1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Guest Network on AP

Discussion in 'Asuswrt-Merlin' started by smitty870, Feb 19, 2019.

  1. smitty870

    smitty870 New Around Here

    Joined:
    Feb 19, 2019
    Messages:
    3
    I have an Ubiquity Edgerouter connected to my ISP Modem and would like to use the ASUS Router as an AP.
    I currently have another firmware on it with 3 SSIDS (Private, IOT, Guest).
    1 - private picks up it's IP address from the Edgerouter. Firewall rules permit access to any device on the other 2 networks.

    2 - IOT with it's own DCHP subnet of 192.168.20.0/24 and firewall rules that allow for backup to a device on 192.168.10.0/24.

    3. Guest is 192.168.30.0/24

    I was checking out a couple of articles here, but I am not sure if I am doing the configuration correctly.
    https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts
    https://github.com/RMerl/asuswrt-me...dicated-DHCP-options-bind-to-a-specific-SSID?
    Based on How to have dedicated DHCP options bind to a specific SSID?, my config files are as follows"

    dnsmasq.postconf
    #!/bin/sh
    CONFIG=$1
    source /usr/sbin/helper.sh
    logger "dnsmasq-dhcp: Configure wl0.1 to have special DHCP"
    ifconfig wl0.1 192.168.70.2 netmask 255.255.255.0
    iptables -D INPUT -i wl0.1 -j ACCEPT
    iptables -I INPUT -i wl0.1 -j ACCEPT
    ebtables -t broute -D BROUTING -i wl0.1 -p ipv4 -j DROP
    ebtables -t broute -I BROUTING -i wl0.1 -p ipv4 -j DROP
    pc_append "
    log-dhcp
    interface=wl0.1
    dhcp-range=wl0.192.168.70.200,192.168.70.240,255.255.255.0,86400s
    dhcp-option=wl0.1,3,192.168.70.1
    dhcp-option=wl0.1,6,192.168.10.1,8.8.8.8,8.8.4.4
    " /tmp/etc/dnsmasq.conf

    services-start
    #!/bin/sh
    service restart_dnsmasq

    I have never edited or created Unix based files before. I configured my NotePad++ Edit-->EOL Conversion to Unix LF. I also saved the files as Unix Scripts then renamed to the proper file names.

    Rebooted the router and presto Guest SSID still gets a 192.168.10.0/24 address.
    After not working and doing a deeper dig in the forums, it sounds like in AP mode it this will not work.

    Is it my understanding that you cannot use the Asus with Merlin firmware as an AP attached to the router with a guest network? May I have configured something incorrectly?
     
  2. Zonkd

    Zonkd Senior Member

    Joined:
    Oct 19, 2014
    Messages:
    383
    AP mode isn’t that smart and disables firewall and these features because that’s the edgerouters job. Afaik If you want to create all these different networks subnets and routing and firewall rules and use dnsmasq then the ASUS can’t be in AP mode. Must be in router mode. Leaving it in router mode is ok but will create double NAT.
     
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,759
    Location:
    UK
    Correct. The concept of guest networks is meaningless in AP mode as that is a function of the device doing the routing.
     
  4. smitty870

    smitty870 New Around Here

    Joined:
    Feb 19, 2019
    Messages:
    3
    Code:
    dnsmasq.postconf
    #!/bin/sh
    CONFIG=$1
    source /usr/sbin/helper.sh
    logger "dnsmasq-dhcp: Configure wl0.1 to have special DHCP"
    # ifconfig br1 192.168.80.2 netmask 255.255.255.0
    iptables -D INPUT -i br1 -j ACCEPT
    iptables -I INPUT -i br1 -j ACCEPT
    ebtables -t broute -D BROUTING -i br1 -p ipv4 -j DROP
    ebtables -t broute -I BROUTING -i br1 -p ipv4 -j DROP
    pc_append "
    log-dhcp
    interface=br1
    dhcp-range=br1,192.168.80.200,192.168.80.254,255.255.255.0,6h
    dhcp-option=br1,3,192.168.80.1
    dhcp-option=br1,6,192.168.80.1,192.168.10.1,8.8.8.8
    " /tmp/etc/dnsmasq.conf
    
    services-start
    #!/bin/sh
    service restart_dnsmasq
    /jffs/scripts/wifiguest2
    
    wifiguest2 - This script I found in a thread and I apologize to the original owner. I lost the thread to give credit to for the original script.
    !#/bin/sh
    
    PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
    
    # Remove port 4 from VLAN1
    # robocfg vlan 1 ports "0 1 2 5t"
    
    # Create VLAN20, and add port 4t(tagged) or 4 (untagged)
    robocfg vlan 20
    # ports "4t 5t"
    
    #VLAN-port setup - add VLAN as an interface connected to eth0
    vconfig add eth0 20
    
    # up interface vlan20
    ifconfig vlan20 up
    
    # create br1
    brctl addbr br1
    # enable stp
    #brctl stp br1 on
    
    # Remove wl0.1 (the named guest network) from br0
    brctl delif br0 wl0.1
    
    # add wl0.1 to br1
    brctl addif br1 wl0.1
    
    # up interface
    ifconfig br1 up
    
    # add vlan20 to br1
    brctl addif br1 vlan20
    
    # Configure an IP address to the bridge and enable (up) it - alternate just ipconfig br1 up
    ifconfig br1 192.168.80.1 netmask 255.255.255.0 up
    
    # Mapped vlan20ports
    # nvram set vlan20ports="4t 5t"
    nvram set vlan20hwname=et0
    
    # Cleanup (remove the wl0.1 from "lan_ifnames")
    #nvram set lan_ifnames="vlan1 eth1 eth2"
    
    #  Create lan1_ifnames & make eapd to listen to the existing bridge br0
    nvram set lan_ifnames="vlan1 eth1 eth2 wl0.2 wl1.2"
    nvram set lan_ifname="br0"
    
    #   Create lan1_ifnames &  make eapd to listen to the new bridge br1
    nvram set lan1_ifnames="vlan20 wl0.1"
    nvram set lan1_ifname="br1"
    
    # save nvram settings
    nvram commit
    
    Doing a little searching I found the following possible scripts. I can see the SSID, but not able to connect Android eventually response with authentication problem.
    However they do not seem to be working correctly, I cannot seem to authenticate.
     
  5. Zonkd

    Zonkd Senior Member

    Joined:
    Oct 19, 2014
    Messages:
    383
    AP mode can’t do routing. You must be set to router mode. You cannot do any of that in AP mode.
     
  6. smitty870

    smitty870 New Around Here

    Joined:
    Feb 19, 2019
    Messages:
    3
    Thanks, I had to try of course!
     
    Zonkd likes this.