Using Asus routers as VLAN-capable APs

[cptnoblivious]

In some ways, the CGU is somewhat boring; just set things to auto and leave it.

... and then things just work and don't break all the time

 

[Tech9]

CGU is somewhat boring

The frequent need of reboot and reset killed my interest in testing Asuswrt. This thing often remains in somewhat broken state after playing with settings and needs a reset for fresh start. At some point I realized the time wasted in reboots and resets exceeds the time needed for actual testing. When the reset itself doesn't work as expected and it happens - priceless. I found Asus routers behave better when a mallet or a hammer is placed right next to them. Some weird glitches miraculously disappear.

 

[agbommarito]

The frequent need of reboot and reset killed my interest in testing Asuswrt. This thing often remains in somewhat broken state after playing with settings and needs a reset for fresh start. At some point I realized the time wasted in reboots and resets exceeds the time needed for actual testing. When the reset itself doesn't work as expected and it happens - priceless. I found Asus routers behave better when a mallet or a hammer is placed right next to them. Some weird glitches miraculously disappear.

Notwithstanding what you said, I still think that Asus routers are the best consumer devices available. The long-term support is unmatched by any other vendor I know of; the RT-N66U just got an update. That was the first Asus device I purchased, which was over 10 years ago. I still have it, and it still works whenever I get it out of storage to try something.

 

[Tech9]

They do release firmware updates more frequently and for longer period of time, but based on my own experience the quality control is surprisingly low and some widely advertised as advantage features remain broken for years. Very often the users can experience cycles of fixed/broken the same feature in consecutive firmware releases. Some releases with broken GUI pages (like AiMesh page recently) make you wonder if someone at Asus actually fired up this thing even once. The reality - if there was no Asuswrt-Merlin option for popular Asus models many folks around would be using something else.

 

[cptnoblivious]

Yup. If I hadn't gotten a CGU I'd be running a Flint-2 now.

 

[bits]

Yup. If I hadn't gotten a CGU I'd be running a Flint-2 now.

Gl-inet is not a great example of quality control of software.
There is currently endless reports of bricking devices with a still recommended uboot upgrade. The uboot upgrade is to fix a problem with bricking devices due to incorrect settings used in the original uboot for years.

The flint2 currently has 2 streams of official firmware. One based on openwrt 21 and one based on openwrt 24. Gl-inet have flip flopped on which branch is the default offer because of bugs in both.
In just the last few days 4.7.5-op24 was pulled and re-released to fix some of the bigger crippling brand new bugs. Such as forgetting to include their default/core software package astrowarp.

 

[Deep865]

Thanks again. It's working

Now I just have to figure out how to turn off the 'hotspot check' on the CGU so clients can connect without going through the portal first
Edit: In typical Ubiquiti fashion, a bit hidden, but easy enough to turn off on the CGU!

Do you mind sharing your script? I also have an AX68U. The script executes, but I can't ever connect anything to the guest network.

 

[cptnoblivious]

Do you mind sharing your script? I also have an AX68U. The script executes, but I can't ever connect anything to the guest network.

I'm using the script in this post: https://www.snbforums.com/threads/using-asus-routers-as-vlan-capable-aps.93795/post-945308

And changed the following as the auto-detection didn't work on my AX68:

the four possible guest networks (guest network #1 2.4G and 5G, guest network #2 2.4G and 5G)
#
# default value of 1 means setup a VLAN for this network if it is configured in Asus GUI
#
# change value to 0 to never setup a VLAN for this guest network
#
G1_24_enabled=1         # guest network #1 2.4G
G1_5_enabled=0          # guest network #1 5G
G2_24_enabled=1         # guest network #2 2.4G
G2_5_enabled=1          # guest network #2 5G

# port interface configuration
#
# the default values of "eth?" direct the script to try to auto-determine the correct
# interfaces from the Asus router NVRAM values
#
# replace the "eth?" will a real interface number to override the auto-determination
#
WANport="eth0"          # WAN interface port
radio24="eth5"          # 2.4G radio interface port
radio5="eth6"           # 5G radio interface port

Edit to add: I am still having issues getting it to work on my AX58. I had to do another hard factory reset as some previous setting were still there. And now everything installs but I'm unable to connect to the guest networks. I didn't feel like troubleshooting more last night, so sometime this week I may try to see if I can figure it out.

 

[Deep865]

I'm using the script in this post: https://www.snbforums.com/threads/using-asus-routers-as-vlan-capable-aps.93795/post-945308

And changed the following as the auto-detection didn't work on my AX68:

the four possible guest networks (guest network #1 2.4G and 5G, guest network #2 2.4G and 5G)
#
# default value of 1 means setup a VLAN for this network if it is configured in Asus GUI
#
# change value to 0 to never setup a VLAN for this guest network
#
G1_24_enabled=1         # guest network #1 2.4G
G1_5_enabled=0          # guest network #1 5G
G2_24_enabled=1         # guest network #2 2.4G
G2_5_enabled=1          # guest network #2 5G

# port interface configuration
#
# the default values of "eth?" direct the script to try to auto-determine the correct
# interfaces from the Asus router NVRAM values
#
# replace the "eth?" will a real interface number to override the auto-determination
#
WANport="eth0"          # WAN interface port
radio24="eth5"          # 2.4G radio interface port
radio5="eth6"           # 5G radio interface port

Edit to add: I am still having issues getting it to work on my AX58. I had to do another hard factory reset as some previous setting were still there. And now everything installs but I'm unable to connect to the guest networks. I didn't feel like troubleshooting more last night, so sometime this week I may try to see if I can figure it out.

Dang thats pretty much what I have, so I'm pretty confused as to why it's not working for me, I'll try factory resetting it and see if that helps at all. Thanks!

Edit: Shoot the problem the entire time was just my vlan on opnsense haha. Its working now!

 

[jata]

Hey guys. I thought I would try to help if I can. I have both a RT-AX86S and a RT-AX58U both set as APs using latest merlin FW (3004.388.9).

I setup GN1 and GN2 as VLANs using this script a few months ago while on 3004.388.8. VLANs working correctly as is autodetection for both routers. My VLANs are still working fine after upgrading (dirty) to 3004.388.9.

I would start by reviewing the logs and post the output (or some of it). There is quite a few messages sent to the log during the VLAN setup process. Happy to compare with my logs to see if we can work out where it is not working.

I'd start by disabling vlan config during startup and running the script manually so you can more clearly see what is happening.

 

[agbommarito]

I recently upgraded to 3004.388.9_2 and my script quit working. I found that the WAN detection code was being fooled by a "wl0.4" interface. I have no idea where it's coming from, since an AX86U only supports 3 guest networks (wlx.1, wlx.2 and wlx.3). I've updated the script to handle this case.

Attached is the updated original script which adds VLANs to guest networks #1 and/or #2.

I've also included another script which adds an IOT VLAN to the 2.4G and/or 5G base radios. I've started using this second script in lieu of the first for my case. I have one 2.4G client located about 100 feet away from my house. I had marginal connections to it with the Unifi access points. I found that the Asus radio had a stronger connection, by about 10 dBm which is significant. This is probably a combination of a little stronger signal from the Asus RF amp and a better antenna. With the original script (VLAN-GuestNetwork-AP.sh) the Asus router had to broadcast BSSIDs for both the base radio and the guest networks. The new script (VLAN-IOT_Network-AP.sh) allows you to use only the base radios.

Both scripts now output more information to the log about WAN detection, which seemed to be the main reported issue. I'd appreciate it if any users of these scripts reported success or failure with their particular Asus router. And in the case of failure, include an excerpt from the system log showing the WAN detection.

The attached files have a ".txt" extension which should be changed to ".sh" after download. The forum won't allow a ".sh" extension for attached files.

 

[cptnoblivious]

Thanks @agbommarito ! I've not yet moved to 388.9_2 but will over the next couple of days. Really appreciated the updated script!

Edit: Two updates
1. Just upgraded one of my routers (AX58) to 388.9_2 and updated the script and all good, VLANs work as intended
2. While there for anyone who's got an AX58, note that my WAN port is actually eth4, not eth0

 

[jata]

Thanks @agbommarito - hope all is well and thanks for updating these scripts for the community.

I have updated to the latest script (guest network version) then updated my 2 APs (RT-AX86S and RT-AX58U) from 3004.388.9 to 3004.388.9_2 and all is working fine.

So thanks again and much appreciated.

 

[Tech9]

Why the AP has to have latest firmware? As far as I remember RT-AX86U/S had the best Wi-Fi somewhere around last 386 firmware versions. What is a new firmware improving so much on a wired-to-wireless bridge with no WAN interface and no routing?

 

[agbommarito]

Why the AP has to have latest firmware? As far as I remember RT-AX86U/S had the best Wi-Fi somewhere around last 386 firmware versions. What is a new firmware improving so much on a wired-to-wireless bridge with no WAN interface and no routing?

No particularly good reason. I assumed that some would update anyway and wanted to make sure everything would still work.

 

[jata]

and you get a flashing light in the gui when there is an update and I can't help myself

 

[jata]

Having said that 388.9 changes behaviour of aimesh connected device list and it now has all devices across all my APs.

Not happy about that as it is screwing up how I have home assistant configured to tell me what devices are connected and where - but that's another issue

 

[Tech9]

and you get a flashing light

This notification thing can be fixed. Block the update server and it won't bother you.