Guest network no longer works in AP mode?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
baxtex
DD-WRT User


Joined: 30 Dec 2014
Posts: 78

PostPosted: Thu Jul 02, 2020 18:14    Post subject: Guest network no longer works in AP mode? Reply with quote
I have an older Netgear R7000 that I have used as router and AP fine for a couple of years. Recently I got an Edgerouter X to handle the routing part instead, so the R7000 only acts as an AP. I did this by disabling the DHCP server entirely on the R7000. Both the 2.4Ghz and 5Ghz wifi works fine but my guest network or "Virtual Interface" lost its internet connection. I can still connect to my guest wifi, but it doesn't have any internet. When I set it up from the start I basically did what this guy showed:

https://www.youtube.com/watch?v=C-N1b42WNSA

How can I get internet to my guest network when DDWRT has DHCP server disabled?
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7182
Location: Texas, USA

PostPosted: Thu Jul 02, 2020 21:27    Post subject: Reply with quote
https://wiki.dd-wrt.com/wiki/index.php/Guest_Network

https://wiki.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners

https://wiki.dd-wrt.com/wiki/index.php/Multiple_WLANs

_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
baxtex
DD-WRT User


Joined: 30 Dec 2014
Posts: 78

PostPosted: Fri Jul 03, 2020 17:57    Post subject: Reply with quote
Thanks.
I read this:

Quote:
If DHCP is disabled on your main LAN in Basic Setup because it is a WAP that connects LAN-LAN to an existing network instead of using the WAN port or DHCP is disabled for any other reason, then the Multiple DHCP method above will not work and instead you will need to use the Command Method for DHCP.


So in other words I should use the "Command" or "DNSMasq method" method instead. So I did the settings like belov

I tried doing this:

Quote:
This uses DNSMasq instead of DHCPd. See VAP with no WAN for setups without a WAN (e.g. WAP), as iptables (Firewall) rules are required for internet access (Multiple DHCP Server is not available with the WAN disabled). In the DD-WRT GUI:

Wireless -> Basic Settings: Click Add Virtual AP under Virtual Interfaces and change the SSID if needed
Set Network Configuration to Unbridged
Enable the following options: AP Isolation, Net Isolation
Enable Forced DNS Redirection to prevent users from circumventing content filters (see Public DNS)
Set the Optional DNS Target (if needed), IP Address (e.g. 192.168.7.1), and Subnet Mask (255.255.255.0)
Wireless -> Wireless Security set up the new "Virtual Interface" (e.g. wl1.1), preferably with WPA2-AES
Services -> Services -> DNSMasq: Enable DNSMasq, but leave other options disabled
In Additional DNSMasq Options, add the IP address and range for the appropriate virtual guest interface
Example for Broadcom (5 GHz is wl1.1), Atheros is ath0.1 or ath1.1, but depends on the router:
interface=wl0.1
dhcp-option=wl0.1,3,192.168.15.1
dhcp-range=wl0.1,192.168.15.100,192.168.7.200,255.255.255.0,12h


But it didn't seem to help. My VAP is configured as Unbridged, on separate subnet, 192.168.15.1 and as wl0.1

I did more or less exactly like this post, had only to replace the subnet: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1047143#1047143 still does not work.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5762
Location: Romerike, Norway

PostPosted: Sat Jul 04, 2020 13:51    Post subject: Reply with quote
There is an error in the 3. octet, 15 versus 7.
Abboo
DD-WRT User


Joined: 03 Apr 2016
Posts: 96

PostPosted: Sun Jul 05, 2020 0:27    Post subject: Reply with quote
I am following this thread as I have the same problem on my secondary router, Netgear R6250 with 40270M, kong build. There is no WAN and the router is in router mode and when I try to connect to the guest network I get an authentication problem.

Update, I am connected. Thanks,I have been working at this for days, trying everything I discovered. By following this thread I got it resolved. Thanks again. It works. I used also ap isolation and forced dns redirection.


Last edited by Abboo on Sun Jul 05, 2020 18:31; edited 1 time in total
baxtex
DD-WRT User


Joined: 30 Dec 2014
Posts: 78

PostPosted: Sun Jul 05, 2020 13:05    Post subject: Reply with quote
Per Yngve Berg wrote:
There is an error in the 3. octet, 15 versus 7.


Tack Smile

So now internet also seems to work on my guest network. I actually only use this guest network for some of my smart devices that requires network. However when I connect my phone to this iot guest network, it cannot discover my devices anymore. I have disabled AP Isolation but I want to keep Net isolation on so it does not get access to the rest of my network. I have been trying to connect for an couple of hours now without any luck. The documentation for my smart devices don't say much else than to check that the network is 2.4 and that mac list is not enabled.

Seeing that they worked on this guest network before, there must be something more I have to do in order the get devices to discover each other on the guest network.

These are my settings:

https://imgur.com/a/XRr2WA3

So to clarify: The guest network now has internet. However devices on it cannot see each other. How do I fix this?

The troubleshooting guide for these smart devices are as follows:


Check whether your device is powered on and turned on.

If you are informed that the device has been bound to another account during the binding process, please follow the instructions on the posted page to unbind the device and add it again.

Ensure that the network environment has strong and stable signals. Troubleshooting: Place your mobile phone or iPad connected to the same local area network close tothe device, and open a web page to check whether the browsing is smooth and stable.

If the network is normal but the device network connection still fails, check whether the router is overloaded. You can disable a device's Wi-Fi feature to reserve the channel for resource reallocation.

Check whether the router password you entered is correct. Check for spaces before and after the Wi-Fi account or password and case sensitivity issues.

Ensure that broadcasting is enabled for Wi-Fi and is not hidden. Ensure that your device has been added over a Wi-Fi band of 2.4 GHz. (Check whether the 2.4 GHz band and 5GHz band share the same Wi-Fi account. If so, we recommend that you configure two accounts and switch to the 2.4 GHz band during network connection.)

Ensure that the encryption method and authentication type are set to WPA2-PSK and AES, respectively, for the router’s wireless settings, or both are set to Auto. Ensure that the wireless mode is not set to 11n only.

If wireless MAC address filtering is enabled for the router, remove your device from the router’s MAC address filtering list to ensure that it is allowed to connect to the network. You can also disable MAC address filtering.
Ensure that the DHCP service is enabled for the router. If not, the IP address will be occupied.


I don't know about the last line. It requires DHCP? Not sure I understand.
baxtex
DD-WRT User


Joined: 30 Dec 2014
Posts: 78

PostPosted: Sun Jul 05, 2020 15:01    Post subject: Reply with quote
Hmm so I found something interesting when I check the wifi properties on my phone on my Regular wifi vs my VAP.

Regular:
IP: 192.168.1.40
Gateway: 192.168.1.1 (This is the ip of my Edgerouter X)
Subnet Mask 255.255.255.0
DNS: 1.1.1.1

VAP:
IP: 192.168.15.141
Gateway: 192.168.15.1 (This is my VAP subnet. This can't be right?
Subnest Mask 255.255.255.0
DNS: 192.168.15.1

My VAP Gateway and DNS looks a bit wrong?
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5762
Location: Romerike, Norway

PostPosted: Sun Jul 05, 2020 15:55    Post subject: Reply with quote
DNS is what you set here:

dhcp-option=wl0.1,3,192.168.15.1


Gateway: 192.168.15.1 (This is my VAP subnet. This can't be right?

This is correct if 192.168.15.1 is the address of the router.
baxtex
DD-WRT User


Joined: 30 Dec 2014
Posts: 78

PostPosted: Sun Jul 05, 2020 17:03    Post subject: Reply with quote
Per Yngve Berg wrote:
DNS is what you set here:

dhcp-option=wl0.1,3,192.168.15.1


Gateway: 192.168.15.1 (This is my VAP subnet. This can't be right?

This is correct if 192.168.15.1 is the address of the router.


Well my DDWRT router is actually 192.168.1.50 but the guest network is 192.168.15.1

When I check system logs I have this warning:

Jan 1 01:02:15 DD-WRT daemon.warn dnsmasq-dhcp[1421]: no address range available for DHCP request via br0
Jan 1 01:02:16 DD-WRT daemon.warn dnsmasq-dhcp[1421]: no address range available for DHCP request via br0
baxtex
DD-WRT User


Joined: 30 Dec 2014
Posts: 78

PostPosted: Fri Jul 17, 2020 6:20    Post subject: Reply with quote
Anyone else knows what I can try?
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum