting segregated WiFi IoT devices on the nodes (segregated meaning their own VLAN with no access to intranets) — now that I have all 3006 nodes (including the same GT-AX6000 devices with updated firmware), I am finally able to support segregated wired IoT devices on the same segregated IoT VLAN.

Are your nodes running Asus firmware or Merlin? What I'm considering testing is what happens in regards to local LAN port VLAN ID tagging on the nodes if I swap them to Merlin, because with current Asus firmware I cannot enable VLAN ID tagging at the nodes for wired clients.

Edit: I just realized I can't test that, Merlin doesn't work on RT-BE58U at this time.

 

[Tech9]

RT-BE58U

This model runs 3006 firmware, but doesn’t have user configurable VLAN support. Another variable in the equation. Entry level BE-class devices support something Asus marketing calls Smart Home, closer to what GNP is/was.

 

[Seth Harman]

This model runs 3006 firmware, but doesn’t have user configurable VLAN support. Another variable in the equation. Entry level BE-class devices support something Asus marketing calls Smart Home, closer to what GNP is/was.

Let's be careful how we're wording this in case anyone comes across this thread later: I'm assuming what you meant is the RT-BE58U has no user configurable VLAN support specifically in regards to wired clients plugged into it because it certainly supports wireless VLAN clients; if the main router is running GNP and the RT-BE58U is being used as an AiMesh node wireless clients connecting to it get assigned to the correct VLAN as configured on the main router.

Also, I haven't used either of the RT-BE58Us as main routers and I know they have "Network" instead of GNP but I'm not familiar with whether, for example, the IoT network you can turn on under "Network" is an actual VLAN.

 

[Tech9]

Okay, this means your main router won’t offer you LAN ports node configuration in AiMesh because your nodes don’t support it.

 

[Seth Harman]

Okay, this means your main router won’t offer you LAN ports node configuration in AiMesh because your nodes don’t support it.

Exactly, which is why I ended up buying the managed switches to get around that limitation.

 

[Tech9]

If you have managed switches as workaround this means you also have Ethernet to nodes available. Not sure why you decided to pair your pfSense gateway with consumer AiMesh as AP and fix deficiencies with extra hardware. Sounds like self-inflicted complication to me. What was the idea behind this setup?