VLAN Help with Asus Merlin - pfSense & Managed Switch

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

memphis2k

Occasional Visitor
Hello,

I'm new to tagging VLAN's and need some assistance.

Hardware:
pfSense in a Hyper-V VM setup with VLAN tagging (1-100)
HP V1810 48 Port managed switch
RT-AC68U running latest Merlin

VLAN's:
VLAN 1: (default) everything otherwise specified
VLAN 11: Insecure Hardwired (Works)
VLAN 21: Guest Network on AC68U (Works)

I can get Guest VLAN Wifi to work (DHCP) on an Android phone however, when I do, the the normal 2.4/5Ghz Wifi does not work, no DHCP from pfSense once I run the below code.

I only got VLAN 21 / Guest Wifi to work when I tagged Port 1 & Port 37 on VLAN 21.

With a managed switch, the HP V1810, do i need two Cat5e's going to the AC68U, one for the normal VLAN 1 & another for VLAN21? This is where I'm lost.

HP V1810 Tag choices:
Tagged
Untagged
Exclude All

Port 1 - From pfsense LAN to HP Switch
Port 45 - Repair PC - VLAN 11
Port 37 - AC68U



1.png


11.png


21.png


Or do I need to change something below:

Code:
#!/bin/sh
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"

#logger starting guest vlan
nvram set ctf_disable_force=1
nvram set ctf_disable=1

#Model { WAN L1 L2 L3 L4 CPU }
#RTAC68U: { 0, 1, 2, 3, 4, 5 }

#Create/Remove vlan tag port 1 & CPU

robocfg vlan 21 ports "1t 5t"

vconfig add eth0 21

brctl addbr guest
brctl addif guest vlan21

brctl delif br0 wl0.1
brctl addif guest wl0.1

ifconfig vlan21 up
killall eapd

#eth1 and eth2 are 2.4 and 5ghz main wifi
nvram set lan_ifnames="vlan1 eth1"
nvram set lan_ifname="br0"

#wl0.x is 2.4ghz guests (Virtual Access Point)
#wl1.x is 5ghz guests
nvram set lan1_ifnames="vlan21 wl0.1"
nvram set lan1_ifname="guest"

ip link set guest up

eapd
 
Last edited:

grifo

Senior Member
You just need one cable from the switch to the AC68U like you have currently.

Your script has some problems, try to replace it with the one below (note it uses the WAN port on the AC68U instead of LAN1).

Code:
#!/bin/sh
robocfg vlan 21 ports "0t 5t"
vconfig add eth0 21
ifconfig vlan21 up

brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 vlan21
brctl addif br1 wl0.1
ifconfig br1 up

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan21 wl0.1"
nvram set lan1_ifname="br1"

nvram commit
killall eapd
eapd
Edit: you're running the RT-AC68U in AP mode right? If it's in router mode use LAN1 but since it's just being an AP it's best to run it in AP mode.
 
Last edited:

memphis2k

Occasional Visitor
You just need one cable from the switch to the AC68U like you have currently.

Your script has some problems, try to replace it with the one below (note it uses the WAN port on the AC68U instead of LAN1).

Code:
#!/bin/sh
robocfg vlan 21 ports "0t 5t"
vconfig add eth0 21
ifconfig vlan21 up

brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 vlan21
brctl addif br1 wl0.1
ifconfig br1 up

nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan21 wl0.1"
nvram set lan1_ifname="br1"

nvram commit
killall eapd
eapd
Edit: you're running the RT-AC68U in AP mode right? If it's in router mode use LAN1 but since it's just being an AP it's best to run it in AP mode.

Thanks for taking the time to reply. That code worked perfectly. And yes I did have my AC68U in AP Mode.
 

grifo

Senior Member
You are welcome, I'm glad it worked. Let us know if you get any problems.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top