Want to set up dual WAN with assigned clients to each WAN, but if one WAN fails, all can use the other.

[Qbcd]

The title pretty much says it all. I want to set up dual WAN where WAN 1 is available exclusively to one client, and all other clients use WAN 2. My router is the AX86U.

This can be done as described here: https://www.snbforums.com/threads/a...t-only-one-device-to-use-secondary-wan.68773/

However, what I also want is, if WAN 2 has an outage, then WAN 1 becomes available to all clients.

So it's like load balancing + failover. Is this possible in stock firmware without having to input code? Does it just happen by default or will the router leave clients who were not assigned to WAN 1 without connectivity if WAN 2 fails? (I can't test it yet).

Thanks!

 

[FernandoF]

I want to set up dual WAN where WAN 1 is available exclusively to one client, and all other clients use WAN 2. My router is the AX86U.

However, what I also want is, if WAN 2 has an outage, then WAN 1 becomes available to all clients.

Dual WAN on most Asus routers has functionality/reliability problems which may or may not affect you. Based on my limited (but successful) experience with the RT-AC86U, what I can offer is this:

1. What you say above will not work (at least not without a custom script)
2. The OPPOSITE of that will likely work, i.e. if WAN1 has an outage, WAN2 becomes available to all clients
3. With the standard GUI functionality, WAN1 rules are always considered before WAN2 rules, regardless of the order you enter them

Given the above, and assuming your LAN subnet/router address is 192.168.50.1, I'd recommend the following setup:

LAN > DHCP Server:

• IP Pool Starting/Ending Addresses = 192.168.50.2 to 192.168.50.128
• Enable Manual Assignment = Yes
• IP Address for specific client = 192.168.50.128

WAN > Dual WAN:

• Primary WAN = ISP connection for all clients except one specific client (i.e. "WAN1")
• Secondary WAN = ISP connection for one specific client only (i.e. "WAN2")
• Dual WAN Mode = Load Balance
• Load Balance Configuration = leave at default (irrelevant)
• Auto Network Detection = leave at default (we can try to adjust this later, if necessary)
• Enable Routing Rules = Yes
• First Routing Rule = 192.168.50.0/25 - all - Primary WAN
• Second Routing Rule = 192.168.50.128 - all - Secondary WAN

To test the failover/failback portion of the above setup:

• Do NOT turn off or disconnect any ethernet cables from your ISP modems to the router. Although those may seem to work, they do NOT represent valid tests
• Failover: Disconnect the INPUT cable (i.e. coaxial or fiber) to your WAN1 modem, wait for a while (a few minutes?) and check if your clients are switched to WAN2
• Failback: Reconnect the INPUT cable (i.e. coaxial or fiber) to your WAN1 modem, wait for a while (a few minutes?) and check if your clients (except one) are switched BACK to WAN1

I hope this helps. Please post your results and, if possible, a screenshot of your WAN > DUAL WAN settings page. Good luck!

 

[Qbcd]

Dual WAN on most Asus routers has functionality/reliability problems which may or may not affect you. Based on my limited (but successful) experience with the RT-AC86U, what I can offer is this:

1. What you say above will not work (at least not without a custom script)
2. The OPPOSITE of that will likely work, i.e. if WAN1 has an outage, WAN2 becomes available to all clients
3. With the standard GUI functionality, WAN1 rules are always considered before WAN2 rules, regardless of the order you enter them

Given the above, and assuming your LAN subnet/router address is 192.168.50.1, I'd recommend the following setup:

LAN > DHCP Server:

• IP Pool Starting/Ending Addresses = 192.168.50.2 to 192.168.50.128
• Enable Manual Assignment = Yes
• IP Address for specific client = 192.168.50.128

WAN > Dual WAN:

• Primary WAN = ISP connection for all clients except one specific client (i.e. "WAN1")
• Secondary WAN = ISP connection for one specific client only (i.e. "WAN2")
• Dual WAN Mode = Load Balance
• Load Balance Configuration = leave at default (irrelevant)
• Auto Network Detection = leave at default (we can try to adjust this later, if necessary)
• Enable Routing Rules = Yes
• First Routing Rule = 192.168.50.0/25 - all - Primary WAN
• Second Routing Rule = 192.168.50.128 - all - Secondary WAN

To test the failover/failback portion of the above setup:

• Do NOT disconnect any ethernet cables from your ISP modems to the router. Although that will work, it does NOT represent a valid test
• Failover: Disconnect the INPUT cable (i.e. coaxial or fiber) to your WAN1 modem, wait for a while (a few minutes?) and check if your clients are switched to WAN2
• Failback: Reconnect the INPUT cable (i.e. coaxial or fiber) to your WAN1 modem, wait for a while (a few minutes?) and check if your clients (except one) are switched BACK to WAN1

I hope this helps. Please post your results and, if possible, a screenshot of your WAN > DUAL WAN settings page. Good luck!

Thanks so much for the instructions, I will try this. So just to clarify, this *is* what I was asking for, just the labels are reversed from what I typed, but the functionality is what I asked for, correct? I.e. if the WAN that serves all but one clients goes down, then the WAN that serves the one client will become available to all clients until the WAN that serves all but one clients reconnects. Is this correct?

So it's basically just a standard Load Balance config, and the router will automatically do failover too, if I understand correctly?

Thanks again.

 

[Tech9]

and the router will automatically do failover

If you are lucky the Asus router may do failover/failback, but also may not want to. Available load balancing may break connections, very simple and not reliable. If you want reliable Dual WAN Asus home router is not the router you want. There are multiple threads around on this very same subject with some people running business routers and others custom script attempting to fix what was found broken in Asuswrt.

Dual WAN Failover Script ***v1.6.0 Released***

Current Thread: https://www.snbforums.com/threads/dual-wan-failover-v2-release.83674/

www.snbforums.com

 

[FernandoF]

So just to clarify, this *is* what I was asking for, just the labels are reversed from what I typed, but the functionality is what I asked for, correct? I.e. if the WAN that serves all but one clients goes down, then the WAN that serves the one client will become available to all clients until the WAN that serves all but one clients reconnects. Is this correct?

Yes, that is what you were asking for, just with the labels reversed. The reversion I'm proposing is important though. Assuming your router behaves like mine, if WAN2 goes down it will NOT fail over to WAN1, but if WAN1 goes down it will *likely* fail over to WAN2 (and later fail back to WAN1) . That's what we expect to confirm with your tests.

In other words, under normal conditions, all of your LAN (with IP's 192.168.50.2 to .127) except one specific client will access WAN1 only, and that specific client (with the reserved IP 192.168.50.128) will access WAN2 only. In the event that WAN1 goes down, all clients should (hopefully) switch to WAN2. Finally, when WAN1 is restored, all but one of your clients should switch back to WAN1. That's the behavior we need to check.

So it's basically just a standard Load Balance config, and the router will automatically do failover too, if I understand correctly?

I wouldn't say it's a "standard" Load Balance configuration, because we're pre-assigning a single specific connection (either WAN1 or WAN2) to each one of your devices, rather than letting them access both WAN's at the same time (which indeed does not work well with Asus routers). Maybe we could call it a "manual" Load Balance. But yes, we're aiming for a manual Load Balance with failover/failback capability).

Please keep us posted of your Dual WAN settings and results!

 

[FernandoF]

If WAN1 goes down it will *likely* fail over to WAN2 (and later fail back to WAN1) . That's what we expect to confirm with your tests.

UPDATE: I was finally able to test the above behavior with my own equipment, and... it worked!

After removing the input fiber from the ONT (modem), it took about a minute or so for the RT-AC86U to detect the loss of connectivity and switch from WAN1 to WAN2. The WAN LED did not turn red, it remained white. Then a few minutes later, when I reconnected the fiber to the ONT, it took less than 30 seconds for the router to switch back to WAN1. I admit I'm impressed!

@Qbcd, I feel more confident now that the setup proposed in my previous messages will work for you. Please let us know!

 

[Qbcd]

Yes, that is what you were asking for, just with the labels reversed. The reversion I'm proposing is important though. Assuming your router behaves like mine, if WAN2 goes down it will NOT fail over to WAN1, but if WAN1 goes down it will *likely* fail over to WAN2 (and later fail back to WAN1) . That's what we expect to confirm with your tests.

In other words, under normal conditions, all of your LAN (with IP's 192.168.50.2 to .127) except one specific client will access WAN1 only, and that specific client (with the reserved IP 192.168.50.128) will access WAN2 only. In the event that WAN1 goes down, all clients should (hopefully) switch to WAN2. Finally, when WAN1 is restored, all but one of your clients should switch back to WAN1. That's the behavior we need to check.


I wouldn't say it's a "standard" Load Balance configuration, because we're pre-assigning a single specific connection (either WAN1 or WAN2) to each one of your devices, rather than letting them access both WAN's at the same time (which indeed does not work well with Asus routers). Maybe we could call it a "manual" Load Balance. But yes, we're aiming for a manual Load Balance with failover/failback capability).

Please keep us posted of your Dual WAN settings and results!

Thanks for the explanation! I am getting the second WAN in about 10 days, then will test and report back.

And thanks for confirming your results. I'm surprised it took this long, in a standard failover setting configured to check every 5 seconds it takes 5-10 seconds to switch to the secondary WAN and about as long to switch back, but I guess this was not set up as failover, so it took longer. Maybe the AX86U can do it faster, we'll find out.

 

[Qbcd]

By the way, I'm curious is it possible to have QoS/Bandwidth limiting on just one WAN and not the other? One will be a VDSL2 that needs limiting to avoid ping spikes, it's a real problem with that connection. But the other will be gigabit FTTP and if I enable QoS, HW acceleration will turn off and the router won't be able to reach gigabit speed. I just need upload bandwidth limiting on one of the WANs, not even any QoS rules, wondering if it's possible to do that without crippling my speeds.

 

[Qbcd]

Another question, instead of splitting up the main subnet, would it be possible to have two subnets - one for each WAN - where clients in one cannot see clients in the other, but they can all see each other within the subnets and can all see the router. One can have DHCP for anyone with a WiFi password, and the other will be manually assigned IPs by me that will include wired devices, and that will only be for the second WAN. Anyway to do that with the AX86U?

I'm getting the second WAN on Sept 23 by the way, that's when I will be able to do testing.

 

[FernandoF]

Another question, instead of splitting up the main subnet, would it be possible to have two subnets - one for each WAN - where clients in one cannot see clients in the other, but they can all see each other within the subnets and can all see the router. One can have DHCP for anyone with a WiFi password, and the other will be manually assigned IPs by me that will include wired devices, and that will only be for the second WAN. Anyway to do that with the AX86U?

I suspect you may need VLAN's for that, which unfortunately are not available for the RT-AX86U. But I don't really know the answer -- hopefully others will be able to clarify

I'm getting the second WAN on Sept 23 by the way, that's when I will be able to do testing.

Excellent. I'll be waiting for your results with great interest.

 

[Qbcd]

I suspect you may need VLAN's for that, which unfortunately are not available for the RT-AX86U. But I don't really know the answer -- hopefully others will be able to clarify


Excellent. I'll be waiting for your results with great interest.

Ok, I can report success! But it took some finessing to get there. First of all, when I first changed the settings, nothing happened. I don't remember if I had to reset the router to change the DHCP and Dual WAN settings, but nothing happened, all clients just kept connecting to the primary WAN. Then at some point, no clients were connecting to any WAN, I don't remember if this was after another restart, but I remember it took a restart to fix that, and then we were back to square one with all connecting to just the one WAN. Then I unplugged and replugged the ethernet cable for the secondary WAN and finally after that the one client successfully connected to it, and after that it all seemed to work as it should. I've restarted it a couple of times since then and it seems to be still working with the clients connecting to the correct WAN*. But the fact it was so glitchy in getting it to work really doesn't inspire confidence, I wouldn't be surprised if it glitches out again at some point.

Ok now the failover. This was easier to get working. So I tested it with just unplugging the ethernet cable and that worked. But when I tested it with unplugging the RJ11 connector from my DSL modem, that didn't work - the router never recognized the connection as being down - even though I have the failover settings still set up from when I had Dual WAN with Failover - i.e. pinging 1.1.1.1 every 20 seconds with 4 consecutive fails triggering a failover. But it appears that once you switch to Load Balancing those settings just don't do anything, and Asus should really remove them from the GUI when Load Balancing is selected. So the router failed to detect the primary connection being down unless I pulled the ethernet cable from it.

However, since the primary is a VDSL2 connection, I enabled PPP Echo (I had it disabled before because I had Failover), and that did the trick. I pulled the RJ11 cable from the modem and after a while the clients all switched to the secondary WAN, then plugged the cable back in and they switched back. However, weirdly the first time I tested it it took over 3 minutes (I've set up the PPP Echo detection to take 2 minutes), but the second time it only took 20 seconds or so. So again, it's inconsistent, I don't know if I trust it, but hey better than nothing.

*See my comment below.

 

[Tech9]

So the router failed to detect the primary connection being down unless I pulled the ethernet cable from it.

This was the result on every Asus router I have ever tried in Dual WAN with 2x Ethernet WAN connections.

 

[Qbcd]

This was the result on every Asus router I have ever tried in Dual WAN with 2x Ethernet WAN connections.

Yeah, if it's a PPPoE connection there is that Internet Detection option that makes it work, but it's not there on Automatic IP... Such an easy thing for them to fix, but I doubt they'll do it.

@FernandoF do you have a PPPoE primary WAN, how is yours detecting it?

 

[Qbcd]

I have another minor problem now even though I posted earlier that it was working after multiple restarts... maybe I misremembered. The issue is, every time I restart the router, the client that is supposed to be on the secondary WAN is not given access to it, it just stays on the primary WAN like everyone else. To fix that I have to disable the secondary WAN and reenable it, then it works and continues working as it should until the next restart.

It's not too much of a hassle, just have to click on the the secondary WAN button from the main page, then click on disable and then enable again. Alternatively you can disconnect and reconnect the cable physically, but that's obviously harder. I tried tweaking some settings to try to get it to work without having to do this, but nothing worked... It's not too bad, I don't restart the router too often, but it is minorly annoying. Just bugs everywhere... Typical Asus.