DHCP server and guest network

[ScottMN]

RT-AC3100 running 380.64_2

I don't use the built in DHCP server in the router, instead using Win 2012 Server R2 as the DHCP server. Everything works fine. But with wireless guest networks clients are not getting IP addresses because I have local intranet access disabled. How do I get around this?

Basically I'd like the router to only serve up IP addresses to the guest network. Is this possible?

 

[ScottMN]

If it's not possible to control the built in DHCP server to only serve to the wireless guest networks, then maybe I need a second router in front of the main router for the guest network.

Thoughts?

 

[Fitz Mutch]

Yes, however it's a script-based solution. Here it is:
https://www.snbforums.com/threads/guest-networks-and-dhcp.14141/page-2#post-286748

 

[ScottMN]

Awesome. I've been doing quite a bit of searching this morning and that script looks to be the easiest and most promising.

I'm pressed for time today as I have a dozen kids sleeping over for my daughter's birthday party in a few hours. So temporarily I'm going to plug in a second older Merlin wireless router in front of my main network acting as a guest network. It will have DHCP server, OpenDNS, and some of the other parental controls enabled. My main network will suffer the same restrictions for the next 24 hours since it routes through that network, but that's no big deal. Then afterwards remove the temporary router, get the script up and running on the main router, and verify it works the way I want. Perhaps then the second older router will get a more permanent life as an AP to extend my wireless coverage.

Thanks!

 

[CaptainSTX]

Awesome. I've been doing quite a bit of searching this morning and that script looks to be the easiest and most promising.

I'm pressed for time today as I have a dozen kids sleeping over for my daughter's birthday party in a few hours. So temporarily I'm going to plug in a second older Merlin wireless router in front of my main network acting as a guest network. It will have DHCP server, OpenDNS, and some of the other parental controls enabled. My main network will suffer the same restrictions for the next 24 hours since it routes through that network, but that's no big deal. Then afterwards remove the temporary router, get the script up and running on the main router, and verify it works the way I want. Perhaps then the second older router will get a more permanent life as an AP to extend my wireless coverage.

Thanks!

To get the isolation you want I assume you are planning to double NAT the routers so both have different subnets? Also consider having the kids connect to guest networks activated on your old ASUS. This will isolate them from each other.

 

[ScottMN]

Yup, double NAT'ed: Internet -> cable modem -> old wireless router (temporary) -> main wireless router. The kids are isolated on the temp router and cannot access the main network. Different SSID's and different passwords too. I'm not concerned if they can see each other, just want to isolate my home network from them. From the main network I can login to both routers which is nice. But from the temp network there is no access whatsoever to the main network. I've also place the temp router near where they will be sleeping in the basement for maximum wireless signal strength.

When I get my DHCP server settings straightened out I'll remove the temp router and use the guest networking features built into the main router.

 

[CaptainSTX]

Yup, double NAT'ed: Internet -> cable modem -> old wireless router (temporary) -> main wireless router. The kids are isolated on the temp router and cannot access the main network. Different SSID's and different passwords too. I'm not concerned if they can see each other, just want to isolate my home network from them. From the main network I can login to both routers which is nice. But from the temp network there is no access whatsoever to the main network. I've also place the temp router near where they will be sleeping in the basement for maximum wireless signal strength.

When I get my DHCP server settings straightened out I'll remove the temp router and use the guest networking features built into the main router.

Its a good secure setup. I have most of my Iot devices connected to my primary router using all six guest networks to segregate them from each other. A few devices are connected to the router using Ethernet so the segregation isn't as complete. My personal LAN is for computers and other secure and trusted devices are on my second router which also handles my VPN connections.

Only disadvantage is that using the second router adds about 5 - 7 ms to my latency which isn't a problem for me particularly since I'm not a gamer.