Posts Tagged ‘wireless network’

Asus wireless router and VLAN tagging

Friday, February 9th, 2018

The idea in general is to have multiple wireless networks at home – one for the house residents, the other for visitors. The home network should have full access to everything, while the guest network should be able to reach the Internet, but nothing else.

I have Asus RT-AC87U, which is a fine router, but does not show these capabilities in its web GUI. I had flushed it with a derived firmware called AsusWRT-Merlin which added the ability to insert custom scripts.

I’ve had to research a bit, until I got something working. For future tinkering, and for any who requires it, I will add my scripts here.

First – in the web interface, enable guest network and, under Administration->System enable JFFS custom scripts.

Then, connect via SSH to the router, and place a script called /jffs/scripts/services-start containing:

touch /tmp/000brstarted
robocfg vlan 100 ports “1t 2t 3t 4t 5t 8t”
vconfig add eth0 100
ifconfig vlan100 up
brctl addbr br1
brctl addif br1 vlan100
brctl delif br0 wl0.1
brctl addif br1 wl0.1
ifconfig br1 netmask up
nvram set lan_ifnames=”vlan1 eth1″
nvram set lan_ifname=”br0″
nvram set lan1_ifnames=”vlan100 wl0.1″
nvram set lan1_ifname=”br1″
nvram set lan1_ipaddr=
nvram commit
killall eapd

Run chmod +x /jffs/scripts/services-start so that it will work correctly.

This script will configure VLAN100 on all ports (including the internal ones 5 and 8), as VLAN tags (meaning – not access). Then it will add the VLAN to eth0 – which is the host interface for the external switch ports (eth1 is for the Wireless ports), bring it up, and create a bridge consisting of vlan100 and the additional wireless sub-interface wl0.1 (which is the guest interface). I did not bother setting up 5GHz guest network, so I didn’t have an additional wl1.1 sub-interface. If you configure a 5GHz guest network, you will need to add it to the bridge device. Then I’ve given the bridge interface an IP address so I could test it from my router, and setup nvram to hold these settings. Unfortunately, these settings must be defined each boot, and they are not kept without the script.

Maybe on my next post I will describe my switch network layout and settings. On a future post, I might even describe how to transfer VLANs to a VM running under KVM, and maybe even explain my router settings, so that eventually the readers (other than myself, of course) could reproduce this setup at their homes.

AP acting as a repeater (WDS protocol) – Apple AirPort as a repeater of Linksys WRT54G

Thursday, September 27th, 2007

In a given place, an AirPort has been connected to the Internet. A Linksys router was added, however, it does not support acting as repeater, however, hidden, there is the ability to act as a WDS master.

The secret is based on the following steps, using the default firmware:

1. Setup Linksys for WEP, setup a key, setup an SSID and a channel.

2. Setup AirPort for WEP, using the same strength, using the same key, same SSID and same channel.

3. Setup AirPort for WDS, acting as “remote base station”. Add the MAC address of the Linksys (I got it using ‘iwlist’ command under Linux, when already connected to it. This is NOT the MAC marked on a sticker at its bottom!)

This should work. Try connecting a client machine to the AirPort Ethernet adapter and renew your DHCP lease to verify it’s working.

Reference taken from this blog. It helped me a lot.


Neighbors stealing your Internet connection?

Wednesday, January 17th, 2007

Some of you might take it lightly, some of you might take it seriously, and encrypt your wireless network, block the network to specific MAC addresses, etc. This guy had one special treat for his neighbors. Maybe I should try that too…

I’ve been away for a week due to work abroad

Sunday, April 2nd, 2006

And had the chance to be in one of the largest server farms I’ve ever been to. Could not take pictures, though.

We were connected to a proxied and limited network, inside the organization, with a limited set of allowed web sites. It was terrible. Then I’ve figured that if I purchase wireless network connection (which was available), I can use my laptop as a router, running NAT on this connection, while still being physically connected to the internal network. Security hole? Sure is, but not mine 🙂

So I’ve connected that way using PCMCIA wireless card (for some reason my internal Orinoco_PCI card refused to talk to that wireless network. I should try to find time to diagnose this issue). So I’ve had a configuration as follows:

1) wlan0 (PCMCIA wifi via ndiswrapper) – Internet

2) eth2 (First wired network card) connected to the internal LAN, and used as GW for one of my team

3) eth1 (Orinoco_PCI wifi card) in ad-hoc mode, acting as GW for another one of my team, who sat just far enough so I could not throw him a cable.

It worked, and worked fine.

Regarding other issues, I’ve noticed that my laptop was at its top, but felt it was hardly enough. For example – I used SkyPE. When in a voice call, my CPU went up to a stable 80-85% utilization. It is high. It means that if I do anything else, I get choppy sound (which I did get). It was good we’ve had such a long unused time at the customer’s place. Lots of waiting you can pass while in a voice call, and for free.

Well, it was educative. I’ve learned some additional things of how things work on a very large-scale environments, with the cons and pros of it. Was fun.

Orinoco_pci finally working correctly!

Thursday, March 9th, 2006

After upgrading my laptop to kernel, hibernation worked flawlessly. Running my previous version of kernel –, I have had some hibernation instabilities. I’ve had some memory corruptions here and there, which would have required I reboot the machine. So far, and it’s been a while, I’m glad to say I had no reason to "reboot" my laptop, but only to hibernate and awake it. Works like a charm.

In my post here, I have complained of performance issues with Orinoco_pci module. Although I’ve had somewhat below the average speed in my LAN (I’ve got about 800KB/s, give or take, on my 802.11b network), using this line to reach an external server / address or even a web site was disastrous. Degraded performance, up to no connection at all. Ping was correct at all times, just as a simple wget to a rather close server (on my ISP’s server room) got timed-out, and drained to less than 2KB/s… Terrible.

In this kernel version, as I’m happy to say, I have tested the built-in orinoco, and finally it’s working just as it should. I get to use my full internet bandwidth, and I’m happy with it. Normal response times, and all. Now all I’ve got left is to make sure the internal LEDs work. On another day 🙂