Wi-Fi How To

Revision as of 16:45, 17 September 2009 (view source)

JohnNavas (Talk | contribs)

(→Two wireless networks on one router: edit)

← Older edit

Revision as of 16:52, 17 September 2009 (view source)

JohnNavas (Talk | contribs)

(→Two wireless networks on one router: edit and add content)

Newer edit →

Line 60:

The following procedure is for ''two separate wireless networks'' using [http://www.dd-wrt.com DD-WRT] (on [http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html supported devices]) web interface (as of v24 preSP2 Beta build 12533).

For ''more than two'' separate wireless networks, consult the reference above.

-

# '''''Wireless → Basic Settings'''''

+

# '''''Wireless → Basic Settings''''' (configure the two wireless networks)

#* ''Wireless Physical Interface '''wl0'''''

#** This will be the ''private'' wireless network

Line 67:

#** Click ''Add'' to create the ''public'' (guest) wireless network, which will be ''Virtual Interfaces '''wl0.1'''''

#** Enter a '''unique''' ''Wireless Network Name (SSID)'' (e.g., ''John's Guest Wireless'')

-

#** Click ''Enable'' for ''AP Isolation''

+

#** Click ''Enable'' for ''AP Isolation'' (to isolate public/guest wireless clients from each other)

#** Click ''Unbridged'' for ''Network Configuration''

#** For ''IP Address'', enter a '''different [[wikipedia:Subnetwork|subnet]]''' from the private network (which is 192.168.1.1 by default): 192.168.2.1

#** For ''Subnet Mask'', enter: '''255.255.255.0'''

#* Click ''Save'' (and do '''not''' click ''Apply Settings'')

-

# '''''Wireless → Wireless Security'''''

+

# '''''Wireless → Wireless Security''''' (configure security for the two wireless networks)

#* Enter desired security for each wireless network

#* '''WPA2 Personal with a strong passphrase is recommended.''' (WEP and WPA-TKIP are '''not''' secure!)

#* ''Note'': DD-WRT v24 preSP2 Beta build 12533 will ''not'' properly authenticate WPA Personal or WPA2 Personal after a reboot ([http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=3729 bug 003729]), only WEP.

#* Click ''Save'' (and do '''not''' click ''Apply Settings'')

-

# '''''Services → Services → DNSMasq'''''

+

# '''''Services → Services → DNSMasq''''' (configure DHCP for public/guest wireless)

#* In ''Additional DNSMasq Options'' enter:<code>    interface=wl0.1    dhcp-option=wl0.1,3,192.168.2.1    dhcp-option=wl0.1,6,192.168.1.1    dhcp-range=wl0.1,192.168.2.100,192.168.2.249,255.255.255.0,1440m</code>

#* Click ''Save'' (and do '''not''' click ''Apply Settings'')

-

# '''''Administration → Commands → Command Shell'''''

+

# '''''Administration → Commands → Command Shell''''' (configure firewall to isolate public/guest from private)

:* Enter the ''Commands'':<code>    iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept    iptables -I FORWARD -i wl0.1 -o br0 -j logdrop    iptables -I FORWARD -i br0 -o wl0.1 -j logdrop</code>

:* Click ''Save Firewall''

From Navas Wireless Wiki

Revision as of 16:52, 17 September 2009

Views

Personal tools

Navigation

main articles

Search

Toolbox

@@ Line 60: / Line 60: @@
 The following procedure is for ''two separate wireless networks'' using [http://www.dd-wrt.com DD-WRT] (on [http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html supported devices]) web interface (as of v24 preSP2 Beta build 12533).
 For ''more than two'' separate wireless networks, consult the reference above.
-# '''''Wireless &rarr; Basic Settings'''''
+# '''''Wireless &rarr; Basic Settings''''' (configure the two wireless networks)
 #*  ''Wireless Physical Interface '''wl0'''''
 #** This will be the ''private'' wireless network
@@ Line 67: / Line 67: @@
 #** Click ''Add'' to create the ''public'' (guest) wireless network, which will be<br>''Virtual Interfaces '''wl0.1'''''
 #** Enter a '''unique''' ''Wireless Network Name (SSID)'' (e.g., ''John's Guest Wireless'')
-#** Click ''Enable'' for ''AP Isolation''
+#** Click ''Enable'' for ''AP Isolation'' (to isolate public/guest wireless clients from each other)
 #** Click ''Unbridged'' for ''Network Configuration''
 #** For ''IP Address'', enter a '''different [[wikipedia:Subnetwork|subnet]]''' from the private network (which is 192.168.<u>1</u>.1 by default):<br>192.168.<u>2</u>.1
 #** For ''Subnet Mask'', enter:<br>'''255.255.255.0'''
 #* Click ''Save'' (and do '''not''' click ''Apply Settings'')
-# '''''Wireless &rarr; Wireless Security'''''
+# '''''Wireless &rarr; Wireless Security''''' (configure security for the two wireless networks)
 #* Enter desired security for each wireless network
 #* '''WPA2 Personal with a strong passphrase is recommended.''' (WEP and WPA-TKIP are '''not''' secure!)
 #* ''Note'': DD-WRT v24 preSP2 Beta build 12533 will ''not'' properly authenticate WPA Personal or WPA2 Personal after a reboot ([http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=3729 bug 003729]), only WEP.
 #* Click ''Save'' (and do '''not''' click ''Apply Settings'')
-# '''''Services &rarr; Services &rarr; DNSMasq'''''
+# '''''Services &rarr; Services &rarr; DNSMasq''''' (configure DHCP for public/guest wireless)
 #* In ''Additional DNSMasq Options'' enter:<code><br>&nbsp;&nbsp;&nbsp;interface=wl0.1<br>&nbsp;&nbsp;&nbsp;dhcp-option=wl0.1,3,192.168.2.1<br>&nbsp;&nbsp;&nbsp;dhcp-option=wl0.1,6,192.168.1.1<br>&nbsp;&nbsp;&nbsp;dhcp-range=wl0.1,192.168.2.100,192.168.2.249,255.255.255.0,1440m</code>
 #* Click ''Save'' (and do '''not''' click ''Apply Settings'')
-# '''''Administration &rarr; Commands &rarr; Command Shell'''''
+# '''''Administration &rarr; Commands &rarr; Command Shell''''' (configure firewall to isolate public/guest from private)
 :* Enter the ''Commands'':<code><br>&nbsp;&nbsp;&nbsp;iptables -I INPUT -i wl0.1 -m state --state NEW -j logaccept<br>&nbsp;&nbsp;&nbsp;iptables -I FORWARD -i wl0.1 -o br0 -j logdrop<br>&nbsp;&nbsp;&nbsp;iptables -I FORWARD -i br0 -o wl0.1 -j logdrop</code>
 :* Click ''Save Firewall''