Created
August 22, 2023 23:51
-
-
Save chrisrink10/558d311e73934d0c9825c4bac557bf7a to your computer and use it in GitHub Desktop.
3 VLAN Configuration for ASUS RT-AX88U with Merlin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Create VLANs to match the configuration on the FreshTomato router cj-router-3200 | |
# | |
# Adapted from the following sources: | |
# - https://virtualize.link/asus-vlans/ | |
# - https://gist.github.com/Jimmy-Z/6120988090b9696c420385e7e42c64c4 | |
# - https://www.snbforums.com/threads/vlans-trunk-interface-tagged-and-untagged-traffic-rt-ax86u-and-rt-ax88u.78411/#post-846773 | |
# - https://www.snbforums.com/threads/rt-86u-vlanctl-ethctl-usage-puzzle.54375/ | |
UPSTREAM_ETHERNET="eth1" | |
BR0_INTERFACES="eth0 eth1 eth2 eth3 eth4 eth5 eth6 eth7 wl1.2" | |
BR1_INTERFACES="wl0.1 wl1.1" | |
BR2_INTERFACES="wl0.2 wl0.3" | |
# Create two additional LAN bridges. | |
# | |
# - br0 is created by default already so we do not need to create it. | |
# - br1 is the "Guest Network" bridge which will feature AP Isolation. | |
# - br2 is the IoT bridge which features AP Isolation on all but one interface (more on that later) | |
brctl addbr br1 | |
brctl addbr br2 | |
# Create VLAN links. The names and IDs are configured to match the interface | |
# names for corresponding VLANs on cj-router-3200. Frames are going to be tagged | |
# with VLAN IDs so these MUST match! | |
ip link add link eth1 name vlan1 type vlan id 1 | |
ip link add link eth1 name vlan3 type vlan id 3 | |
ip link add link eth1 name vlan4 type vlan id 4 | |
ip link set vlan1 up | |
ip link set vlan3 up | |
ip link set vlan4 up | |
# Remove the named interfaces from br0 and add them to the correct bridge. | |
# Set the bridges UP after all interfaces are associated. | |
brctl addif br0 vlan1 | |
for interface in $BR1_INTERFACES; do | |
brctl delif br0 "$interface" | |
brctl addif br1 "$interface" | |
done | |
brctl addif br1 vlan3 | |
ip link set br1 up | |
for interface in $BR2_INTERFACES; do | |
brctl delif br0 "$interface" | |
brctl addif br2 "$interface" | |
done | |
brctl addif br2 vlan4 | |
ip link set br2 up | |
# Update NVRAM settings to account for the changes made above. | |
# | |
# To the best of my knowledge, it does not appear that any of the NVRAM settings | |
# beyond "1" actually exist or are used by the firmware, but I'm just setting them | |
# for completeness. | |
# | |
# We do NOT issue `nvram commit` here since it won't survive reboot anyway | |
nvram set lan_ifnames="$BR0_INTERFACES vlan1" | |
nvram set lan1_ifnames="$BR1_INTERFACES vlan3" | |
nvram set lan1_ifname="br1" | |
nvram set lan2_ifnames="$BR2_INTERFACES vlan4" | |
nvram set lan2_ifname="br2" | |
nvram set br0_ifnames="$BR0_INTERFACES vlan1" | |
nvram set br1_ifnames="$BR1_INTERFACES vlan3" | |
nvram set br1_ifname="br1" | |
nvram set br2_ifnames="$BR2_INTERFACES vlan4" | |
nvram set br2_ifname="br2" | |
# Enable AP Isolation for the Guest Networks and disable it for IoT devices | |
nvram set wl1.2_ap_isolate="0" | |
for interface in $BR1_INTERFACES; do | |
nvram set "${interface}_ap_isolate"="1" | |
done | |
for interface in $BR2_INTERFACES; do | |
nvram set "${interface}_ap_isolate"="0" | |
done | |
# Reset some things | |
killall eapd | |
eapd | |
# ebtables -F |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
/jffs/scripts/config-vlans |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment