VLAN support GT-AXE16000

[jelmd]

Just downloaded the latest release for an GT-AXE16000-4250 and wondering, why it doesn't contain /www/Advanced_VLAN_Content.asp as well as /www/Advanced_VLAN_DHCP_Content.asp and /www/Advanced_VLAN_Group_Content.asp ? VLAN support is actually the reason, why we bought it. The Asus downloadable beta supports it (does anyone know an URL to download the opensource archive for it?), but it does strange things and there seems to be no way, to hook up its own scripts, which might clean up the mess. Therefore looking for an alternative ...

 

[ColinTaylor]

Merlin's firmware is based on a common codebase for all the models he supports (currently 3.0.0.4.388.x and 3.0.0.4.386.x). So far there is no official release of the VLAN firmware (3.0.0.6) for your router, only a beta from a year ago. Merlin has stated that he won't being looking at this new branch until all the models' GPL code is available.

 

[jelmd]

Colin, thanks a lot for your quick answer!
- My understanding is, that if Asus makes the firmware available - no matter whether they call it "beta" or "release" or whatever - they have to provide the source code. Is there any reader, which has already tried to get the beta or latest source?
- https://github.com/RMerl/asuswrt-me...ease/src/router/www/Advanced_VLAN_Content.asp - is it not GPL code? Or is it specific for some models? Actually I think, VLANs are generic, old IP stuff - I use it on desktops, servers, raspis for ~20 years now. So there I would just attach the desired vlan VNIC to one or all eth{0|1..6}, and connect the VNIC to the appropriate bridge, which in turn is connected to the related WLAN alias guest network (assuming, that each WLAN has its own bridge). So pretty simple. Do I miss something?

 

[Tech9]

I wouldn't be surprised if this specific VLAN code in Asuswrt 5.0 is closed source.

It's one of the main selling points for the new ExpertWiFi line of products with all the new Scenario, Guest Networks and AiMesh integration.

 

[ColinTaylor]

So pretty simple. Do I miss something?

Yes, it's not simple. The specifics change depending on the router model. Use the Better Search function to look for previous threads discussing this subject. Some of those threads contain user scripts for creating custom VLANs. What you won't get though is a GUI interface.

 

[jelmd]

Hmmm, ok. Can you help me to find out, what exactly the issues are?

Yes, I found at least one, but this just tags each LAN port with a different ID, which is a little bit theoretic approach - in this case one would just configure the switch port on the other side to be an access port and do not need to bother with VLANs on the AP. The more real world approach is IMHO to route all LAN related traffic over the 10GE port, but keep guest (unknown non trustable devices), family (TV, Audio, Video, PCs, Laptops, ...), management (IoT, switch consoles, surveillance, power meters, ...) WLANs alias GuestNetworks separated. And for my cases, I do not even need any WAN or DHCP functionality - each VLAN already has its own DHCP server, router (history, performance, etc.). So basically I think the normal use case would be {L|W}AN port : VLAN = 1:n, whereby each VLAN usually appears on a single {L|W}AN port, only (unless there are inactive fallback ports configured), to prevent any loops. The other threads refer to older FW and do not really discuss, what the problem actually is.

The other thing I do not understand is the 'model' thing. Per default tagging is done by the corresponding kernel module and this one should transparently call the HW related [accel] callback, if there is any. So do you mean with 'depending on the router model' that those ones use HW calls and that these calls produce buggy results? If so, shouldn't it be sufficient to replace the proprietary module with the linux vanilla module and let it tag per software? Since it is using an already reserved field, I would expect, that [un-]tagging should be really cheap, even if done in software. Still missing something?

Last but not least: CLI is fine, is actually what I prefer ;-) But trying to understand the whole thing 1st, before putting much more resources on it (e.g. still haven't found out, why always all eths and wls get bound to br0 ...).