gavsiu
DD-WRT Novice
Joined: 19 Jan 2014
Posts: 24
|
 Posted: Sat Aug 13, 2016 6:24 Post subject: isolating an ap on one of 2 routers linked by ethernet |
 |
So I have 2 different routers, an R7000 and a WRT610n flashed as E3000, connected to each other through Ethernet to extend my WiFi coverage. Both are dual band, so I have 4 APs. I want to isolate an AP for public (but password protected) use.
Let's call the R7000 router 1 and the E3000 router 2.
Router 1 is connected to the internet and is the DHCP server. Router 2 has pretty much everything disabled including DHCP server. The AP that I want to isolate is on router 2. On the 2.4ghz band, I enabled AP isolation and disabled wireless GUI access.
My problem is that when I'm connected to router 2 and while I can't access the GUI for router 2, I can still access the GUI for router 1. The other problem is that it does not seem like AP isolation is working. I can still access my network drives. |
|
Alozaros
DD-WRT Guru
Joined: 16 Nov 2015
Posts: 6445
Location: UK, London, just across the river..
|
| Posted: Sat Aug 13, 2016 7:57 Post subject: |
|
if you look for how to disable wi-fi GUI access
add this lines !!!
code:
iptables -I INPUT -i <wireless-interface-name> -p tcp --dport 80 -j DROP
just replace with your ssid name
IP isolation works only over AP wi-fi for one device only
there are other possibilities to isolate AP with IPtables
commands.
accessing your device 1 from device 2 is over LAN so different command should be used
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913 |
|
nskware
DD-WRT Novice
Joined: 18 Aug 2016
Posts: 19
|
| Posted: Fri Aug 19, 2016 2:00 Post subject: |
|
AP isolation only isolates Wireless clients, So if AP has two wireless clients associated with it, they wont be able to talk to each other. AP isolation does not prevent wireless client to talk to wired clients.
To better understand you might want to read https://www.dd-wrt.com/wiki/index.php/Advanced_wireless_settings#AP_Isolation
Reason you are not able to access GUI on router # 2 is probably because of AP isolation. If you turn AP isolation off or if you connect to router via Ethernet, it should work. I have my Guest network configured so that they cannot access router's GUI  .
In order to isolate Guest network from you home network, a simpler way would be to use Virtual Wireless Interfaces (WLANs). WLANs allows you to server multiple SSID form the same router, so you wont even need second router (Provided your firmware supports it). But if you really want to use second router, then all you need are some iptable rules in first router. |
|
