Multiple Guest Accounts With DNSMasq DHCP Server?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
eginnc
DD-WRT Novice


Joined: 23 Jul 2017
Posts: 47

PostPosted: Sun Feb 10, 2019 22:44    Post subject: Multiple Guest Accounts With DNSMasq DHCP Server? Reply with quote
I'd like to have a guest VAP on both the 2.4 and 5 GHz radios. My Archer C7 (DD-WRT v3.0-r38535 std (01/31/19)) is running as a WAP and switch for a Roku and Ooma VOIP box, to which I lose connectivity when I replicate my 2.4 VAP setup for the 5GHz radio. Network isolation doesn't work on the VAP's either when I do this. To add the second VAP (ath1.1)

In DNSMasq I add the second interface (ath1.1 below):
Code:

interface=ath0.1
dhcp-option=ath0.1,3,10.10.12.1
dhcp-range=ath0.1,10.10.12.2,10.10.12.60,255.255.255.0,23h
interface=ath1.1
dhcp-option=ath1.1,3,10.10.13.1
dhcp-range=ath1.1,10.10.13.2,10.10.13.60,255.255.255.0,23h


And in my firewall I add the second iptables line:
Code:

iptables -I FORWARD -i ath0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -I FORWARD -i ath1.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`


And the 2.4 and 5 GHz VAP's are unbridged, with AP and Net isolation enabled. My WAN connection type is disabled, and the WAN port is assigned to the switch, and the Advanced Router operating mode is "Router". Security on the VAPs is WPA2 AES (just like the WAPs).

Am I trying to do something that doesn't work and never will? Anyone get this working that can tell me what I'm doing wrong? Thank you for any help!

_________________
TP-Link Archer C7v2(US)
TP-Link Archer C9v1
Trendnet TEW824DRU
Edgerouter X
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 4630
Location: Texas

PostPosted: Sun Feb 10, 2019 23:49    Post subject: Reply with quote
Do you also have ath0.1 IP as 10.10.12.1 and subnet mask 255.255.255.0 in its unbridged wireless settings
and the
ath1.1 IP 10.10.13.1 with netmask as 255.255.255.0 ??????
and you rebooted router?

that should work but I have never had a Archer C7 so don't know.....

EDIT:
don't know why you want 2 separate guest networks anyways ...
...if you want both radios for guest then leave both VAPs as bridged and in 'Networking' create br1 the network then assign ath0.1 & ath1.1 to it.
On the WAP still have to it put in Additional DNSMASq options same IP & netmask as br1 in 'Networking'
Be sure interface=br1...and so on Rolling Eyes
eginnc
DD-WRT Novice


Joined: 23 Jul 2017
Posts: 47

PostPosted: Tue Feb 12, 2019 1:33    Post subject: Reply with quote
Yes. I had ath[0.1 or 1.1] set up as 10.10.[12 or 13].1, unbridged, with 255.255.255.0 net mask in wireless settings. Might not have been a reboot in the mix [I think there was, but not sure], but I did save and then apply all settings and run the firewall commands explicitly before saving them to the firewall. I'll try again with a reboot and report back. Might be this weekend before I have time to mess around with it again.

You know, I never thought enough to realize I don't need two guest networks. I was thinking I needed to go the route I did, to utilize the network isolation check box instead of the "old" bridged network and lots of firewall rules approach to guest networks, but with two radios, yeah, cool - that makes a lot of sense. I'll experiment with that too this weekend [my kids have banned me from "fixing" the internet during the week when they have homework requiring it].

Thanks for the ideas mrjcd - I'm slowly learning enough to be dangerous! I couldn't have set up my last guest network without your help last time I hit the wall!

_________________
TP-Link Archer C7v2(US)
TP-Link Archer C9v1
Trendnet TEW824DRU
Edgerouter X
eginnc
DD-WRT Novice


Joined: 23 Jul 2017
Posts: 47

PostPosted: Mon May 06, 2019 0:09    Post subject: Reply with quote
Posting a long past due update that I did get this to work on my Atheros Archer C7 running as a WAP (both radios providing a guest VAP), but I've given up getting the same setup to work on a Broadcom Archer C9 running as a WAP. I just can't figure out how to get a guest VAP on both wl0.1 and wl1.1.

ath0.1 and ath1.1 are assigned to br1; br1 IP is set to 10.23.42.1 on the C7 (and wl0.1 and wl1.1 to br1 and br1 IP to different subnet on the C9).

Dnsmasq options:
Code:
interface=br1
dhcp-option=br1,3,10.23.42.1
dhcp-range=br1,10.23.42.10,10.23.42.60,255.255.255.0,23h


Firewall:
Code:
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`


Anyone know anything special about Broadcom units to get this to work?

_________________
TP-Link Archer C7v2(US)
TP-Link Archer C9v1
Trendnet TEW824DRU
Edgerouter X
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Mon May 06, 2019 1:31    Post subject: Reply with quote
You'd think the situation would be reversed, w/ the Broadcom wireless being less troublesome. After all, Broadcom is the original chipset that started dd-wrt in the first place, using the WRT54x series. Broadcom has a long history of being the *the* most compatible chipsets when it comes to dd-wrt.

This problem is probably better addressed in the Broadcom forum. The folks in there tend to have a lot better information about such matters than those of us browsing the General forum.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3659
Location: Netherlands

PostPosted: Mon May 06, 2019 10:21    Post subject: Reply with quote
Attached my notes for a broadcom device using the "modern" method without creating a separate br1, although that works the same.
Maybe they are useful Smile
There are references in my notes which could also be useful.

You might have the VAP problem, see the workarounds, just start with one VAP.
On first sight your settings and firewall rules look OK.

The last chapter is for a VAP on a WAP (love that alliteration)

Oh and always reboot after setup/change



DDWRT Virtual Access Point Public.doc
 Description:

Download
 Filename:  DDWRT Virtual Access Point Public.doc
 Filesize:  254.5 KB
 Downloaded:  23 Time(s)


_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum