Return to site
Return to site

Ap Tomato

broken image


  1. Tomatoes Ap Style
  2. Pansy Ap Tomato
  3. Rotten Tomatoes App
  4. Fresh Tomato Ap Mode

Another option is to use two wireless routers—one configured in Tomato client mode, connected by Ethernet to the second router, configured as an AP (access point). For more on DD-WRT, read ' Wi-Fi Planet's Greatest Hits: DD-WRT.' Keep in mind that you only need to run Tomato on the client router—the primary router can be anything. I need a second wireless access point in my house, to deal with crappy wifi signal strength through lathe-and-plaster walls. I'm using an ASUS-RT16N running Tomato/Shibby to do this. There's a bunch of ways to string together wireless networks. There's wifi repeaters (no wires), ethernet bridges, WDS, blah blah. Cream of the Crop Tomatoes is a joint project between A.P. Whaley Seed Company and Frogsleap Farm. The goal is to develop new lines of tomatoes with superior fruit quality, X-tended Shelf Life (XSL), and multiple-disease resistance. Our Flavor First strategy assures.

IMPORTANT: installing custom firmware always pose risk of bricking your device. Do it at your own risk.

This guide will show you how to use custom firmware Tomato by Shibby on Asus RT-N66U as a wireless access point (WAP) to setup multiple Wi-Fi VLANs.

This is an alternate method of setting up Wi-Fi subnets of a 3 steps guide to protect home network using subnets.

Prerequisite: VLAN infrastructure in place for the wired network described in Part 1 and Part 2 of the 3 steps guide.

This guide will step you through the flash of custom firmware Tomato and setup the 3 wireless VLANs.

  • VLAN 40 (SSID: Mobile): Your mobile devices
  • VLAN 42 (SSID: IoT): IoT devices
  • VLAN 44 (SSID: Guest): Guest devices

How to enable recovery mode for RT-N66U?

Tomatoes Ap Style

Asus router has recovery mode that allows you the flash firmware or reset to default settings (or factory reset for official firmware).

  1. turn off the router
  2. press and hold the reset button (do not release)
  3. turn on the router
  4. wait for about 8 seconds on official firmware (or 5 seconds on Tomato)
  5. release the reset button

How to factory reset?

There are several ways of performing factory reset. Each method shall achieve the same results.

Hard Reset

The 30/30/30 reset works on older routers, but not new routers like RT-N66U. Dice 206751. So don't use it.

  • with the unit turned on, press and hold the reset button
  • wait until power led started blinking slowly (about 5 seconds)
  • release the reset button

Reset using Recovery mode

  • enable recovery mode
  • click on Restore default NVRAM values

Reset using web gui

  • access web gui of the router
  • go to Administration > Restore/Save/Upload Setting
  • click Restore and then OK

Note: if you are already on Tomato, go to Administration > Configuration > Restore Default Configuration, select Erase all data in NVRAM memory and click OK.

How to flash Tomato?

Note: The Administration > Firmware Upgrade option available in the web gui of the latest official firmware (v3.0.0.4.382_50624) does not allow you to flash custom firmware.

What you need: A stand alone computer you can connect directly to the router

  • download Tomato firmware (look for build specific for RT-N66U)
  • remove the router from your network
  • perform factory reset using Hard reset method (this will reset router's IP address to 192.168.1.1)
  • enter recovery mode
  • set your computer's IPv4 address to something like 192.168.1.100 and connect to the router
  • browse to router's IP at http://192.168.1.1. The recover mode screen should show up
  • click Choose File and select the Tomato build file downloaded.
  • click Upload

IMPORTANT: Flashing the firmware can take long time (over 10 minutes). Do NOT power off or interrupt the process or you may brick your router.

  • wait for the upload is complete
  • wait patiently (could be over 10 minutes) while router is flashing the firmware and reboot. You can ping and try browse http://192.168.1.1 to see if the install is finished.
  • when web browser responses with following screen, congratulations, you have successfully installed Tomato!

How to revert back to official ASUS firmware?

  • repeat steps on How to flash Tomato? using official firmware instead

Configure Tomato to serve as a wireless access point (WAP)

When used as access point, we don't need the WAN port. So we can disable it.

  • go to Basic > Network
  • select Disabled for WAN Settings > Type
  • click on Bridge br0 in LAN section
  • uncheck DHCP checkbox
  • click OK
  • scroll down and click Save

Setup multiple SSIDs with VLANs support

To enable multiple SSIDs with VLANs, we will create separate bridges. One bridge for each VLAN and it's associated wireless interface(s).

RT-N66U has 1 physical 5GHz wireless interface (eth1).

Tomato automatically created a default bridge ‘br0‘ and has wireless interface and default VLAN 1 (for LAN) as it's members.

Create 3 new Bridges

Tomato

We will create one new Bridge for each VLAN.

  • go to Basic > Network
  • go to LAN section
  • create bridge for VLAN 40
    • select 1 for Bridge
    • enter 192.168.40.1 for IP Address
    • enter 255.255.255.0 for Netmask
    • click Add
  • create bridge for VLAN 42
    • select 2 for Bridge
    • enter 192.168.42.1 for IP Address
    • enter 255.255.255.0 for Netmask
    • click Add
  • create bridge for VLAN 44
    • select 3 for Bridge
    • enter 192.168.44.1 for IP Address
    • enter 255.255.255.0 for Netmask
    • click Add
  • scroll down and click Save

Update Wireless Interface eth1 (VLAN 40)

We will update settings for eth1, assign to br1 and enable security.

  • go to Advanced > Virtual Wireless
  • click on eth1 interface
  • enter ‘Mobile‘ for SSID
  • select br1 for Bridge
  • click OK
  • click on eth1 (wl0) tab
  • select WPA2 Personal for Security
  • enter a good key phrase for Shared Key
  • scroll down and click Overview
  • click Save

Create Virtual Wireless Interface for VLAN 42

To enable multiple SSIDs, we need to create virtual wireless interface.

Pansy Ap Tomato

  • continue at Advanced > Virtual Wireless
  • select wl0.1
  • enter ‘IoT‘ for SSID
  • select br2 for Bridge
  • click Add
  • select WPA2 Personal for Security
  • enter a good key phrase for Shared Key
  • scroll down and click Overview
  • click Save

Create Virtual Wireless Interface for VLAN 44

  • select wl0.2
  • enter ‘GuesT‘ for SSID
  • select br3 for Bridge
  • click Add
  • select WPA2 Personal for Security
  • enter a good key phrase for Shared Key
  • scroll down and click Overview
  • click Save

Configure VLAN settings

We will configure and use port 4 as trunk port (to connect to the Netgear VLAN switch).

  • setup the VLAN settings according to the screen below
  • scroll down and click Save and then OK to confirm
  • the router will now reboot

Assign static IP to Router

The configuration to the router is done. Now we need to assign an IP address to the router so that it's ready to join your home network. The IP address should have the same net mask as the management VLAN 192.168.99.x.

  • go to Basic > Network
  • click on Bridge br0
  • enter 192.168.99.66 as IP Address
  • uncheck DHCP checkbox
  • click OK
  • scroll down and click Save

You can disconnect your computer from the router and can now set its IPv4 address back to Obtain an IP address automatically.

Note: your computer won't be able to connect to the router until the router joined your home network to receive an IP address from the DHCP server.

Configure pfSense and Netgear VLAN switch

Now let's prepare pfSense and the Netgear VLAN switch with the additional VLANs before RT-N66U joins the home network.

Add VLAN interfaces and rules at pfSense

Follow Step 1 through 4 of Setup VLAN interfaces at pfSense firewall to add VLAN 42 and VLAN 44 to the pfSense fireware.

Rotten Tomatoes App

Add VLAN 42 and 44 to Netgear GS108Ev3 switch

Fresh Tomato Ap Mode

  • login to the switch (would be http://192.168.99.108 if you followed the guide in Part 2)
  • go to VLAN > 802.1Q > Advanced > VLAN Configuration
  • enter 42 at VLAN ID field and click Add
  • enter 44 at VLAN ID field and click Add

Configure port 6 as a trunk port

IMPORTANT: changing port 6 to trunk port will temporarily disable the sub-network VLAN 40.

Port 6 was originally setup as VLAN 40 for use of an access point to connect all mobile devices. If you have an access point connected to port 6 for wireless connections, it's time to unplug the access point from port 6.

Add VLAN 99 to port 6

For VLAN 99, port 6, 7 & 8 should all be untagged (show ‘U‘).

  • go to VLAN Membership
  • select VLAN ID ‘99
  • click on port 6 to show ‘U‘ (untagged)
  • click Apply

Set port 6 PVID to management VLAN 99

  • go to Port PVID
  • enable port 6‘s checkbox
  • enter 99 to PVID text box
  • click Apply

Convert port 6 to trunk port

  • go to VLAN Membership
  • select VLAN ID '40'
  • click on port 6 & port 8 until both show ‘T‘ (tagged)
  • click Apply

Repeat for VLAN 42 and VLAN 44.

Hook up to the home network

Connect RT-N66U port 4 to port 6 of the Netgear VLAN switch and the wireless networks should be ready to use.

Configure your mobile devices to use their new SSIDs accordingly.

All set. Your home network is now properly segmented with multiple sub-networks for better protection!





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save