The guest network SSID is visible and allows associations, but DHCP times out.
On the main LAN, the DD-WRT built-in DHCP server is disabled. However "Use DNSMasq for DHCP" is selected.
I use a different machine on the main LAN as the DHCP server.
It there any way to cause the Multiple DHCP Server on Interface wl0.1 to function if the primary DHCP server is disabled? _________________ Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
The guest network SSID is visible and allows associations, but DHCP times out.
On the main LAN, the DD-WRT built-in DHCP server is disabled. However "Use DNSMasq for DHCP" is selected.
I use a different machine on the main LAN as the DHCP server.
It there any way to cause the Multiple DHCP Server on Interface wl0.1 to function if the primary DHCP server is disabled?
Looks like you forgot to enable DHCP range for wl0.1
going to basic>network go to them bottom of the page choose DHCP for wl0.1 and ip range for it start > max ... and save> apply.
you should get ip through wl0.1 now....
I did enable the Multiple DHCP Server and set a range on the "Setup > Networking" tab.
On the "Basic Setup" page, that DHCP server must be disabled because I have a different DHCP server (external to DD-WRT) on the main LAN.
I want the guest LAN to be isolated, so I want it unbridged.
The guest SSID works fine if I bridge it to the main LAN.
When I disable bridging, and enable Multiple DHCP Server on the "Setup > Networking" tab, I don't get DHCP on the guest SSID.
I am suspecting that the Multiple DHCP server is also disabled with the main DHCP server, but I'm not sure how to work around that. _________________ Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
tim,
I think you are correct about your assumption that the routers dhcp service is off thus your not getting it on the guest vap; which you have unbridged.
Unbridging applies a filter in the firewall chain that stops the packets from the vap going to the main vlan.
dhcp is a broadcast type event and if your dhcp server is off the vlan then the dhcp server is not getting the requests.
Broadcast is not normally routed; its a layer 2 feature.
In Cisco equipment you can add a helper statement to a vlan which directs the dhcp request to the configured off vlan ip address.
I am not versed enough in the Linux to know if or how to work around the issue.
Maybe someone knows and you will get a solid answer. _________________ Router currently owned:
Netgear R7800 - Router
Netgear R7000 - AP mode
I'll have to figure out how to edit that file using the CLI and PuTTY. Stand by.... _________________ Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
Last edited by timg11 on Mon May 25, 2015 18:43; edited 1 time in total
Setup->Basic Setup->Network Setup->Network Address Server Settings (DHCP)->DHCP Type=DHCP forwarder
I don't understand how this would work. This is the DHCP setting I have currently disabled for the primary LAN.
Another DHCP server handles the primary LAN.
Are you suggesting changing the currently disabled DHCP server to a forwarder, and setting up a new scope on the primary DHCP server for the guest network? My objective is to isolate the guest network, so it won't see the primary DHCP server. _________________ Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Mon May 25, 2015 18:59 Post subject:
@timg11
Don't bother exiting the conf file manually in that way as the tmp dir is destroyed on every reboot and ddwrt will recreate the file. Any commands you add to services->Additional dnsmasq options will be appended to the conf file whenever did-wrt recreates the file.
So add the commands above and they will appear in the conf file afterwards. If they are not there immediately after adding them reboot then recheck conf file
Joined: 13 Aug 2013 Posts: 6858 Location: Romerike, Norway
Posted: Mon May 25, 2015 19:55 Post subject:
Yes, change type to DHCP Forwarder and enter the ip address of the DHCP Server that will hand out the addresses. The DHCP Server needs a scope for each Sub-net.
I saved, Applied, and rebooted the router.
Then I set Virtual Interface wl0.1 back to unbridged. The IP address was already set to proper network 192.168.10.1
Then I saved and Applied again, and when it came back up the guest SSID was on the new network.
Next I'll have to verify that it is truly isolated, but I expect it is. _________________ Netgear R7000
dd-wrt.v24-K3_AC_ARM_STD_OLDD
Build 24345M
Hello,
I am in a similar situation with a small difference. I have an internal network with a Mikrotik router providing the DHCP addresses. The Mikrotik router has its own Internet connection I have a TP-Link WR740N set as a HotSpot Router. It has a separate Internet connection from another provider, so that the main connection doesn't get overloaded.
I want to use the 4 LAN ports of the DD-WRT router for the needs of the internal network and preserve the WLAN as a separate HotSpot Using the designated Internet connection.
I did the following.
1. I created a new VLAN for the Hotspot. I want to have a password protected WLAN Network for internal access.
2. Then I unbridged the WLAN from the Wireless Settings Page. The Ip range of the new network is 192.168.4.x
2. I set Multiple DHCP Server for the VLAN
3. I set the DHCP Settings on the main Setup page to DHCP Forwarder and pointed it to the main router 192.168.5.1
4. I tried entering the DNSMasq options:
dhcp-range=ath0.1,192.168.4.100,192.168.4.149,255.255.255.0,60m
dhcp-option=ath0.1,3,192.168.4.1
dhcp-option=ath0.1,6,192.168.4.1
interface=br0,ath0.1
Now I can connect to the Internal WLAN and access the internet and all resources without a problem. The LAN ports work perfectly.
When I connect to the HotSpot WLAN I get an IP, the internal IPs are unreachable, but there is no Internet access. What can I do?
EDIT: I found this really nice guide. I will try it out tommorow. How do I tweak it so that it fits my situation?
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Sat Aug 22, 2015 20:53 Post subject:
My initial thought would be to reverse the setup
Physical target setup:
Wan port connected to public wan modem
LAN port 1 connected to private LAN switch
LAN ports 2-4 to private LAN devices
Start with laptop connected to LAN port 2 and wan connected to public modem
1. Setup ddwrt router for public wan
2. Create VAP wifi bridged to br0
3. create br1 assigning interface ip on private LAN subnet
4. Move VAP wifi to br1
5. Assign LAN ports 1,3,4 to vlan 3
6. Move vlan3 to br1
7. Connect LAN 1 to switch
8. Connect laptop to LAN 3
At this point laptop should be able to get ip and connect to Internet via private router when connected to LAN 3,4 + VAP. You should also be able to access ddwrt GUI using the ip assigned to router in step 3.
9. Assign LAN 2 to vlan3
10. Add firewall rules to INPUT chain to allow dhcp & DNS from br0. Drop all other connections from br0
11. Add firewall rules to FOWARD chain drop all from br0 to br1 and all from br1 to br0.
You should be able to use wildcard FORWARD -i br+ -o br+ -j DROP
10. Add firewall rules to INPUT chain to allow dhcp & DNS from br0. Drop all other connections from br0
11. Add firewall rules to FORWARD chain drop all from br0 to br1 and all from br1 to br0.
Thank you very much for the explanation. I think I got it.I will try this out.
Can you write the rules and I will modify them according to my needs. Where do I need to add these rules?