wanted: vlan for AC56U in AP-Mode

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

grifo

Senior Member
How can I run this script on asuswrt firmware (not on merlin) v386.x? Please help.
I've never used Asuswrt on its own, I flashed Merlin's firmware straight after I unboxed my router and AP so I don't know. I thought you couldn't run these scripts on it, if that has changed hopefully someone else will let both of us know.
 

bluecatus

Occasional Visitor
I've never used Asuswrt on its own, I flashed Merlin's firmware straight after I unboxed my router and AP so I don't know. I thought you couldn't run these scripts on it, if that has changed hopefully someone else will let both of us know.
Thanks.
However, when I use this script (I modified for my own) on Merlin at boot or run this one manually on Asuswrt via ssh, the 2nd and 3rd guest wifi could not connect if they have passwords (they noticed that wrong password) while the 02 first ones was OK with default VLANs (VLAN 501 and 502). Otherwise, if they had no password, I could connect easily and having specific VLAN for each.
I can't understand the weird.
 

grifo

Senior Member
Thanks.
However, when I use this script (I modified for my own) on Merlin at boot or run this one manually on Asuswrt via ssh, the 2nd and 3rd guest wifi could not connect if they have passwords (they noticed that wrong password) while the 02 first ones was OK with default VLANs (VLAN 501 and 502). Otherwise, if they had no password, I could connect easily and having specific VLAN for each.
I can't understand the weird.
You posted on the other thread that the problem started after you flashed the 386.1 alpha and it's still happening after a firmware downgrade and a factory reset.

As I mentioned there, the 386 firmware makes changes to the guest WLANs to allow extending them to aimesh nodes. Most likely that's the cause of the problems you're having.

I'm not planning to flash the 386.1 firmware on my AP for now (also due to those changes) so I can't look into it, sorry. Nobody else has replied to the other thread so maybe most people using this script are also holding on to 384.19 due to the changes in 386.1.

I guess the lesson learned for you is to wait before flashing a new major firmware release if you're using officially unsupported features, like this one is, as there's no guarantee they'll still be working.

Let's hope that Asus hasn't taken away this functionality for good as although unsupported it's keeping a lot of people on Asus routers and APs vs. going with small business geared hardware. We'll know more when 386.1 beta and final are released and more people upgrade.
 

bluecatus

Occasional Visitor
Thanks for your advices.
Btw, there are some posts mentioned the problem, even not only on 386.1 alpha. Can you take a look this post? #10

Btw, I hope that Asus has more interested features next releases.
 

grifo

Senior Member
Thanks for your advices.
Btw, there are some posts mentioned the problem, even not only on 386.1 alpha. Can you take a look this post? #10

Btw, I hope that Asus has more interested features next releases.
That's a six years old post and it's no longer relevant as the firmware has changed a lot since then. I don't remember reading reports of guest SSID authentication problems with this script under recent firmware up to 384.19.

You mention default VLANs 501 and 502, these don't exist on firmware 384.19, they're likely the new VLANs Asus is using on 386 to extend the guest WiFi to aimesh nodes. If that's the case and if it can't be changed you could try using those 2 VLAN IDs instead of the ones you were using before.

Otherwise it needs looking into properly which I would do if I had a router capable of running 386.1 but my RT-AC87U isn't and by upgrading just my AP I would risk that the two stop playing well together with this script. Sorry but I no longer have the time for remote troubleshooting these days.
 

Bob.Dig

Regular Contributor
@grifo Hope you are doing well. I noticed some weird problems after I enabled IPv6 in my pfSense for the interface the AC56U is connected to. Do you know anything about that? It seems,I never had IPv6 enabled before on my Asus...
 
Last edited:

grifo

Senior Member
@grifo Hope you are doing well. I noticed some weird problems after I enabled IPv6 in my pfSense for the interface the AC56U is connected to. Do you know anything about that? It seems,I never had IPv6 enabled before on my Asus...
Hi Bob, I'm okay but I had decided to stop posting on here as I don't like the way the forum is being run lately. I'll make an exception for you.

As your Asus is in AP mode it shouldn't make a difference if you're passing IPv4 or IPv6 traffic through it. What problem are you seeing and is it affecting both wired and wirless devices? What happens if you connect a switch to the pfSense instead of the Asus?
 

Bob.Dig

Regular Contributor
Hey @grifo , so my problem was, I had no internet nor could I connect via IPv4 to the pfSense from my machine, which is connected to the asus, but I could reach some other devices... . All other interfaces had no problems and as soon as I turned off IPv6, everything was fine again.
And yes I am pretty sure I used IPv6 on another switch with no problem, so I think the asus is somehow the cause, allthough there is another switch before it.
Thought about, if possible, to have the asus use vlans only (without any IPv6) and put yet another switch before it, that I could then connect my pc to. So I guess I have to find out myself.

Hope to still see you around here.
 

Bob.Dig

Regular Contributor
So today I tried again, without any other router in the loop. Still got the same problems, as soons as the asus was active...
 

grifo

Senior Member
You mean without any other switch?

Basically what you should do is connect only a switch to the pfSense and a PC to it and test IPv4 and IPv6 connectivity to the Internet. If it's good then remove the switch and connect the Asus to the pfSense and the same PC to it on a port assigned to VLAN 1 (check with robocfg show) and retest, without having made any changes to pfSense or your PC.

To be honest it's unlikely that the Asus in AP mode could cause connectivity problems to a wired PC due to IPv6 as it's just a switch. Maybe you're connecting the PC to a port you had assigned to the IoT VLAN. Else it's more likely than the problem is on the pfSense.
 

Bob.Dig

Regular Contributor
You mean without any other switch?
With and without. IPv4 works, IPv6 works as long as the Asus isn't on, after that problems, even if the machine is not connected to the asus at but is on the same parent interface.

It is so weird. Someone in the pfSense forum thinks that maybe the Asus isn't fully IPv6 compatible. I am just clueless, to bad I have to use the same interface for it and my main machine...
 

grifo

Senior Member
Try to access the below page on the Asus, it's not available in AP mode but you should be able to access in this way:

https://<your-Asus-IP>/Advanced_SwitchCtrl_Content.asp

Once there disable NAT acceleration and enable Spanning-Tree Protocol (if those options exist on the RT-AC56U, I've never used one).
 

Bob.Dig

Regular Contributor
Once there disable NAT acceleration and enable Spanning-Tree Protocol (if those options exist on the RT-AC56U, I've never used one).
It works but it is already like this.
Capture123.PNG

Maybe I should try to disable Spanning-Tree.
 

john9527

Part of the Furniture
Do clients connecting to the AP get a valid IPv6 address?
Also, I think if you have a separate vlan for the AP, you need to setup IPv6 for a greater than /64 prefix space, and assign a different IPv6 prefix ID for that vlan.
 

grifo

Senior Member
Yeah then Spanning Tree is on. What you quoted on the other thread: Sounds to me like the switch is doing PVST and there is an issue with spanning tree caused by the AP. Which switch are you referring to? And the Asus should be doing PVST too (= per VLAN spanning tree). Can you post robocfg show?
 

Bob.Dig

Regular Contributor
Can you post robocfg show?
Code:
ASUSWRT-Merlin RT-AC56U_3.0.0.4 Thu Dec 24 11:49:53 UTC 2020
[email protected]:/tmp/home/root# robocfg show
Switch: enabled
Port 0:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 1: 1000FD enabled stp: none vlan: 205 jumbo: off mac: 00:0c:29:c6:7f:f1
Port 2: 1000FD enabled stp: none vlan: 198 jumbo: off mac: 54:67:51:44:a4:1b
Port 3:  100FD enabled stp: none vlan: 202 jumbo: off mac: 00:17:88:a2:92:56
Port 4: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 70:85:c2:ad:2a:34
Port 8:   DOWN enabled stp: none vlan: 2 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 0 4 5t
   2: vlan2: 5
  56: vlan56: 2t 7t
  57: vlan57: 0 2 5t
  58: vlan58: 2 4 5t 8t
  59: vlan59: 1t 2t 3t 7 8u
  60: vlan60: 0 1 7
  61: vlan61: 2 8u
  62: vlan62: 1t 5
198: vlan198: 2 4t
201: vlan201: 4t 5t
202: vlan202: 3 4t 5t
205: vlan205: 1 4t
[email protected]:/tmp/home/root#
@john9527 I have no Ipv6 on any vlan I had created, but maybe the default one got one? But this one isn't configured in pfSense as a vlan, it is just the parent interface. Also I am a network noob.
 

grifo

Senior Member
Do clients connecting to the AP get a valid IPv6 address?
Also, I think if you have a separate vlan for the AP, you need to setup IPv6 for a greater than /64 prefix space, and assign a different IPv6 prefix ID for that vlan.
If I understood correctly he's not interested in doing IPv6 via the Asus AP that he's just using for IoT devices but on his other machines that are connected to a separate switch without VLANs, but when he turns on the Asus he loses connectivity to his devices connected to the other switch.
 

Bob.Dig

Regular Contributor
If I understood correctly he's not interested in doing IPv6 via the Asus AP that he's just using for IoT devices
Right, problem is, it is the same parent interface. Otherwise I would just run the Asus on an interface with no IPv6 at all, but I only have one connection here.
 

grifo

Senior Member
Code:
ASUSWRT-Merlin RT-AC56U_3.0.0.4 Thu Dec 24 11:49:53 UTC 2020
[email protected]:/tmp/home/root# robocfg show
Switch: enabled
Port 0:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 1: 1000FD enabled stp: none vlan: 205 jumbo: off mac: 00:0c:29:c6:7f:f1
Port 2: 1000FD enabled stp: none vlan: 198 jumbo: off mac: 54:67:51:44:a4:1b
Port 3:  100FD enabled stp: none vlan: 202 jumbo: off mac: 00:17:88:a2:92:56
Port 4: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 70:85:c2:ad:2a:34
Port 8:   DOWN enabled stp: none vlan: 2 jumbo: off mac: 00:00:00:00:00:00
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 0 4 5t
   2: vlan2: 5
  56: vlan56: 2t 7t
  57: vlan57: 0 2 5t
  58: vlan58: 2 4 5t 8t
  59: vlan59: 1t 2t 3t 7 8u
  60: vlan60: 0 1 7
  61: vlan61: 2 8u
  62: vlan62: 1t 5
198: vlan198: 2 4t
201: vlan201: 4t 5t
202: vlan202: 3 4t 5t
205: vlan205: 1 4t
[email protected]:/tmp/home/root#
@john9527 I have no Ipv6 on any vlan I had created, but maybe the default one got one? But this one isn't configured in pfSense as a vlan, it is just the parent interface. Also I am a network noob.
Are you using the Asus' WAN port to connect to the pfSense and LAN 1 to connect your PC? LAN 1 is the only one assigned to VLAN 1 (other than the WAN port that you should use for the upstream connection) and it's showing down (it corresponds to port 0 on robocfg).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top