vlans ac-68u ap mode issue

popcorn9499

New Around Here
Hi, So my issue is that I'm trying to use 2 vlans here to create 2 private networks. realistically if I got one of those two working I would be really happy. I have a pfsense box as my router and the vlans are configured on that. I have my netgear r7000 with freshtomato and vlans work perfectly on that. However my asus rt-ac68u is a different story I tried it out prior to throwing fresh tomato on it and I was getting significantly better range and speeds on the stock firmware it could easily of been a configuration issue in the wireless settings however I fussed around with settings and couldn't get it to work similarly. So I moved to asuswrt-merlin where I got vlans sort of working which is where my problem lies.
I can get intermittent/unreliable speeds using vlans when connecting to the guest networks.

I have my network connected over lan port 4 on the rt-ac68u

the /jffs/scripts/services-start script
Code:
#!/bin/sh

PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"



robocfg vlan 3 ports "4t 5t"

vconfig add eth0 3

ifconfig vlan3 up





robocfg vlan 7 ports "4t 5t"

vconfig add eth0 7

ifconfig vlan7 up



brctl addbr br1



brctl addif br1 vlan3



brctl delif br0 wl0.1

brctl addif br1 wl0.1

brctl delif br0 wl1.1

brctl addif br1 wl1.1



brctl addbr br3

brctl addif br3 vlan7

brctl delif br0 wl0.2

brctl addif br3 wl0.2

brctl delif br0 wl1.2

brctl addif br3 wl1.2



ifconfig br1 192.168.2.4 netmask 255.255.255.0

#ifconfig br1 up

ifconfig br3 up 192.168.4.4 netmask 255.255.255.0





nvram set lan_ifnames="vlan1 eth1 eth2 wl0.3 wl1.3"

nvram set lan_ifname="br0"



nvram set lan1_ifnames="vlan3 wl0.1 wl1.1"

nvram set lan1_ifname="br1"



nvram set lan2_ifnames="vlan7 wl0.2 wl1.2"

nvram set lan2_ifname="br3"



nvram commit

killall eapd

eapd

robocfg show output
Code:
Switch: enabled

Port 0:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00

Port 1:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00

Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00

Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00

Port 4: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 82:ef:6c:12:7b:6a

Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 3c:7c:3f:e9:e2:d0

Port 7:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00

Port 8:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00

VLANs: BCM5301x enabled mac_check mac_hash

   1: vlan1: 0 1 2 3 4 5t

   2: vlan2: 5t

   3: vlan3: 4t 5t

   7: vlan7: 4t 5t

  56: vlan56: 1 2 3t 4t 5t 7

  57: vlan57: 0 1 3t 8u

  58: vlan58: 0 3t 4t 8t

  59: vlan59: 3 4t 5t 8u

  60: vlan60: 0 2 7t 8t

  61: vlan61: 1 2 7

  62: vlan62: 2t 3 5t 8u

brctl show output
Code:
[email protected]:/jffs/scripts# brctl show

bridge name    bridge id        STP enabled    interfaces

br0        8000.3c7c3fe9e2d0    no        vlan1

                            eth1

                            eth2

br1        8000.3c7c3fe9e2d0    no        vlan3

                            wl0.1

                            wl1.1

br3        8000.3c7c3fe9e2d0    no        vlan7

                            wl0.2

                            wl1.2


I have tried firmware version 386.6 and downgraded to 384.19 to see if the outcome was the same and it ended up being the same.

Unsure where to go from here as I compared the output of robocfg and brctl and came up with similar outputs on my fresh tomato ap and my ac68u aside from a few extra vlans on the ac68u.

Thank you and have a great day!
 

eibgrad

Part of the Furniture
Given your only using the AC68U as an AP, which means all the additional functionality Merlin offers compared to something like FT (FreshTomato) is pretty much irrelevant, there's NO WAY I'd consider moving to Merlin to implement VLANs. That makes no sense. The firmware doesn't support user-defined VLANs, bridges, etc. So you're forced to resort to the CLI. If there's some performance issue involved, then perhaps it would make more sense to consider why that is.

And it's NOT as if I'm entirely against implementing VLANS w/ Merlin.


But even in that case, I strongly discourage its use unless you have no other option.
 

popcorn9499

New Around Here
Given your only using the AC68U as an AP, which means all the additional functionality Merlin offers compared to something like FT (FreshTomato) is pretty much irrelevant, there's NO WAY I'd consider moving to Merlin to implement VLANs. That makes no sense. The firmware doesn't support user-defined VLANs, bridges, etc. So you're forced to resort to the CLI. If there's some performance issue involved, then perhaps it would make more sense to consider why that is.

And it's NOT as if I'm entirely against implementing VLANS w/ Merlin.


But even in that case, I strongly discourage its use unless you have no other option.
I shall try using your tutorial when its safe to mess with that device again(people using it is fun) but what would you suggest to try to get fresh tomato to give better wifi speeds and range than it was?
 

eibgrad

Part of the Furniture
I have the same RT-AC68U running FT (FreshTomato) v2022.2 as my primary router, and I have no such issues. In fact, one of my "complaints" is that the 2.4GHz range is too darn good! The signal reaches down the road some 200 ft, each way. If anything, I'm looking to cut it back. I have another RT-AC68U running FT in wireless ethernet bridge mode over 5GHz to the primary router, and it works fine in terms of range and speed (@ about 40 ft., it maxes out around 230Mbps).

That's the problem w/ wireless in general. Everyone's experience can be totally different, and that's usually do to a difference in environmental factors. The same exact make and model of router, even the same physical router, will show differences when moved from location to location.

One thing to pay special attention is to stay OFF the DFS channels in most cases. The router is designed (by law) to drop any connection on a DFS channel if it detects intereference by other authorities (weather radar station, airport, etc.) and move to another channel. This process can severely impact the reliability of your connection and performance. And you could easily NOT realize it's happening.
 

popcorn9499

New Around Here
I have the same RT-AC68U running FT (FreshTomato) v2022.2 as my primary router, and I have no such issues. In fact, one of my "complaints" is that the 2.4GHz range is too darn good! The signal reaches down the road some 200 ft, each way. If anything, I'm looking to cut it back. I have another RT-AC68U running FT in wireless ethernet bridge mode over 5GHz to the primary router, and it works fine in terms of range and speed (@ about 40 ft., it maxes out around 230Mbps).

That's the problem w/ wireless in general. Everyone's experience can be totally different, and that's usually do to a difference in environmental factors. The same exact make and model of router, even the same physical router, will show differences when moved from location to location.

One thing to pay special attention is to stay OFF the DFS channels in most cases. The router is designed (by law) to drop any connection on a DFS channel if it detects intereference by other authorities (weather radar station, airport, etc.) and move to another channel. This process can severely impact the reliability of your connection and performance. And you could easily NOT realize it's happening.
ya I cannot say I've experienced that kind of range however the walls in my house are stupid thick. (long story in itself. however I can mount a full 55in tv on the wall without being in a stud and its been sitting on the wall for years this is just the inside walls)
I did end up trying multiple channels when I did differing channel widths and stuff like that to no avail.
I might end up trying dd-wrt however im not sure if that would be much better.

I am a little puzzled why the vlan that i have setup on t hat asus rt-ac68u somewhat works. its just odd. I get assigned the correct ip for that vlan and i can ping that ap and sometimes i can make it to the internet which means it sometimes is following my vlan and routing rules however sometimes its following the lan routing rules not the vlan routing rules which seems odd to me
 

popcorn9499

New Around Here
@eibgrad ended up giving your script a solid try and I had no change.

I only tried to have port 4 be the trunk port for vlan id 3 and wl0.1 and wl1.1 on vlan id 3 and i can get assigned an ip but I get no network over wireless that is reliable just like before. ill ping and sometimes wont get any response othertimes I get a response.
Code:
# ------------------------------ BEGIN OPTIONS ------------------------------- #



DEBUG= # uncomment/comment to enable/disable debug mode



# VLANS_PORTS='[<vlan-id>[/<port>...] ...]'

#VLANS_PORTS='1/1/2/3 3/4'          # vlan1 ports 1 2 3, vlan3 port 4

#VLANS_PORTS='1/1/2 3/3/4'          # vlan1 ports 1 2, vlan3 ports 3 4

#VLANS_PORTS='1 10/1/2/3/4'         # vlan1 no ports, vlan10 ports 1 2 3 4

#VLANS_PORTS='1/1 10/2 11/3 12/4'   # vlan1/vlan10/vlan11/vlan12, one port each

VLANS_PORTS='1/1/2/4 3/3/4t'      # vlan1/vlan3 port 4 trunk

# only bridged configurations have port 0 availble for assignment

#VLAN_PORTS='1/0/1/2/3 3/4'         # vlan1 ports 0 1 2 3, vlan3 port 4



# VLANS_WL='[<vlan-id>[/<wireless-if>...] ...]'

#VLANS_WL=''                        # no wireless changes required

#VLANS_WL='3/eth1'                  # bridge vlan3 w/ 2.4ghz

#VLANS_WL='3/eth2'                  # bridge vlan3 w/ 5ghz

VLANS_WL='3/wl0.1/wl1.1'           # bridge vlan3 w/ guest 1 (2.4+5ghz)

#VLANS_WL='3/wl0.1 4/wl1.1'         # bridge vlan3/vlan4 w/ guest 1 (2.4/5ghz)

#VLANS_WL='10/wl0.1/wl1.1'          # bridge vlan10 w/ guest 1 (2.4+5ghz)

#VLANS_WL='11/wl0.2/wl1.2'          # bridge vlan11 w/ guest 2 (2.4+5ghz)

#VLANS_WL='12/wl0.3/wl1.3'          # bridge vlan12 w/ guest 3 (2.4+5ghz)

# bridge vlans 10/11/12 /w guests 1/2/3 respectively

#VLANS_WL='10/wl0.1/wl1.1 11/wl0.2/wl1.2 12/wl0.3/wl1.3'



#VLANS_PORTS=''; VLANS_WL=''        # for cleanup purposes only



# ip network prefix (default is based on private network (e.g., 192.168.))

#IPNET_PFX='10.99.' # first two dotted octets only



# uncomment/comment to include/exclude pre-defined dnsmasq directives

INCLUDE_DNSMASQ=



# uncomment/comment to use specified/default dns server(s)

DNS_SERVERS='8.8.8.8,8.8.4.4' # comma-separated



# uncomment/comment to include/exclude pre-defined firewall rules

INCLUDE_FIREWALL=



# uncomment/comment to allow/deny access from private network to new networks

#ALLOW_PRIVATE_TO_ANY=



# uncomment/comment to allow/deny access to/from openvpn clients/servers

#ALLOW_OVPN_ACCESS=

to clearify im only pinging 8.8.8.8 and 192.168.2.2 which is my pfsense box ip and neither of those end up working.

However all of this got me thinking why not try eliminating wireless all together and just trying to see if port say for example connecting on port 3 made stuff work smoother and indeed it does which tells me the ac68u is connecting over vlans and working without adding the complications of wireless.

the thing i dont get is why my wireless device isnt showing up under the right interface on my pfsense box but it is getting the correct ip address and initially connecting on that correct vlan just when it attempts to make any sort of connection it falls to the lan interface.

this just sort of confuses me with it not working consistently

Edit:

Thinking further I am starting to wonder if maybe the other bridge network being created isnt functioning correctly

Edit edit:

Is it possible cut through forwarding is enabled still causing these sorts of problems?
 
Last edited:

popcorn9499

New Around Here
For anyone who has issues with vlans on asus wrtmerlin maybe try disabling ctf(cut through forwarding). I couldnt find a spot in the ui for the current asus wrt merlin firmware so here is the commandline for it
Code:
nvram set ctf_disable=1
nvram set ctf_disable_force=1
nvram commit

Sorry for the problems and thanks for the help! Please have a great day!!!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top