Enable Multiple DHCP server for guest network?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
timg11
DD-WRT User


Joined: 22 Aug 2012
Posts: 62

PostPosted: Mon May 25, 2015 1:37    Post subject: Enable Multiple DHCP server for guest network? Reply with quote
I have set up a guest network using this guide

The guest network SSID is visible and allows associations, but DHCP times out.

On the main LAN, the DD-WRT built-in DHCP server is disabled. However "Use DNSMasq for DHCP" is selected.

I use a different machine on the main LAN as the DHCP server.

It there any way to cause the Multiple DHCP Server on Interface wl0.1 to function if the primary DHCP server is disabled?

_________________
Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
Sponsor
kratosvn
DD-WRT Novice


Joined: 24 May 2015
Posts: 42

PostPosted: Mon May 25, 2015 1:45    Post subject: Re: Enable Multiple DHCP server for guest network? Reply with quote
timg11 wrote:
I have set up a guest network using this guide

The guest network SSID is visible and allows associations, but DHCP times out.

On the main LAN, the DD-WRT built-in DHCP server is disabled. However "Use DNSMasq for DHCP" is selected.

I use a different machine on the main LAN as the DHCP server.

It there any way to cause the Multiple DHCP Server on Interface wl0.1 to function if the primary DHCP server is disabled?


Looks like you forgot to enable DHCP range for wl0.1
going to basic>network go to them bottom of the page choose DHCP for wl0.1 and ip range for it start > max ... and save> apply.
you should get ip through wl0.1 now....
timg11
DD-WRT User


Joined: 22 Aug 2012
Posts: 62

PostPosted: Mon May 25, 2015 1:56    Post subject: Reply with quote
I did enable the Multiple DHCP Server and set a range on the "Setup > Networking" tab.



On the "Basic Setup" page, that DHCP server must be disabled because I have a different DHCP server (external to DD-WRT) on the main LAN.

I want the guest LAN to be isolated, so I want it unbridged.
The guest SSID works fine if I bridge it to the main LAN.

When I disable bridging, and enable Multiple DHCP Server on the "Setup > Networking" tab, I don't get DHCP on the guest SSID.

I am suspecting that the Multiple DHCP server is also disabled with the main DHCP server, but I'm not sure how to work around that.

_________________
Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
slidermike
DD-WRT Guru


Joined: 11 Nov 2013
Posts: 1487
Location: USA

PostPosted: Mon May 25, 2015 4:54    Post subject: Reply with quote
tim,
I think you are correct about your assumption that the routers dhcp service is off thus your not getting it on the guest vap; which you have unbridged.

Unbridging applies a filter in the firewall chain that stops the packets from the vap going to the main vlan.

dhcp is a broadcast type event and if your dhcp server is off the vlan then the dhcp server is not getting the requests.
Broadcast is not normally routed; its a layer 2 feature.

In Cisco equipment you can add a helper statement to a vlan which directs the dhcp request to the configured off vlan ip address.

I am not versed enough in the Linux to know if or how to work around the issue.

Maybe someone knows and you will get a solid answer.

_________________
Router currently owned:
Netgear R7800 - Router
Netgear R7000 - AP mode

R7000 specific Tips/Tricks.
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=264152
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Mon May 25, 2015 7:07    Post subject: Reply with quote
If dnsmasq is running for DNS then you can simply add a few lines to the additional dnsmasq options to tell it to serve up dhcp on wl0.1

Ex

dhcp-range=wl0.1,192.168.10.100,192.168.10.149,255.255.255.0,60m
dhcp-option=wl0.1,3,192.168.10.1
dhcp-option=wl0.1,6,192.168.10.1

Option 3 is router address
Option 6 is DNS server

And make sure dnsmasq is listening on wl0.1 by checking the config file found at /tmp/dnsmasq.conf

interface=br0,wl0.1

You may also have to add a leases file with

dhcp-leasefile=/tmp/dnsmasq.leases

If that doesn't work check to make sure dnsmasq is running by running ps from CLI.

if it's running but not giving addresses out please post the config file

If it's not running at all you can start it from admin-> startup commands after writing a custom config

@mike dnsmasq can also act as a dhcp replay but that would not really be productive in this case as you want a different ip range
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Mon May 25, 2015 15:30    Post subject: Reply with quote
Setup->Basic Setup->Network Setup->Network Address Server Settings (DHCP)->DHCP Type=DHCP forwarder
timg11
DD-WRT User


Joined: 22 Aug 2012
Posts: 62

PostPosted: Mon May 25, 2015 18:28    Post subject: Reply with quote
JAMESMTL wrote:

And make sure dnsmasq is listening on wl0.1 by checking the config file found at /tmp/dnsmasq.conf

interface=br0,wl0.1


No - dnsmasq.conf looks like this:
Code:
root@***:/tmp# cat dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
all-servers
domain=*******.com
stop-dns-rebind


I'll have to figure out how to edit that file using the CLI and PuTTY. Stand by....

_________________
Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M


Last edited by timg11 on Mon May 25, 2015 18:43; edited 1 time in total
timg11
DD-WRT User


Joined: 22 Aug 2012
Posts: 62

PostPosted: Mon May 25, 2015 18:35    Post subject: Reply with quote
Per Yngve Berg wrote:
Setup->Basic Setup->Network Setup->Network Address Server Settings (DHCP)->DHCP Type=DHCP forwarder


I don't understand how this would work. This is the DHCP setting I have currently disabled for the primary LAN.
Another DHCP server handles the primary LAN.

Are you suggesting changing the currently disabled DHCP server to a forwarder, and setting up a new scope on the primary DHCP server for the guest network? My objective is to isolate the guest network, so it won't see the primary DHCP server.

_________________
Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Mon May 25, 2015 18:59    Post subject: Reply with quote
@timg11

Don't bother exiting the conf file manually in that way as the tmp dir is destroyed on every reboot and ddwrt will recreate the file. Any commands you add to services->Additional dnsmasq options will be appended to the conf file whenever did-wrt recreates the file.

So add the commands above and they will appear in the conf file afterwards. If they are not there immediately after adding them reboot then recheck conf file
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Mon May 25, 2015 19:55    Post subject: Reply with quote
Yes, change type to DHCP Forwarder and enter the ip address of the DHCP Server that will hand out the addresses. The DHCP Server needs a scope for each Sub-net.
timg11
DD-WRT User


Joined: 22 Aug 2012
Posts: 62

PostPosted: Thu May 28, 2015 2:50    Post subject: Reply with quote
@JAMESMTL, thanks for the help. I got it working.

I added these lines to the Services > Services > DNSMasq > Additional DNSMasq Options text box.

Code:
dhcp-range=wl0.1,192.168.10.100,192.168.10.149,255.255.255.0,60m
dhcp-option=wl0.1,3,192.168.10.1
dhcp-option=wl0.1,6,192.168.10.1
interface=br0,wl0.1


I saved, Applied, and rebooted the router.
Then I set Virtual Interface wl0.1 back to unbridged. The IP address was already set to proper network 192.168.10.1
Then I saved and Applied again, and when it came back up the guest SSID was on the new network.

Next I'll have to verify that it is truly isolated, but I expect it is.

_________________
Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
estario
DD-WRT Novice


Joined: 06 Sep 2006
Posts: 24

PostPosted: Sat Aug 22, 2015 19:43    Post subject: Reply with quote
Hello,
I am in a similar situation with a small difference. I have an internal network with a Mikrotik router providing the DHCP addresses. The Mikrotik router has its own Internet connection I have a TP-Link WR740N set as a HotSpot Router. It has a separate Internet connection from another provider, so that the main connection doesn't get overloaded.
I want to use the 4 LAN ports of the DD-WRT router for the needs of the internal network and preserve the WLAN as a separate HotSpot Using the designated Internet connection.
I did the following.
1. I created a new VLAN for the Hotspot. I want to have a password protected WLAN Network for internal access.
2. Then I unbridged the WLAN from the Wireless Settings Page. The Ip range of the new network is 192.168.4.x
2. I set Multiple DHCP Server for the VLAN
3. I set the DHCP Settings on the main Setup page to DHCP Forwarder and pointed it to the main router 192.168.5.1
4. I tried entering the DNSMasq options:
dhcp-range=ath0.1,192.168.4.100,192.168.4.149,255.255.255.0,60m
dhcp-option=ath0.1,3,192.168.4.1
dhcp-option=ath0.1,6,192.168.4.1
interface=br0,ath0.1
Now I can connect to the Internal WLAN and access the internet and all resources without a problem. The LAN ports work perfectly.
When I connect to the HotSpot WLAN I get an IP, the internal IPs are unreachable, but there is no Internet access. What can I do?

EDIT: I found this really nice guide. I will try it out tommorow. How do I tweak it so that it fits my situation?



networksetup.jpg
 Description:
 Filesize:  32.66 KB
 Viewed:  44268 Time(s)

networksetup.jpg


JAMESMTL
DD-WRT Guru


Joined: 13 Mar 2014
Posts: 856
Location: Montreal, QC

PostPosted: Sat Aug 22, 2015 20:53    Post subject: Reply with quote
My initial thought would be to reverse the setup

Physical target setup:
Wan port connected to public wan modem
LAN port 1 connected to private LAN switch
LAN ports 2-4 to private LAN devices

Start with laptop connected to LAN port 2 and wan connected to public modem

1. Setup ddwrt router for public wan
2. Create VAP wifi bridged to br0
3. create br1 assigning interface ip on private LAN subnet
4. Move VAP wifi to br1
5. Assign LAN ports 1,3,4 to vlan 3
6. Move vlan3 to br1
7. Connect LAN 1 to switch
8. Connect laptop to LAN 3

At this point laptop should be able to get ip and connect to Internet via private router when connected to LAN 3,4 + VAP. You should also be able to access ddwrt GUI using the ip assigned to router in step 3.

9. Assign LAN 2 to vlan3
10. Add firewall rules to INPUT chain to allow dhcp & DNS from br0. Drop all other connections from br0
11. Add firewall rules to FOWARD chain drop all from br0 to br1 and all from br1 to br0.
You should be able to use wildcard FORWARD -i br+ -o br+ -j DROP
estario
DD-WRT Novice


Joined: 06 Sep 2006
Posts: 24

PostPosted: Sun Aug 23, 2015 6:01    Post subject: Reply with quote
Quote:
10. Add firewall rules to INPUT chain to allow dhcp & DNS from br0. Drop all other connections from br0
11. Add firewall rules to FORWARD chain drop all from br0 to br1 and all from br1 to br0.

Thank you very much for the explanation. I think I got it.I will try this out.
Can you write the rules and I will modify them according to my needs. Where do I need to add these rules?
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sun Aug 23, 2015 15:44    Post subject: Reply with quote
You put them in the Commands Tab and then click Save as Firewall.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum