[jbruneau]

Hello All,

I just picked up a new Wifi Router to be used for office use (Tablets) and public Wifi upstairs for vendors/cell phones.

I have been trying to wrap my head around this for a little bit now, aside from VLANs and pushing traffic around that way (seeing as the router doesn't want to do what I want it to -- with the morning dedicated to Googling).

Specs:
Netgear K7000
8GB USB3 for opt/swap/jffs (if needed -- eventually catsplash for guest -- will run zabbix likely as well)
Kong build 24500M (07-Jul-2014)

Details:
It is connected via the LAN1 port to the corporate network
Router is setup with static IP on LAN
DHCP Forwarding is enabled to our DHCP server
DNS is handled by DC/GC in Domain
2.4 & 5Ghz WIFI are setup with office SSIDs
2.4Ghz WIFI has sub-int of 0.1 with guest SSID
5.0Ghz WIFI has sub-int of 1.1 with guest SSID

LAN and Office WIFI works in the above configuration.

Guest WIFI does not work. I have assigned IPs in a completely different IP class (172.18 office & 192.168 guest), setup guest wifi unbridged with NAT, and setup DHCPd with DHCP scopes for the new IP range.

I have played with the Guest WIFI with LAN Isolation off and on. AP Isolation is off.

The trick is that I can simply setup the Guest wifi with a DNS of 8.8.8.8/4.4.4.4 (Open Google Servers) to keep people "out" *using that term very loosely* of the network. No one here knows how to access the servers by IP, it's all handled by DNS, network scripts, logon scripts, mapped drives, etc etc.

Using dnsmasq I can push dhcp scopes, dns servers, gateway, etc to the Guest Wifi (with the Office Wifi & lan ports still working fine) but I cannot get traffic to flow from wl0.1 or wl1.1 to br0 to get out. I have played with iptables to allow traffic, tried playing with advanced routes, etc (source for dnsmasq here: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=637576).

I'm now trying to setup the router more as a 'router' as opposed to 'ap'.

New Test:
It is connected via the WAN port to the corporate network
Router is setup with static IP on WAN (172.1 & LAN (192.168)
DHCP Server is enabled on LAN
DNS is handled by router
2.4 & 5Ghz WIFI are setup with guest SSIDs
2.4Ghz WIFI has sub-int of 0.1 with office SSID
5.0Ghz WIFI has sub-int of 1.1 with office SSID

Seeing as no one will be physically plugged into the router -- it's going to be in the ceiling, I figured it can't hurt. Hoping that I can go no-nat and bridge it to the wan port.

I followed this article to setup Guest WIFI: http://tips.desipro.de/2013/12/06/guest-wifi-setup-dd-wrt/.


UPDATE:
All guest services are working great, but when I connect to the Office SSIDs, I don't get an IP. I have LAN/AP Isolation disabled here. The office WLAN-SUBIF have IPs in the WAN range, all looks good in the routing, and the network routes/map look good. I need to setup DHCP-forwarding in dnsmasq.

Nice little guide here, but doesn't quite work in my case: https://www.dd-wrt.com/phpBB2/viewtopic.php?t=170555&postdays=0&postorder=asc&start=15

[jbruneau]

I'm not going to be able to get DHCP Relay/Forwarding working from the wl0.1 / wl1.1 subinterfaces to the WAN.

I think I have a better chance of using the first attempted config.

I'm going back to LAN interface setup with the static IP on the 172.18 network. The 2.4 and 5Ghz WIFI will then be setup with the office SSIDs, and the WIFI sub-interaces will be the guest SSIDs again.

At least this way, I got DHCP Forwarding on the LAN/WIFI side, and DHCP Server on the WIFI-SUBIF side. I get an IP all around. Traffic only flows properly on the non-guest network.

Then I just need to get HTTP/DNS traffic forwarding from the wl0.1/wl1.1 through br0 (or make br1 and assign the sub-ifs to it... not sure yet).

[jbruneau]

Allright, so, I got lucky scrounging the forums for more answers.

I got it figured out.

This one helped me (I guess I'm not supposed to need a bunch of these rules, but it's working): https://www.dd-wrt.com/phpBB2/viewtopic.php?p=780237#780237

Working Config:
LAN1: Static IP in 172.18 corp network
WL0: Office SSID on 2.4Ghz (Scanners)
WL1: Office SSID on 5Ghz (Surface Tablets)
WL0.1: Guest SSID on 2.4Ghz (Mostly Phones)
WL1.1: Guest SSID on 5Ghz (Mostly Notebooks)

LAN/WL0/WL1: All use DHCP Forwarding to corporate DHCP/DNS

BR1 (Created): Assigned IP of 192.168.1.1, assigned WL0.1 / WL1.1 to it.

DNSMASQ: