What's new

Guest Wifi DHCP with separate subnet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
Hello All,

I wanted to see about how I can get a separate DHCP range that is in a completely different subnet working via the dnsmasq.postconf file found via this tutorial. Here's a general overview of my setup:

Fios > Enterprise firewall > Static Route on firewall pointing to WAN IP of RT-AC3100 > SSID

Background: RT-AC3100 is in routed mode.

For simplicity and masking purposes, I will use different subnets, but will convey the same message:
Regular DHCP Range via normal/main SSID:
Guest DHCP Range via Guest SSID:

Below is the config I added to the dnsmasq.postconf file:
source /usr/sbin/helper.sh
logger "dnsmasq-dhcp: Configure wl1.1 to have special DHCP"
ifconfig wl1.1 netmask
iptables -D INPUT -i wl1.1 -j ACCEPT
iptables -I INPUT -i wl1.1 -j ACCEPT
ebtables -t broute -D BROUTING -i wl1.1 -p ipv4 -j DROP
ebtables -t broute -I BROUTING -i wl1.1 -p ipv4 -j DROP
pc_append "
" /tmp/etc/dnsmasq.conf

I have tried changing the ifconfig line to be the first IP in the subnet (.193), as well as the dhcp-option to change it to match what is on the ifconfig line. I've also tried (even though I knew it wouldn't work) adding the dhcp-option to make the next-hop gateway the IP of the router's main DHCP range (the management IP of the LAN SSID). I've gotten to the point where hosts that connect to the guest SSID get an IP in the proper Guest DHCP subnet, but traffic never gets to my firewall. I've tried adding a static route for the Guest DHCP range in the LAN > Route section, I've tried without the route...I'm not really sure what I'm missing here.

I guess my question is: is this even possible (two separate subnets aggregating on the RT-AC3100)? I have to assume the answer is yes, and I'm just missing something blatantly obvious, but I'm out of ideas after tinkering with this for multiple hours. Ultimately, I'd like it so the Guest DHCP range leaves the WAN interface (NAT is disabled) and enter my firewall. With each change, I've restarted the service to ensure it's injecting the latest code into the /etc/dnsmasq file.

Any help or insight would be greatly appreciated.
Just one more detail. I am able to ping the SSID IP ( from the enterprise firewall without any issues. I also changed the and there is no change.
So I downloaded YazFi, but now it won't let me assign the subnet that I had configured for the guest wifi. I tried commenting out the lines in the /jffs/scripts/dnsmasq.postconf file, changing the name of the file to back it up and restarting dnsmasq. I always threw an error saying an interface with the IP already existed. Tried uninstalling/reinstalling YazFi, but the only workaround seemed to be changing the guest DHCP range. Any ideas?
You probably didn't down this:
ifconfig wl1.1 netmask

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!