Posted: Sun Nov 22, 2015 1:46 Post subject: Multiple WLANs - Help getting it setup
I've made several attempts at this and cannot seem to get this working. Using the guide below, I was able to get my main router at 192.168.1.1 to create a seperate VLAN bridged to WAN with DHCP on 192.168.2.XXX. My issue is that my house is long and narrow so I have one router in the front and the same router acting as an AP in the back. How do I bridge the same Virtual SSID to the WAN with DHCP on 192.168.2.XXX from the router in the front of the house?
I do not have a separate "trunk" cable between the two devices, just a gigabit cable that connects the LAN. The ideal scenario is the .1.1 device can be the main device with Routing, DHCP for both .1.X and .2.X (and later .3.X for the garage AP) while the AP's just provide the connection to that segregated network.
BTW, the VLAN # & VID is the same on both devices. When I try to connect to the SSID on the second device (AP), it authenticates but is unable to get an IP assigned. I'm guessing this is because it's not seeing the DHCP on the router through the VLAN.
Why do these guest networks need to be bridged at all? If these guests don’t need to communicate w/ each other across the VAPs, and they only have access to the internet, who cares? For the second and subsequent VAPs, you just route the guest network over the private network, add some firewall rules to prevent those guests from access resources on the private network, and you’re done.
That’s not to say you couldn’t make a case for bridging. For example, if you wanted all the guests to participate in some service offered by the primary router (captive portal, VPN, etc.). But short of that, it seems pointless.
If you still want to bridge them, and both routers are running dd-wrt, consider EoIP tunneling. Simple and elegant.
You could even use OpenVPN and a bridged tunnel, but that seems like overkill, esp. when EoIP is so much easier.
The problem w/ VLANs/VLAN-tagging is that not all routers support it, despite the fact the GUI gives the impression they do. And dd-wrt isn’t even using the 802.11q standard. And it obviously doesn’t work if you’re bridging over wireless. That’s why from a tech support perspective, I’ll only turn to VLAN tagging as a last resort.
Thanks, the two routers are the same models running same version firmware. I've got a few chromecasts in the house that I want guests to have access to as they migrate between APs. Having them completed siloed would not allow this. I figured with the same hardware, this should be a short put.
