Multiple SSIDs & Separate Subnets w/v24

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
iofthestorm
DD-WRT Novice


Joined: 03 Sep 2008
Posts: 10

PostPosted: Wed Sep 03, 2008 7:53    Post subject: Reply with quote
Hi, I'm also trying to get multiple SSIDs working for my DS. What is the difference between Bridged and Unbridged? Also, is there any way to restrict that SSID to only one client at a time, and mac filter only that SSID? That would be nice. I'm somewhat familiar with Linux but this is my first time using DD-WRT. Thanks for the help?
Sponsor
joksi
DD-WRT Guru


Joined: 16 Jan 2007
Posts: 1240

PostPosted: Wed Sep 03, 2008 9:01    Post subject: Reply with quote
Bridged= the virtual SSID interface gets bridged with br0, which means that all traffic on the interface will be seen by the LAN clients and vice versa.

Unbridged= The oposite, the interface ends up as an ordinary separate interface, with own subnet. Routing need to be used to reach from the interface to the LAN (br0) and vice versa.

Unbridged is best for open and public interfaces ie, or if you for sme other reason whant to segment your router network.

Yes you can restrict access to only one client at a time, just set the unbridged IP schemes subnet to 255.255.255.248 (/30) which means you will get two host adresses, one fr the router interface and ne for your client. Only one client will have access to this IP at a time.

About mac filtering, i can not verify if this works on virtual WLANs.
ddeo
DD-WRT Novice


Joined: 24 Sep 2008
Posts: 31

PostPosted: Sun Sep 28, 2008 23:09    Post subject: Please help! Reply with quote
rjmcinty wrote:

##FIX NAS
killall nas
nas -P /tmp/nas.wl0lan.pid -H 34954 -l br0 -i eth1 -A -m 4 \
-k "`nvram get wl0_wpa_psk`" -s "`nvram get wl0_ssid`" -w 2 \
-g `nvram get wl0_wpa_gtk_rekey`
nas -P /tmp/nas.wl0.1lan.pid -H 34954 -l br1 -i wl0.1 -A -m 4 \
-k "`nvram get wl0.1_wpa_psk`" -s "`nvram get wl0.1_ssid`" -w 2 \
-g `nvram get wl0.1_wpa_gtk_rekey`

!!!!!!!!!!!!!!!!
Notes:
(See http://wiki.openwrt.org/OpenWrtDocs/nas for details about the nas command)
1. As the original link has the rc_startup code, it used "-m 132", which, according to the docs linked
above, corresponds to PSK PSK2, and that didn't work for me, since I set my security to WPA in the GUI.

To be honest, I'm not sure of the relationship between WPA/PSK/etc. So, I simply set the security options in the GUI that I knew I wanted, and then either telnet'd into the router, or used the Administration -> Commands page to execute a "nvram get wl0_akm", which for WPA returns PSK in my config. So, looking at the nas docs, I saw that corresponded to "-m 4".

2. Likewise, I looked at "nvram get wl0_crypto" to get the encryption method (TKIP in my case), and
looking at the nas docs I found that was "-w 2".

Use wl0.1_akm and wl0.1_crypto for the virtual wireless interface.
!!!!!!!!!!!!!!!!


I am trying to set up my router (Linksys WRT54GL v1.1 with DD-WRT v24-sp1 (07/27/0Cool std)

I set it up exactly like in Validuser states. I can only connect to the wl0 not the wl0.1 - it says cannot connect. I don't get a IP address assigned.

First question? Do I need to Set up another DHCP Server like in the original wi-fiplanet tutorial? I tried and it still doesn't work.

I set up my security the same as in this post by rjmcinty and set it in the firewall the same way. I also SSH into the router an run the wl0_akm commands and everything looks correct. I don't think it is a problem with the security because I have set both SSIDs with the same security and can connect to the first SSID but not the wl0.1

Can anybody help??? Much appreciated. Thanks
buntu
DD-WRT Novice


Joined: 03 Oct 2008
Posts: 6

PostPosted: Fri Oct 03, 2008 5:48    Post subject: Reply with quote
it seems like you are hitting NAS bug that is in v24 SP1. Where it works fine in other models, it may not work in yours.
I followed this http://blog.dotkam.com/2008/10/02/configure-multiple-ssids-with-one-router/ directions, and I have two wireless independent VLANs working fine.

The only gotcha is that they both use WEP, but I hope v24 SP2 will solve it Smile
ddeo
DD-WRT Novice


Joined: 24 Sep 2008
Posts: 31

PostPosted: Fri Oct 03, 2008 13:47    Post subject: Reply with quote
Thanks for your reply. i have tried this set up with many different versions including 24 final, vint, newd, etc. I have not tried it with WEP though. What version of dd-wrt are you using?

What model router do you have?

Thanks, Ddeo
buntu
DD-WRT Novice


Joined: 03 Oct 2008
Posts: 6

PostPosted: Fri Oct 03, 2008 18:24    Post subject: Reply with quote
I got the above tutorial working for several (about 5-6) routers with DD-WRT v24 SP1.

The ones I can remember from the top of my head are:

Linksys

WRT54G v5.0
WRT54GS (hm... probably 1.1)

Buffalo

WHR-G54S

There were more linksys and one d-link, but I do not remember versions.

Hope it helps,
buntu
ddeo
DD-WRT Novice


Joined: 24 Sep 2008
Posts: 31

PostPosted: Fri Oct 03, 2008 19:32    Post subject: Reply with quote
Thanks Buntu, I will try this one tonight.

Do you have both SSIDs broadcasting?

Also, any chance you are connecting to DSL over PPPoE?

Thanks again, Ddeo
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Sat Oct 04, 2008 21:37    Post subject: Reply with quote
buntu wrote:
I got the above tutorial working for several (about 5-6) routers with DD-WRT v24 SP1.

The ones I can remember from the top of my head are:

Linksys

WRT54G v5.0
WRT54GS (hm... probably 1.1)

Buffalo

WHR-G54S

There were more linksys and one d-link, but I do not remember versions.

Hope it helps,
buntu


Are you using VINT or NEWD? Does this latest tutorial work in NEWD or only VINT?
buntu
DD-WRT Novice


Joined: 03 Oct 2008
Posts: 6

PostPosted: Sat Oct 04, 2008 23:02    Post subject: Reply with quote
Hey JN,

The routers I dealt with so far to configure multiple SSIDs had NEWD installed.

buntu

P.S. Update...

After checking my client notes, I saw that I had to use a VINT firmware for WRT54GL v1.1, which worked nicely with multiple SSIDs. NEWD did not work for this router..

Talking about v24 SP1 only..


Last edited by buntu on Mon Oct 06, 2008 5:40; edited 2 times in total
buntu
DD-WRT Novice


Joined: 03 Oct 2008
Posts: 6

PostPosted: Sat Oct 04, 2008 23:11    Post subject: Reply with quote
@ddeo,

Yes, both SSIDs are broadcasting

Not connecting to DSL over PPPoE :)

buntu
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Thu Oct 09, 2008 2:09    Post subject: Reply with quote
buntu wrote:
Hey JN,

The routers I dealt with so far to configure multiple SSIDs had NEWD installed.

buntu

P.S. Update...

After checking my client notes, I saw that I had to use a VINT firmware for WRT54GL v1.1, which worked nicely with multiple SSIDs. NEWD did not work for this router..

Talking about v24 SP1 only..
So, then, would it be correct you used NEWD on the Buffalo? And are you able to visit walmart.com and see the page display right, when connected to the virtual SSID?
buntu
DD-WRT Novice


Joined: 03 Oct 2008
Posts: 6

PostPosted: Thu Oct 09, 2008 3:58    Post subject: Reply with quote
JN,

Yes, virtual SSID gets:

    IP assigned,
    can see router
    AND the Word Wide Web


with NEWD on Buffalo (I belive it was WHR-G54S, but can't be sure)

Hope it helps,
buntu
ddeo
DD-WRT Novice


Joined: 24 Sep 2008
Posts: 31

PostPosted: Fri Oct 10, 2008 3:49    Post subject: Re: Help with virtual WAPs in v24-SP1! Reply with quote
rjmcinty wrote:
I'm having a heck of a time getting this to work:

Using WRT54GL v1.1, running v24-SP1 Std.

I want to have 2 wireless networks, the default (wl0), which is connected to the wired switch, and wl0.1 which is isolated from everything else.


Hi Robert, I see that you were able to get your WRT54GL v1.1 working with multiple ssids using validcustomer's config. Can you clarify what exact build of dd-wrt you are using? Is it VINT or NEWD?? I have the same router and I have not been able to get this to work with the same config. Thanks, Ddeo
colinnwn
DD-WRT User


Joined: 22 Feb 2008
Posts: 114
Location: Dallas, TX

PostPosted: Wed Feb 04, 2009 5:14    Post subject: You can use QOS Reply with quote
S4F4M wrote:

QUESTION:
Does anyone know if there are COMMANDS to throttle the bandwidth for the virtual SSID?

I don't know about the method you suggest. But I turned on QOS. I have wl0.1 issuing ip range 192.168.2.1-254. So I gave 192.168.2.0/24 the bulk QOS class. That way anyone on wl0.1 gets the dregs of my bandwidth.

_________________
The Fleet
WRT-54GL v1.1 DD-WRT v24 sp1 serving multi SSID WLAN, WRT-54G v6 DD-WRT v24 sp1 Micro wireless bridged
WRT-54G v5 DD-WRT v24 sp1 Micro, WRT-54G v6 DD-WRT v24 sp1 Micro
orangeboy
DD-WRT Novice


Joined: 11 Feb 2009
Posts: 12

PostPosted: Wed Feb 11, 2009 3:22    Post subject: Reply with quote
It seems I've not had the problems some of the people here have had. I have successfully configured 3 SSIDs on a WRT54G v6 using DD-WRT v24 (05/24/08.) micro (SVN revision 9526)

wl0 is setup using 192.168.0.2 (Bridged & WPA)
wl0.1 is setup using 192.168.1.2 (Unbridged & open/guest)
wl0.2 is setup using 192.168.2.2 (Unbridged & WEP)

DNSMasq statements (some I found after reading this thread are not needed, but I won't change it):
Code:
interface=wl0.1
dhcp-option=wl0.1,3,192.168.1.2
dhcp-option=wl0.1,6,192.168.0.2
dhcp-range=wl0.1,192.168.1.200,192.168.1.249,255.255.255.0,1440m
interface=wl0.2
dhcp-option=wl0.2,3,192.168.2.2
dhcp-option=wl0.2,6,192.168.0.2
dhcp-range=wl0.2,192.168.2.200,192.168.2.249,255.255.255.0,1440m


Firewall rules are:
Code:
iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept
iptables -I INPUT -i wl0.2 -m state --state NEW -j logaccept
iptables -I FORWARD -i wl0.1 -o br0 -j logdrop
iptables -I FORWARD -i wl0.2 -o br0 -j logdrop
iptables -I FORWARD -i br0 -o wl0.1 -j logdrop
iptables -I FORWARD -i br0 -o wl0.2 -j logdrop
iptables -I FORWARD -i wl0.1 -o wl0.2 -j logdrop
iptables -I FORWARD -i wl0.2 -o wl0.1 -j logdrop


My question is: how do I access a device in wl0.2 from br0? I have a Tivo that I'd like to be able to communicate with from my PC using the Tivo Desktop application. I've tried using the following (or variants) as the first rules in the firewall:
Code:
iptables -I FORWARD -d 192.168.2.105 -i wl0.2 -j ACCEPT #Network to Tivo
iptables -I FORWARD -s 192.168.2.105 -i br0 -j ACCEPT #Tivo to Network


I obviously am not familiar with iptables syntax or logic yet, and would like some guidance please! Hopefully this is an easy question that just hasn't been asked before (or it has been, and I just hadn't found the answer).

Thanks!!!
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 7 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum