Posted: Thu Jul 02, 2020 18:14 Post subject: Guest network no longer works in AP mode?
I have an older Netgear R7000 that I have used as router and AP fine for a couple of years. Recently I got an Edgerouter X to handle the routing part instead, so the R7000 only acts as an AP. I did this by disabling the DHCP server entirely on the R7000. Both the 2.4Ghz and 5Ghz wifi works fine but my guest network or "Virtual Interface" lost its internet connection. I can still connect to my guest wifi, but it doesn't have any internet. When I set it up from the start I basically did what this guy showed:
If DHCP is disabled on your main LAN in Basic Setup because it is a WAP that connects LAN-LAN to an existing network instead of using the WAN port or DHCP is disabled for any other reason, then the Multiple DHCP method above will not work and instead you will need to use the Command Method for DHCP.
So in other words I should use the "Command" or "DNSMasq method" method instead. So I did the settings like belov
I tried doing this:
This uses DNSMasq instead of DHCPd. See VAP with no WAN for setups without a WAN (e.g. WAP), as iptables (Firewall) rules are required for internet access (Multiple DHCP Server is not available with the WAN disabled). In the DD-WRT GUI:
Wireless -> Basic Settings: Click Add Virtual AP under Virtual Interfaces and change the SSID if needed
Set Network Configuration to Unbridged
Enable the following options: AP Isolation, Net Isolation
Enable Forced DNS Redirection to prevent users from circumventing content filters (see Public DNS)
Set the Optional DNS Target (if needed), IP Address (e.g. 192.168.7.1), and Subnet Mask (255.255.255.0)
Wireless -> Wireless Security set up the new "Virtual Interface" (e.g. wl1.1), preferably with WPA2-AES
Services -> Services -> DNSMasq: Enable DNSMasq, but leave other options disabled
In Additional DNSMasq Options, add the IP address and range for the appropriate virtual guest interface
Example for Broadcom (5 GHz is wl1.1), Atheros is ath0.1 or ath1.1, but depends on the router:
But it didn't seem to help. My VAP is configured as Unbridged, on separate subnet, 192.168.15.1 and as wl0.1
I am following this thread as I have the same problem on my secondary router, Netgear R6250 with 40270M, kong build. There is no WAN and the router is in router mode and when I try to connect to the guest network I get an authentication problem.
Update, I am connected. Thanks,I have been working at this for days, trying everything I discovered. By following this thread I got it resolved. Thanks again. It works. I used also ap isolation and forced dns redirection.
Last edited by Abboo on Sun Jul 05, 2020 18:31; edited 1 time in total
So now internet also seems to work on my guest network. I actually only use this guest network for some of my smart devices that requires network. However when I connect my phone to this iot guest network, it cannot discover my devices anymore. I have disabled AP Isolation but I want to keep Net isolation on so it does not get access to the rest of my network. I have been trying to connect for an couple of hours now without any luck. The documentation for my smart devices don't say much else than to check that the network is 2.4 and that mac list is not enabled.
Seeing that they worked on this guest network before, there must be something more I have to do in order the get devices to discover each other on the guest network.
So to clarify: The guest network now has internet. However devices on it cannot see each other. How do I fix this?
The troubleshooting guide for these smart devices are as follows:
Check whether your device is powered on and turned on.
If you are informed that the device has been bound to another account during the binding process, please follow the instructions on the posted page to unbind the device and add it again.
Ensure that the network environment has strong and stable signals. Troubleshooting: Place your mobile phone or iPad connected to the same local area network close tothe device, and open a web page to check whether the browsing is smooth and stable.
If the network is normal but the device network connection still fails, check whether the router is overloaded. You can disable a device's Wi-Fi feature to reserve the channel for resource reallocation.
Check whether the router password you entered is correct. Check for spaces before and after the Wi-Fi account or password and case sensitivity issues.
Ensure that broadcasting is enabled for Wi-Fi and is not hidden. Ensure that your device has been added over a Wi-Fi band of 2.4 GHz. (Check whether the 2.4 GHz band and 5GHz band share the same Wi-Fi account. If so, we recommend that you configure two accounts and switch to the 2.4 GHz band during network connection.)
Ensure that the encryption method and authentication type are set to WPA2-PSK and AES, respectively, for the router’s wireless settings, or both are set to Auto. Ensure that the wireless mode is not set to 11n only.
If wireless MAC address filtering is enabled for the router, remove your device from the router’s MAC address filtering list to ensure that it is allowed to connect to the network. You can also disable MAC address filtering.
Ensure that the DHCP service is enabled for the router. If not, the IP address will be occupied.
I don't know about the last line. It requires DHCP? Not sure I understand.
Gateway: 192.168.15.1 (This is my VAP subnet. This can't be right?
This is correct if 192.168.15.1 is the address of the router.
Well my DDWRT router is actually 192.168.1.50 but the guest network is 192.168.15.1
When I check system logs I have this warning:
Jan 1 01:02:15 DD-WRT daemon.warn dnsmasq-dhcp: no address range available for DHCP request via br0
Jan 1 01:02:16 DD-WRT daemon.warn dnsmasq-dhcp: no address range available for DHCP request via br0