[fpaquin92]

(Sorry for my bad english, i'm a guy from Québec )

Hi !

I have internet for my appartments, and i wanted to isotale each ssid to avoid someone on other ssid cast something on chromecast in other ssid.

This is my setup ( legend : -- for wired == for wireless )

CABLE MODEM --- TPLINK ARCHER C7 ======= TPLINK WL941NDV6

twice routers are on most recent beta build.
they are linked with WDS
the DHCP server is disabled on my WL941NDV6
in the archer c7, i did on each ssid a unbridged network and i activate net isolation and made a multiple dhcp for each ssid on this router (they have 7 different SSID) and it works like i want.

BUT!

when i did this on my WL941NDV6 (4 different SSID) the client lost internet. he can connect to a router, he give a ip adresses proper to his network but no internet. i need to leave this bridged to have internet, and when i leave it bridged all the ssid can talk with each others.

HOW can i active net isolation on each ssid on the WL941NDV6 and keep internet working ?

THANKS !

[ian5142]

Is it a wireless or Wired link between the Archer C7 and the 941ND?

If it is Wireless, use WDS, only on the 2.4GHz band. Archer C7 is WDS AP, WDS Station is the 941ND.

Then create the VAPs with Net isolation. It should work.

[fpaquin92]

It's a wireless link

Yes, my C7 is WDS AP and my 941ND is WDS Station.

But it still not work when i select unbridged the client lost the internet.

I don't know why

[ian5142]

No, don't unbridge the WDS network. Leave it bridged, have a WDS only network. Then create Virtual AP (VAPs) for the other networks on each router. Only unbridge and turn on Net Isolation on the VAPs. You may be required to run a separate DHCP server on the 941ND because the Archer C7 will not know about the 941ND's VAPs.

[fpaquin92]

No i didn't unbridged the WDS, only the VAP, but i didn't try to run a second dhcp server. I tried to run a second dhcp server but it doesn't work, but i'll try again..

[fpaquin92]

It doesn't work,

I don't know what i did wrong.

I attached screenshots to show to you

Link to my google drive for the screenshots

https://drive.google.com/folderview?id=1TSRCXd5ItScvXw0wSZZKKtE1ZvwT0E5c

[ian5142]

Please edit the previous post and zip up the files. This forum does not handle photos very well.

[fpaquin92]

[Per Yngve Berg]

1) Add static routes on the C7 for the networks behind the 941ND.

2) Enable NAT from all networks on the C7

iptables -I POSTROUTING -t nat -o `get_wanface` -j MASQUERADE

Paste in Administration->Commands and save as firewall.

[fpaquin92]

[Per Yngve Berg]

Setup->Advanced Routing

Add the network like 192.168.5.0/255.255.255.0 with the IP of the second router as gateway.

[fpaquin92]

[Per Yngve Berg]

The gateway is wrong. It cannot be on the same sub-net as the one you are routing to.

When the router have an interface to 10.50.0.0/24, it already know where it is and does not need a route.

Is the 941ND connected LAN-LAN or WAN-LAN with the C7?

Take an example:

LAN address of C7: 10.50.0.1
WAN address of 941ND: 10.50.0.2 gateway 10.50.0.1
LAN address of 941ND: 10.51.0.1

941ND is set in router mode.

Static route on C7 will be:
10.51.0.0/24 gateway 10.50.0.2

[fpaquin92]

[Per Yngve Berg]

That is LAN-LAN (10.50.0.1 and 10.50.0.2, same sub-net)

You need to enter a route to the other sub-nets behind the 941ND. Can you ping the C7 (10.50.0.1) from a client on these sub-nets?