Posted: Wed Dec 29, 2021 19:19 Post subject: Isolate traffic from wireless extender on second subnet?
I am running a Linksys WRT1900 and wanted to add another device to host a ton of IoT devices. I have a spare Tenda router that I have setup as a repeater. I am only given the option of WISP or Client+AP. I figured WISP would be best as I am running out of IP addresses (part of the reason for doing this).
I am wanting a way to block the Tenda from accessing the local network hosted by the Linksys.
Linksys is running 0.x and Tenda is 10.x if that helps for any rules.
Is it possible to have the Linksys filter all of the traffic since the Tenda seems to lack any kind of way to isolate (that I can see)?
Ideally I'd like to be able to access both networks from the Linksys side (and internet) and the Tenda should only be able to access it's own network (and internet).
Help?
Edit - just realized the Tenda can run Tomato, but seems to lack a dedicated repeater mode.
What I would do is set up dd-wrt to have a regular wireless network, and then add a vap see (https://wiki.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners) but there are other refs like: http://www.alexlaird.com/2013/03/dd-wrt-guest-wireless/
Then setup the vap network to host all of your IOT and whatnot... then it can control through iptables what access things have and if you want access one way or another...
P.S. It sounds like you are either only depending on dhcp (which you can increase) If you do shorter leases you can effectively gain more... otherwise change your netmask to be like 255.255.0.0 (meaning that you are opening up from ~255 ip addresses per network to ~65536 addresses)
What I would do is set up dd-wrt to have a regular wireless network, and then add a vap
I have considered that, but wasn't sure how much of an impact that would have on the main wireless network.
You are correct about the DHCP setting - never really needed more before, but with so many smart lights and switches things are getting out of control - Part of why I wanted them to all run on their own device.
I have 2 WRT1900's and one WRT1200 so I could also do something to bridge those instead of the Tenda.
Seems the guest network guide wasn't made for the current version - ended up totally screwing up my whole network trying to follow the steps. Thank goodness the wired part still worked.
It seems first thing is getting the vap working correctly. I actually recall trying to do this on my router at work and it took many attempts before it actually worked correctly. All goes downhill when trying to get the multiple dhcp to work I believe.
Joined: 04 Aug 2018 Posts: 1427 Location: Appalachian mountains, USA
Posted: Sat Jan 01, 2022 16:28 Post subject:
One more resource: My notes on setting up a VAP are the third post at https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1217070?start=3 _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Thank you everyone - hopefully I'll get this going. I plan to test on a router that isn't powering the whole house this time.
Build is 47581 currently
One more quick question - doing things this way, will I still be able to access the clients on the VAP or will they be isolated from my direction as well?
