Posted: Wed Mar 22, 2017 16:19 Post subject: Guest Network on DHCP Forwarder
Does anyone know how to set up an isolated guest network for a router that is set up as a wireless access point (DHCP forwarder, not DHCP server)?
I'm using an R7000 with v3.0-r29300M kongav. I want to set it up so the primary wlo wi-fi signal is a guest network that doesn't have any access to the rest of the network. I will have a couple of ethernet devices connected to the R7000 that I want to keep on my main network. I've been all over the place on this but can't find a solution.
Still no success after complying with the previously referenced thread. I can connect to the network, but I get "no internet connection".
Additional information:
Main router: WRT1900ACS running dd-wrt
R7000 Router is the WAP that I'm using as the guest network. I want to use the wireless physical interface (wl0) as the guest network.
R7000 settings:
DD-WRT v3.0-r31575M kongac
Settings > Network Setup
DHCP type: DHCP server
DHCP server disabled
Wireless > Basic Settings
Unbridged
Net isolation disabled
IP address different from primary address used in main router
Subnet 255.255.255.0
Services > Services
DNSMasq enabled, the remaining options are disabled
Additional DSNMasq Options code:
interface=wl0
dhcp-option=wl0,3,192.168.1.1
dhcp-range=wl0,192.168.1.2,192.168.1.11,255.255.255.0,12h
Admin > Commands for firewall:
iptables -I FORWARD -i wl0 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
I think I got all of it, but some of the commands I didn't understand.
Posted: Thu Mar 23, 2017 10:55 Post subject: Re: Guest Network on DHCP Forwarder
JoeGeek wrote:
Does anyone know how to set up an isolated guest network for a router that is set up as a wireless access point (DHCP forwarder, not DHCP server)?
I'm using an R7000 with v3.0-r29300M kongav. I want to set it up so the primary wlo wi-fi signal is a guest network that doesn't have any access to the rest of the network. I will have a couple of ethernet devices connected to the R7000 that I want to keep on my main network. I've been all over the place on this but can't find a solution.
Thank-you for your assistance!
JoeGeek
You do not use DHCP forwarder for a WAP....All on same subnet...
You do not use DHCP forwarder for a WAP....All on same subnet...
I have another WAP that also has DHCP Forwarder selected. It's been working, but I'll switch to DHCP Server and see if it's faster. Looks like I've been doing it wrong all this time!
Thanks for the insight on guest network, I'll keep trying your suggestions and let you know how it turns out.
You do not use DHCP forwarder for a WAP....All on same subnet...
I have another WAP that also has DHCP Forwarder selected. It's been working, but I'll switch to DHCP Server and see if it's faster. Looks like I've been doing it wrong all this time!
Thanks for the insight on guest network, I'll keep trying your suggestions and let you know how it turns out.
You can set wl0 SSID disabled + unknown SSID + very strong WPA2 AES password and forget about it.
Yay, that did it! Can't have a guest network on the physical interface, it needed to be on a virtual interface.
Thank-you mrjcd
Yay glad you got it sorted.
You could separate the physical interface but is really more work and this way is just
a no-nonsense way to do it with less input from the user
