Posted: Tue Oct 30, 2007 3:06 Post subject: Multiple SSIDs & Separate Subnets w/v24
I was having some issues getting multiple SSIDs with DHCP working but finally figured out a solution so I figured I would share my configuration with anyone who is interested. There have been other threads started explaining how to set this up by creating a separate bridge but they seemed to be geared toward v23 and the bridge interface (brctl) didn't work as I had expected.
1) I setup the physical interface (wl0) as a bridged network with WPA2/AES secured network.
2) Add the new Virtual Interface under Wireless -> Basic Settings
- Set Network Configuration to Unbridged and specify whatever subnet you want
- I enabled AP Isolation to prevent clients on this network from talking to eachother
- Setup whatever security you want; I have it setup as an open network so my friends/family can connect up for casual browsing with no issues.
3) Go to Services -> Services and enter the following in the Additional DNSMasq Options box:
One thing I noticed is that my Linux wireless configuration tool seems to get confused when there are multiple SSIDs using the same BSSID while Windows shows both SSIDs with no problems. This can be fixed by turning off SSID broadcast..
Does anyone know if there is a way to change the BSSID on the virtual wireless interfaces?
This looks much simpler to do than other 'guides' I have seen. Thanks for sharing! I am going to try this when I get home.
Question: What allows computers on different subnets to communicate with each other by default? Your commands prevent them from talking, but I would think since they are on different subnets that they couldn't communicate by default and you would have to use commands to allow them to talk.
This didn't work for me. I am using RC-2 however, maybe RC-4 would be better. I could connect to the new virtual AP but I could never get assigned an IP address.
Make sure you have "Use DNSMasq for DNS" checked under Setup -> Basic Setup
Also, make sure "DNSMasq" is set to enable under Services -> Services and that you pasted the DHCP configuration into "Additional DNSMasq Options" and not "Additional DHCPd Options"
Windows workgroups are limited to the specific subnet by default, however, I believe since there are no iptables rules forbidding it, computers may talk to each other on protocols other than samba/wins unless it is explicitly denied. (Without the rules, I was able to ping a computer on the 192.168.1.1 subnet from the 192.168.2.1 subnet.)
Make sure you have "Use DNSMasq for DNS" checked under Setup -> Basic Setup
Also, make sure "DNSMasq" is set to enable under Services -> Services and that you pasted the DHCP configuration into "Additional DNSMasq Options" and not "Additional DHCPd Options"
You hit the nail on the head! I had the options in the wrong box. It's working now, but the only encryption I can use is WEP, but that may be related to RC-2.
See if you can figure this out. I tried to use this setup on a second router in 'Repeater' mode. The virtual AP connection works but I can't reach the main router or the internet. The repeater receives a WAN IP from the main router so I know the repeater function is working.
Main AP local ip address: 192.168.1.1
Repeater local ip: 192.168.1.2 (I can also reach it with 192.168.2.1 with your setup)
When I try to ping the main ip I get 'Destination Host Unreachable'
Thoughts?
Last edited by Bird333 on Wed Jan 02, 2008 15:31; edited 1 time in total
Posted: Thu Nov 01, 2007 18:50 Post subject: Using 192.168.1.1 as DNS
Thanks for this ApoXX. Your guide hit the sweet spot for me - I know little WRT scripting but feel comfortable with networking - and it's gotten me much futher than I had before over the last several months. Do a search on Dual (or Multiple) SSID for additional background. I don't think there are any solutions for two MAC addresses, though it has been asked before.
Here are my questions to you, and the general community:
Why should I need steps 3) and 4) if I've already pretty much set them up in Virtual Interface under Wireless -> Basic Settings? It seems redundant.
Using 192.168.1.1 for DNS to the virtual LAN seems to circumvent Access Point Isolation. Are there any other ways to set this up? Plus your guests will still have access to your router config page either through http://192.168.1.1 or http://192.168.2.1
Access Restrictions seems to only work for wl0.0 - any way we could add the virtual wl0.1 network??
That's it for right now. I have loads of other questions. _________________ WRT54GL v1.1 - DD-WRT v24-sp2 (04/07/12) vpn-small (SVN revision 18946M NEWD Eko)
WZR-HP-AG300H - DD-WRT v3.0-r30082 std (07/01/16)
Last edited by onix on Thu Nov 01, 2007 19:28; edited 1 time in total
Posted: Thu Nov 01, 2007 19:15 Post subject: Re: Using 192.168.1.1 as DNS
onix wrote:
Here are my questions to you, and the general community:
Why should I need steps 3) and 4) if I've already pretty much set them up in Virtual Interface under Wireless -> Basic Settings? It seems redudant.
It seems to me that all that setting up an unbridged virtual interface does is give your router another IP address. It doesn't set up DHCP configuration to handout IP's on the new network or point to the DNS server. That's why you have to add the addition config options. Maybe in future release this will be done automatically.
See if you can figure this out. I tried to use this setup on a second router is 'Repeater' mode. The virtual AP connection works but I can't reach the main router or the internet. The repeater receives a WAN IP from the main router so I know the repeater function is working.
Main AP local ip address: 192.168.1.1
Repeater local ip: 192.168.1.2 (I can also reach it with 192.168.2.1 with your setup)
When I try to ping the main ip I get 'Destination Host Unreachable'
Thoughts?
Well I figured this out. This is all done on the repeater. You have to remove the 'route' entry that is on the 'br0' interface with this command
Code:
route del -net 192.168.1.0 netmask 255.255.255.0 dev br0
Then remove the default gateway route that is on 'br0' with this
Code:
route del default gw 192.168.1.1 dev br0
Then add the default gateway on interface 'eth2' (WAN) with this
Posted: Wed Nov 07, 2007 1:46 Post subject: Questions
Started messing with the configuration today. I have a cisco 871w currently configured with 2 wireless lan's (1 into my house lan, the 2nd one a guest network but still wpa protected). Trying to learn ios and now trying to configure the firewall, well I'm about ready to give up on the cisco 871w, so I grabbed my dd-wrt v24 beta (06/20/07) because I was told that I could setup a guest wlan and isolate it from my internal wlan/wired subnet. Like everyone else, I soon found out that I could create 2 wlans just fine by creating 10.1 as well. And like everyone else, I found out that users on that 10.1 could gain access to everything on my wired and primary wlan interfaces. Anyways, Im rambling. I followed the instructions here, and thought I had a grasp on it. This write up was done with a diffrent release, does it work with v24? Also unfortunately I have more than 1 issue. The first issue is with the virt wlan interface. When I change it to unbridged, I cant authenticate to the network. I was using WPA Personal, and when I check the bridged, my networks join just fine (getting the wrong dhcp assigment and no ip tables rule enforcement though). The second that I click the unbridged mode, the network drops (it should) but then when trying to re-join I cant authenticate at all. The user in this thread provided the 10.1 network with no authentication, has it been discovered that this method cant utilize authentication on the unbridged network? I'll start with that question.
O, BTW:
My device is a buffalo whr-hp-g54 with v24 beta on it.
Thanks
Joined: 04 Oct 2007 Posts: 1258 Location: Ohio USA
Posted: Wed Nov 07, 2007 1:51 Post subject:
v24 beta is older than the v24 RC4. Alot has changed since v24 beta. I would suggest trying this setup with v24 RC4. _________________ (05/02/17) std - 31924
Linksys WRT400N
Buffalo WHR-G300N
Posted: Wed Nov 07, 2007 16:23 Post subject: Time to goto different forum
Flashed hp-54g to rc4 and now when configured for static it wont pass traffic. Leave it as DHCP and it works fine, static and nothing, even hard cox arp my business modem. Hmmm.. Thanks though...