Switch capabilities of AiMesh Nodes?

[TD99]

The managed switch is for situations where you need wired clients to be members of a VLAN and your AiMesh nodes don't support wired VLAN tagging. I don't remember off the top of my head your specific setup as it's been awhile since I've been in this thread, but an AiMesh node can't magically make an unmanaged switch start VLAN tagging traffic so the switch isn't playing a part at all in your VLAN setup.

RT-AX57 Go runs 3006 firmware with Guest Network Pro support.

I was under the impression that "Guest Network = VLAN", regardless of Ethernet vs. WiFi, because when a guest network is created, so is the VLAN. Even Asus Support stated that a managed switch is REQUIRED for Guest Network/VLAN support (but I do take what they say with a grain of salt).

 

[jksmurf]

I was under the impression that "Guest Network = VLAN", regardless of Ethernet vs. WiFi, because when a guest network is created, so is the VLAN. Even Asus Support stated that a managed switch is REQUIRED for Guest Network/VLAN support (but I do take what they say with a grain of salt).

My take on this is that yes a GN=VLAN under Asus GNP.

And that for a GN utilizing AImesh nodes:

1. GN Wi-Fi (regardless of Wi-Fi or Ethernet Backhaul) will be propagated to those nodes in the numbers of interfaces the specific nodes allow; if the nodes are on “ASUS list”, IIRC then the limit is around 5 interfaces per band, otherwise it is 1 i.e. fir the latter yes we support many rioters as AIMesh nodes but it’s limited, you want more, buy one from the list. RT-AX57 Go is on that list but gee wouldn’t it be be grea5 if it had 2.5Gbps ports.
2. GN propagation to the nodes Ethernet Ports will NOT be propagated to those nodes unless the nodes are on “ASUS list”, so (absent these models) you will not get IP addresses for a desired VLAN on the nodes Ethernet ports. You can, as @Seth Harman and @visortgw and I think @bennor have pointed out, attach a managed switch onto the nodes ports and get the switch to tag wired-attached devices.

Earlier on in this thread I also tried a managed switch between a primary device on the “list” and a node that wasn’t, using the ASUS directions for wiring it up, but that did not propagate the VLAN ID to the node, for, i believe the reasons in my earlier note (as also suggested by ASUS) that the backhaul is required for the AIMesh connection.

That’s my take, based mostly on my experiences, FWIW.

 

[Seth Harman]

I was under the impression that "Guest Network = VLAN", regardless of Ethernet vs. WiFi, because when a guest network is created, so is the VLAN. Even Asus Support stated that a managed switch is REQUIRED for Guest Network/VLAN support (but I do take what they say with a grain of salt).

If Asus support told you a managed switch is required for GNP/VLAN support whoever you were speaking with doesn't know what they're talking about in the context of GNP/VLANs. GNP is for managing *WIRELESS* VLANs and "VLAN" (which is shown in the Asus web interface as a tab inside "LAN" on supported models) is for managing *WIRED* VLANs. Although the two are interoperable one does not require the other, and as we've seen with certain hardware combinations in AiMesh sometimes only GNP works fully. For example, my main router RT-AX88U Pro, supports both GNP and wired VLANs but my AiMesh nodes (RT-BE58Us) only support GNP and cannot VLAN tag wired traffic. So, I can VLAN tag wired traffic coming across Ethernet ports in my main router but I cannot do this on my nodes. But since my nodes support GNP whatever GNP VLANs I configure on my main router get extended to my nodes.

The TP-Link managed switches that are being discussed allow you to tag wired traffic with VLAN IDs so you can, for example, configure it so all traffic passing through a specific Ethernet port on that switch gets a particular VLAN tag slapped onto it. What I'm using this for in my case is, among other wired hardware, I have a Philips Hue hub that I wanted as part of my GNP IoT VLAN (ID 53, configured using GNP on the main router) and those hubs connect via Ethernet. Since my AiMesh nodes (RT-BE58Us) don't support wired VLAN tagging what I had to do is plug the Hue hub into one of the ports on the managed switch and configure it so the traffic across that port gets assigned VLAN ID 53. The RT-BE58U is also plugged into that switch but I left that port alone and am not tagging it with anything. The Ethernet backhaul from the AiMesh node goes through the managed switch without being altered and gets passed on to the main router (note: you could also do this by plugging the switch into the AiMesh node and having the backhaul go directly from the node to the main router). A properly functioning switch (both managed and unmanaged) should not do anything to VLAN IDs of any traffic flowing through them unless, in the case of the managed switch, you configure it to alter/assign VLAN ID tags onto traffic. If you have no need to VLAN tag any wired clients you do not need a managed switch and any regular switch in the mix will do (caveat: it's been reported by a few people that certain unmanaged switches don't follow the rules and somehow drop the VLAN ID on packets coming through them so they break any VLAN traffic that flows through them). This is why the unmanaged switch in your setup is allowing your GNP to work as intended as it's not doing anything at all to any of the traffic passing through it, it's simply passing traffic from your AiMesh nodes to your main router with any VLAN IDs on the traffic unaltered/intact.

I have little faith in Asus at this point when it comes to GNP/VLANs information because they don't even appear to fully understand which models of their own hardware support it and which don't. Example: My RT-BE58Us are not on the list they gave you but they absolutely do support GNP.

 

[jksmurf]

Example: My RT-BE58Us are not on the list they gave you but they absolutely do support GNP.

Wired to node ports ie VLANs on the Ethernet ports too ??

 

[Tech9]

Even Asus Support stated that a managed switch is REQUIRED for Guest Network/VLAN support

Interesting... What managed switch is Asus recommending? The popular TP-Link, D-Link, Netgear or something else?

 

[Tech9]

@jksmurf could you please correct the threat title to AiMesh? There is no AI in this "mesh" and I'm allergic to AI. Thank you!

 

[Seth Harman]

Wired to node ports ie VLANs on the Ethernet ports too ??

The RT-BE58U in use as an AiMesh node will properly support any GNP wireless VLANs created on the main router but has no ability to VLAN tag wired clients connected directly to any of its Ethernet ports.

 

[Seth Harman]

Interesting... What managed switch is Asus recommending? The popular TP-Link, D-Link, Netgear or something else?

No idea if they recommend any specific switches but based on the information they're putting out there around GNP and VLANs I wouldn't trust anything they'd recommend anyway. Your best bet is to find posts from people who say "I own [insert brand/model here] managed switch and it works fine."

 

[jksmurf]

The RT-BE58U in use as an AiMesh node will properly support any GNP wireless VLANs created on the main router but has no ability to VLAN tag wired clients connected directly to any of its Ethernet ports.

Thanks Seth. Interesting ... so no limit on Wireless interfaces; like it's hybrid... .

 

[jksmurf]

Interesting... What managed switch is Asus recommending? The popular TP-Link, D-Link, Netgear or something else?

No idea if they recommend any specific switches but based on the information they're putting out there around GNP and VLANs I wouldn't trust anything they'd recommend anyway. Your best bet is to find posts from people who say "I own [insert brand/model here] managed switch and it works fine."

I was referritn to the link from @bennor in his post #2 in this AiMESH thread (suck it up Princess ) which refers to ASUS FAQ on setting up GNP (SDN) across AiMesh (oops, there THEY go again...) and managed switch (which does not magically get you a VLAN port at the node...).

 

[Seth Harman]

I was referritn to the link from @bennor in his post #2 in this AiMESH thread (suck it up Princess ) which refers to ASUS FAQ on setting up GNP (SDN) across AiMesh (oops, there THEY go again...) and managed switch (which does not magically get you a VLAN port at the node...).

I've seen that page before and I still can't wrap my head around what they're trying to show. If that AiMesh node doesn't support Ethernet VLAN tagging the only thing that managed switch would accomplish is allow you to use it to VLAN tag Ethernet traffic for clients directly connected to ports 1-3 on the managed switch. If you're not using that managed switch to tag Ethernet traffic it's irrelevant and you can use an unmanaged switch instead or no switch at all and just connect the node directly to the router.

 

[Seth Harman]

Thanks Seth. Interesting ... so no limit on Wireless interfaces; like it's hybrid... .

My pleasure, but once again Asus is putting out so much confusing information it's like throwing darts with a blindfold on to determine if a given router/node combination will fully support GNP/wired VLAN. I remember at the very beginning the belief was if a router ran 3006 firmware it would have full GNP support if used as a node and I think we've collectively figured out the hard way that's not necessarily the case.

 

[jksmurf]

I've seen that page before and I still can't wrap my head around what they're trying to show. If that AiMesh node doesn't support Ethernet VLAN tagging the only thing that managed switch would accomplish is allow you to use it to VLAN tag Ethernet traffic for clients directly connected to ports 1-3 on the managed switch. If you're not using that managed switch to tag Ethernet traffic it's irrelevant and you can use an unmanaged switch instead or no switch at all and just connect the node directly to the router.

100%. After pfaffing around on that page with my little managed switch and ending up with no advantages, I felt somewhat deflated (I want my money back … just enjoy the show ..).

 

[Seth Harman]

100%. After pfaffing around on that page with my little managed switch and ending up with no advantages, I felt somewhat deflated (I want my money back … just enjoy the show ..).

Managed switches are useful in conjunction with GNP if the intent is to allow wired clients into the VLANs you're creating. Another example in my case is I've got a wired security camera system that's being forced into the GNP IoT VLAN by hooking it to a managed switch and forcing that port to tag all traffic with VLAN ID 53, this allows the NVR to talk to both the wired cameras as well as the wireless cameras connecting to the GNP IoT VLAN. I have to do this because the NVR is unable to have an Ethernet cable running directly from it to the main router which does support Ethernet VLAN tagging. Another example would be where you've got a home office that's on a VLAN to isolate it, but you've got a printer with Ethernet (yet doesn't have WiFi) that you want to be able to access from both the home office and the household network. You could connect the printer to a managed switch, assign it to one of the VLANs, and then setup a firewall rule to allow one-way access from the other VLAN just to that IP for the printer.