SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > ASUS Wireless > Asuswrt-Merlin

Reply
 
Thread Tools Search this Thread Display Modes
  #11  
Old 06-01-2014, 03:50 PM
RMerlin's Avatar
RMerlin RMerlin is online now
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 10,888
Thanks: 56
Thanked 6,062 Times in 2,471 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Hi again,

I was confused/didn't remember correctly. I see from your post earlier in this thread that the UI now supports 128 but there may have been some issue above 64 and possibly when above 35.

Here are some more details.

We have 61 MAC addresses on 2.4Ghz radio and the same 61 MAC addresses on the 5.0Ghz one. So in my mind this is below the limit.

I've used a google docs script to set the following NVRAM params, and then I go into the UI and turn off then on the MAC filtering to push through whatever changes are needed under the hood. The reason I use the script to set the NVRAM params is so that I can manage the list of users in a google docs spreadsheet. I arrived at these params by adding and removing different MAC addresses and seeing what NVRAM params were getting set. I might be missing something, and I don't know what the purpose of them all are

nvram set wl_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl0_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl1_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram set wl0_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram set wl1_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram commit

I suppose the alternative is to try and get FreeRadius running on the router. Are you aware of anyone who has achieved this?

Thanks,

Opie
wl_maclist (and wl_maclist_x) are unused by the router. It's just a temporary storage used by the webui when the user applies the settings it just entered. Then, the web server will determine if you were editing the 2.4 GHz or 5 GHz interface, and copy these to the appropriate wl0_* or wl1_* vars.

Can you tell me the length of the content of wl0_maclist/wl1_maclist and wl0_maclist_x/wl1_maclist_x?

I suspect that the issue lies in the fact that I've taken into account the length of all the MACs and the separators, but didn't factor the name length. I see at least one place in the code where that'd be the case.

Radius would indeed be far more manageable for such a big list of clients, however I don't know anyone who actually played with that.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.

Last edited by RMerlin; 06-01-2014 at 03:56 PM.
Reply With Quote
  #12  
Old 06-01-2014, 09:23 PM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Hi,

I assemble in a series of environment variables the MAC addresses and then contact the environment variables together as follows:

nvram set wl0_maclist=$list0$list1$list2$list3$list4$list5
and
nvram set wl0_maclist_x=$list0_x$list1_x$list2_x$list3_x$lis t4_x$list5_x

Each $list... variable is kept <1024 characters, in fact I don't let it assemble more than 40 MAC addresses.

So in my example, with 61 MAC addresses and using a very minimal label which is just the row # from my spreadsheet (i.e. 1-70) as a label my calls to

nvram set wl0_maclist - 1081 characters
nvram set wl0_maclist_x - 1257 characters

The WebGui properly displays ALL the MACs that I load with my script complete with labels.

My sense is that the breakdown is happening when the APPLY/SAVE function from the WebGUI is being called and the background processes are being configured (iptables?)

Is there some output from iptables that I could attach as a debug step?

Thanks again!

Opie
Reply With Quote
  #13  
Old 06-02-2014, 09:57 AM
RMerlin's Avatar
RMerlin RMerlin is online now
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 10,888
Thanks: 56
Thanked 6,062 Times in 2,471 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
nvram set wl0_maclist - 1081 characters
nvram set wl0_maclist_x - 1257 characters
The firmware only had a 1200 bytes buffer, therefore it was being overrun.

I increased it to 3500, which should accommodate 64 MACs with names of 30 chars each. This is the maximum length supported by the httpd service when processing nvram values.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
  #14  
Old 06-02-2014, 11:04 PM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Fantastic. I will give it a try with the next release.

If I kept the label names really short, would it support more than 64 MACs or is there something else in the chain that would breakdown?
Reply With Quote
  #15  
Old 06-03-2014, 12:03 AM
RMerlin's Avatar
RMerlin RMerlin is online now
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 10,888
Thanks: 56
Thanked 6,062 Times in 2,471 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Fantastic. I will give it a try with the next release.

If I kept the label names really short, would it support more than 64 MACs or is there something else in the chain that would breakdown?
Shorter names would be a usable workaround for now. Just make sure the total length of the nvram setting isn't longer than 1200 characters (including all the separators).
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
  #16  
Old 06-07-2014, 02:04 PM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Hi Merlin,

I tried the 374.43 build last night and found that a larger # of MACs to filter by still appear limited to the ~1000 character limit.

Can you tell me the format iptables command that the web-server is running to establish the MAC based filtering.

I ran 'iptables --list' but couldn't find an associated chain when I had the MAC filtering enabled for either of the radios.

My idea is to build a script that parses a text file of MAC addresses and then call the appropriate iptables command. And then have this run automatically on boot-up.

Perhaps there is another way?

Thanks,

Owen
Reply With Quote
  #17  
Old 06-07-2014, 11:53 PM
RMerlin's Avatar
RMerlin RMerlin is online now
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 10,888
Thanks: 56
Thanked 6,062 Times in 2,471 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Hi Merlin,

I tried the 374.43 build last night and found that a larger # of MACs to filter by still appear limited to the ~1000 character limit.

Can you tell me the format iptables command that the web-server is running to establish the MAC based filtering.

I ran 'iptables --list' but couldn't find an associated chain when I had the MAC filtering enabled for either of the radios.

My idea is to build a script that parses a text file of MAC addresses and then call the appropriate iptables command. And then have this run automatically on boot-up.

Perhaps there is another way?

Thanks,

Owen
It's not done by the router firewall code, so I suspect it's done internally by the closed-source driver, in which case this means this is a limit I have no way to increase beyond the actual limit. That means I will have to bring it back down to 32 MACs max then. The code I fixed involved the location where the user-entered list was read, processed, and stored in a different nvram setting. I see no reference in the firmware to that other setting.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 01:47 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  405
john9527  161
azazel1024  117
htismaqe  105
sfx2000  88
stevech  74
ColinTaylor  70
AndreyPopov  61
TonyH  54
bbb0777  42
RMerlin  6061
john9527  391
stevech  351
ryzhov_al  280
TeHashX  237
L&LD  232
RogerSC  201
sinshiva  147
sfx2000  134
joegreat  126
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  30577
Old RT-AC68P...  2911
Old Brainstorming...  2721
Old Advice on...  2619
Old Looking for...  2373
Old RT-AC68U...  1926
Old Asus...  1833
Old Issues...  1795
Old Stable...  1706
Old AC-68...  1637
Old Asuswrt-Merli...  216
Old Brainstorming...  49
Old Advice on...  49
Old Looking for...  35
Old RT-AC68P...  33
Old WiFi...  27
Old Issues...  25
Old Stable...  25
Old WiFi Rates  23
Old RT-AC68U...  22


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.