Posted: Thu Apr 26, 2018 18:37 Post subject: RT-AC66U as Access Point
Router: Asus RT-AC66U
Firmware: brainslayer build 35531
I'm attempting to set up my router, onto which I previously successfully flashed build 35531, as an Access Point. I was able to connect to the router settings page wirelessly, but am having trouble getting internet connectivity. I checked the wiki page here https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point#Secondary_Router_on_a_Separate_Subnet but am still a little confused about which option would be best. What I'm trying to accomplish is something like this:
Any guidance on which router should be the DHCP server as well as how to assign the addresses and subnets would be appreciated.
Edit: I was able to reset the router I previously had set to bridge mode. Just in need of guidance on how to prevent conflicts from having two routers now. I've been unable to get the Smart TV to work and I'm wondering if it's because currently I have both routers set up to behave as routers, rather than having one bridged.
Any advice on this? I've successfully installed DD-WRT on two routers and am able to connect to each of them individually, but run into problems when attempting to connect them together. I would like to connect them LAN to WAN if possible. The reason for the separate perimeter router is to be able to insert a transparent, in-line IPS between the two routers. I'm unsure of what to put for my settings in the second router, as far as the WAN IP address, local IP address, and so on.
Once I've set up the two routers to work in tandem, the next step will be to configure each port on the inner router as a VLAN with its own subnet.
Am I mistaken in believing something like this is possible?
Posted: Thu May 03, 2018 18:47 Post subject: Re: RT-AC66U as Access Point
commodiusvicus wrote:
I'm attempting to set up my router, onto which I previously successfully flashed build 35531, as an Access Point. I was able to connect to the router settings page wirelessly, but am having trouble getting internet connectivity. I checked the wiki page here https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point#Secondary_Router_on_a_Separate_Subnet but am still a little confused about which option would be best.
I think you're over-complicating this; the above section is if you want your AP on a different subnet, in which case it's just a your gateway router (default setup).
Posted: Sun May 06, 2018 20:31 Post subject: Re: RT-AC66U as Access Point
jwh7 wrote:
commodiusvicus wrote:
I'm attempting to set up my router, onto which I previously successfully flashed build 35531, as an Access Point. I was able to connect to the router settings page wirelessly, but am having trouble getting internet connectivity. I checked the wiki page here https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point#Secondary_Router_on_a_Separate_Subnet but am still a little confused about which option would be best.
I think you're over-complicating this; the above section is if you want your AP on a different subnet, in which case it's just a your gateway router (default setup).
Thanks for your reply. I had thought I needed the AP on a different subnet in order for devices on the inner router to be invisible to the perimeter router. Right now, the problem I'm experiencing is that I have to manually assign an IP address in the operating system on each client, and manually release those settings if I switch networks. Should I turn on DHCP in order to auto-assign IP addresses, or set static IP addresses? Would a DHCP relay be appropriate.
Regarding the isolated wireless network, it's simply using the 2.4 GHz radio, with AP isolation enabled.
Once I've got the two routers to interact properly with each other, my goal is to have each of the three workstations which will be connected to the inner router to be on their own VLAN, with an additional internet-disabled VLAN for both of the printers (connected via ethernet to one dumb switch). Hopefully all of that makes sense.
I was able to get the routers to work with each other by disabling DHCP on the inner router, placing it on the same subnet, and bridging its WAN port to LAN. Now I need to ensure a device on WAN (connected to perimeter router only) cannot ping a device on the inner, downstream router. I would also like to set up VLANs for each of the ports on the inner router. Would this best be done on the perimeter router or inner router (access point)
Would it be more feasible to use iptables or access restrictions to filter traffic on a device-by-device basis rather than using VLANs at all? The main thing I'm trying to do right now is prevent three workstations from being visible to one another, and visible to wireless devices.
