Rogfitz
New Around Here
I have an Asus AC5300 as primary router, gateway and DHCP server and an AC66U as a secondary AP. On the AC66U I have created a Wifi Guest Network that I don't want to access my LAN. Only the AC5300 for internet access and a single Chromecast.
I get this to work when using stock firmware version 3.0.0.4.382_51641-g46d2311 and connecting with Telnet and writing following commands:
#!/bin/sh
#nvram commit
killall eapd
eapd
#enable wifi guest isolation (for wifi clients only, not lan)
wl -i wl0.1 ap_isolate 1
#block lan access to/from wifi guests
ebtables -I FORWARD 1 -d Broadcast -j ACCEPT
ebtables -I FORWARD 1 -s ##:##:##:##:##:01 -j ACCEPT
ebtables -I FORWARD 1 -d ##:##:##:##:##:01 -j ACCEPT
ebtables -I FORWARD 1 -s ##:##:##:##:##:02 -j ACCEPT
ebtables -I FORWARD 1 -d ##:##:##:##:##:02 -j ACCEPT
ebtables -I FORWARD 4 -i wl0.1 -j DROP
ebtables -I FORWARD 4 -o wl0.1 -j DROP
The ##:##:##:##:##:01 and ##:##:##:##:##:02 being the MAC-addresses to my AC5300 and Chromecast.
But since I haven't been able to run these commands automatically on the AC66U on startup (is it possible?) I tried the Merlin 380.70 firmware instead. I successfully made the commands run on startup in the "service-start" script, but it doesn't work! Instead the Guest Network can't connect at all. No IP from the DCHP on AC5300 is received. And even if I use Static IP allocation on my client I can't connect to the Internet.
Any ideas what I'm doing wrong?
I get this to work when using stock firmware version 3.0.0.4.382_51641-g46d2311 and connecting with Telnet and writing following commands:
#!/bin/sh
#nvram commit
killall eapd
eapd
#enable wifi guest isolation (for wifi clients only, not lan)
wl -i wl0.1 ap_isolate 1
#block lan access to/from wifi guests
ebtables -I FORWARD 1 -d Broadcast -j ACCEPT
ebtables -I FORWARD 1 -s ##:##:##:##:##:01 -j ACCEPT
ebtables -I FORWARD 1 -d ##:##:##:##:##:01 -j ACCEPT
ebtables -I FORWARD 1 -s ##:##:##:##:##:02 -j ACCEPT
ebtables -I FORWARD 1 -d ##:##:##:##:##:02 -j ACCEPT
ebtables -I FORWARD 4 -i wl0.1 -j DROP
ebtables -I FORWARD 4 -o wl0.1 -j DROP
The ##:##:##:##:##:01 and ##:##:##:##:##:02 being the MAC-addresses to my AC5300 and Chromecast.
But since I haven't been able to run these commands automatically on the AC66U on startup (is it possible?) I tried the Merlin 380.70 firmware instead. I successfully made the commands run on startup in the "service-start" script, but it doesn't work! Instead the Guest Network can't connect at all. No IP from the DCHP on AC5300 is received. And even if I use Static IP allocation on my client I can't connect to the Internet.
Any ideas what I'm doing wrong?