What's new

DHCP Server off and Guest WiFi

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

huygens_25

Occasional Visitor
Dear All,

My question is how to maintain on the Asus router the DHCP server for isolated Guest WiFi (those without access to the LAN), but disable it for LAN and WiFi with access to LAN?

When I turn off the DHCP server in the router interface, the isolated Guest WiFi are not working unless users set static IP addresses. I understand why, but I would like to know how I can left activated the DHCP server for certain SSIDs but disable it for others and for LAN.

PS: I have a RT-AC68U router and I'm using the official (latest) firmware from Asus. I'm open to install 3rd party firmware. I would be interested in options such as: dedicated DHCP server per SSID, possibly VLAN tagging per SSID/port, and possibly DNS "override" (providing another IP address for certain selected domain).
 
Dear All,

My question is how to maintain on the Asus router the DHCP server for isolated Guest WiFi (those without access to the LAN), but disable it for LAN and WiFi with access to LAN?

Maybe I am not fully awake yet, but 'huh'? :)
 
Dear All,

My question is how to maintain on the Asus router the DHCP server for isolated Guest WiFi (those without access to the LAN), but disable it for LAN and WiFi with access to LAN?

When I turn off the DHCP server in the router interface, the isolated Guest WiFi are not working unless users set static IP addresses. I understand why, but I would like to know how I can left activated the DHCP server for certain SSIDs but disable it for others and for LAN.

PS: I have a RT-AC68U router and I'm using the official (latest) firmware from Asus. I'm open to install 3rd party firmware. I would be interested in options such as: dedicated DHCP server per SSID, possibly VLAN tagging per SSID/port, and possibly DNS "override" (providing another IP address for certain selected domain).

you will have to write a custom dnsmasq configuration file, pointing to the Guest WiFi only interface bridges and omitting the LAN interfaces. Install ASUSWRT-Merlin as it's a bit more flexible than the stock firmware
 
Thanks @microchip! I'll install Merlin's firmware. I'll see what is the easiest between using the bind interface in dnsmasq config or using iptables rules. Or perhaps, I just create different VLANs on my main switch and have 2 DHCP servers.
 
Better to have one DHCP server, and define scopes of that DHCP service via VLAN ID...
 
In the end, I did a trade-off...

I let my ASUS router taking care of DHCP and DNS, *BUT* I configured in the "WAN" part of the administration settings the DNS to point to my own maintained DNS (I want to build a recursive DNS in the end) inside my LAN. So the ASUS router is caching the DNS research from my own DNS resolver.

In this way, guests can still connect to the internet and resolve domain names, but using my own local DNS resolver. The router is providing the visible interface to them, so they do not connect directly to my resolver. It works the same for non-guests. The increase in latency is not perceptible (even when monitored, it is 2-3 ms the first time a name is resolved, then there is no difference as long as the name is in cache).

This was my solution to at least control how domains are resolved, to establish DNSSEC and in the near future to have recursive DNS resolution and no longer relying on external DNS resolver (e.g. from ISP). In the longer term, I'll probably isolate using VLAN the router and the WiFi clients, and manage 2 DHCP servers, as I would like that my DHCP server and DNS resolver are not provided by the router (ideally I want my router to only do WiFi, NAT and firewall, nothing else).
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top