Posted: Mon Jun 17, 2019 14:38 Post subject: Wired guest network on a AP
Hi all,
I have 2 broadcom routers (e900 and R7000) with dd-wrt. The e900 is in a separate building as an AP, servicing wireless clients and a couple of wired connections to a NAS and a Pi.
I'd like to configure the wired connection to the Pi to be isolated from the rest of the network but have internet access via the R7000
Is this possible ?
I confess this is somewhat beyond my current skill level but would like to learn who to set it up.
How is the AP (e900) in the other building connected to the primary router (R7000)? Wire? Wireless? I would assume as a repeater bridge, but I want to be sure.
Sorry, I thought I'd replied but for some reason it didn't post.
The e900 is connected via wired Cat5 to the R7000.
When you talk about VAP (Virtual Access point?) is this implemented using the VLAN tab found in the dd-wrt set ups on both routers ?
"The e900 is in a separate building as an AP, servicing wireless clients and a couple of wired connections to a NAS and a Pi."
… I wasn't sure if the NAS and Pi where wired to the AP (e900), or you just meant they were on the primary router (R7000) and accessible from the AP. This is a case where it might help if you provided a diagram (hand-drawn is fine), because sometimes the choice of words and phrasing can lead to misinterpretation.
The Pi and NAS are directly wired to the e900. Other clients (eg a chromebook) also connect via Wifi e900 for internet access.
The idea is to separate the wired Pi and a guest wifi on the e900 from the rest of the network but still access the internet.
I do have a diagram and will try and pop it up somewhere to display here.
I've had a go this afternoon setting up a guest wifi on the e900 but no success so far
Sorry again for the slow reply - I'm not getting the email notifications.
Next step is to create a vlan for the wired port and put that vlan on the Bridge you created.
VAP's often need workarounds to get going, from my notes:
Quote:
From approximately mid 2018 VAP's on Broadcom units are problematic, you cannot connect or do not get an IP address. There are workarounds :
1) When VAP is not working at boot; workaround startup command Administrationn/Commands, Save as Startup:
sleep 10; stopservice nas; stopservice wlconf; startservice wlconf; startservice nas;
2) Alternative way to get VAP working: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317181
3) An other user reports the following workaround (save as startup):
sleep 4; stopservice cron; stopservice wlconf; wlconf eth1 up; wlconf eth2 up; startservice cron;
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=319412
4)This one is from @Redhawk (guaranteed to work ):
sleep 20; stopservice nas; wlconf eth1 down; wlconf eth2 down; wlconf eth1 up; wlconf eth2 up; startservice nas
egc, a quick question. In that guide they suggest a guest network IP of 192.168.12.1
I'm using a 172.16.16.x range. I guess that I should use something like 172.16.32.1 if it's based on a subnet of the main ip range ?
To check, I expect I'll then need to add firewall rules to stops the guest network accessing the 'office' ip range, As suggested by eibgrad in their post?