Hi All,
I'm trying to configure an 751 router with two SSID to provide internet for two separate LANs.
I've configured the default wifi interfase with SSID01.
This interfase belongs to bridge-local and works fine.
For the second SSID, Iv'e done as follows:
1. Created a VirtualAP and gave it a SSID02
2. Created an IP address for wlan2 (SSID02).
3. Created a separate DHCP Server with a new subnet. (176.168.1.0)
4. Configured the Network for the DHCP with the wlan2 IP address as gateway.
5. Created a IP NAT masquerade for all traffic from lan 176.168.1.0 to go through ether1-gateway
I'm able to connect to the SSID02 and get an IP address from the defined pool (176.168.1.200), but I'm unable to connect to the internet through that wifi connection.
The original connection SSID01 works fine.
What am I missing in order to let SSID02 connect to the internet?
Thanks
Re: Multiple SSID with separate LANs
Could be a bunch of things. Post your export.Hi All,
I'm trying to configure an 751 router with two SSID to provide internet for two separate LANs.
I've configured the default wifi interfase with SSID01.
This interfase belongs to bridge-local and works fine.
For the second SSID, Iv'e done as follows:
1. Created a VirtualAP and gave it a SSID02
2. Created an IP address for wlan2 (SSID02).
3. Created a separate DHCP Server with a new subnet. (176.168.1.0)
4. Configured the Network for the DHCP with the wlan2 IP address as gateway.
5. Created a IP NAT masquerade for all traffic from lan 176.168.1.0 to go through ether1-gateway
I'm able to connect to the SSID02 and get an IP address from the defined pool (176.168.1.200), but I'm unable to connect to the internet through that wifi connection.
The original connection SSID01 works fine.
What am I missing in order to let SSID02 connect to the internet?
Thanks
-
-
abelardocarioca
just joined
- Posts: 7
- Joined:
Re: Multiple SSID with separate LANs
To make things simpler, what I want to achieve is in the attached diagram:
Based on the default configuration I'm connecting:
internet to ether1-gateway
LAN to ether2-master
And configuring WIFI for access from our local users in the OFFICE.
This works out of the box without problems.
Now, I want to add a second wlan for guests that want connect in our offices and maintain them separate from our LAN, just give them internet access with an independent subnet.
How can I go about configuring this second wlan?
Thanks
Based on the default configuration I'm connecting:
internet to ether1-gateway
LAN to ether2-master
And configuring WIFI for access from our local users in the OFFICE.
This works out of the box without problems.
Now, I want to add a second wlan for guests that want connect in our offices and maintain them separate from our LAN, just give them internet access with an independent subnet.
How can I go about configuring this second wlan?
Thanks
You do not have the required permissions to view the files attached to this post.
Re: Multiple SSID with separate LANs
1) Create a bridge for the guest network.
To configure the firewall part i'd need to see your firewall rules. Basically you need to block access between the networks, etc. I'd also disable the neighbor discovery and everything else (web-box, etc) from the guest network.
Thats the basic idea though.
ros code
/interface bridge add name="bridge-guest"/code2] 2) Assign the Bridge an Address [code2=ros]/ip address add interface="bridge-guest" address=172.16.0.1/243) Setup a DHCP Pool
ros code
/ip pool add name="guest-pool" ranges=172.16.0.2-172.16.0.2544) Add a DHCP Network
ros code
/ip dhcp-server network add address=172.16.0.0/24 gateway=172.16.0.1 dns=172.16.0.15) Add a DHCP Server
ros code
/ip dhcp-server add name="guest-dhcp" interface=bridge-guest address-pool=guest-pool6) Add a Virtual Access Point and Configure The Security Settings as you wish.
ros code
/interface wireless add master-interface=wlan1 name=wlan-guest7) Add Virtual Access Point to Bridge
ros code
/interface bridge port add bridge=bridge-guest interface=wlan-guest
To configure the firewall part i'd need to see your firewall rules. Basically you need to block access between the networks, etc. I'd also disable the neighbor discovery and everything else (web-box, etc) from the guest network.
Thats the basic idea though.
-
-
abelardocarioca
just joined
- Posts: 7
- Joined:
Re: Multiple SSID with separate LANs
Following the suggested configuration I'm able to connect to the office wlan1 and have internet access, but once again I cannot get internet access using the VirtualAP in wlan2.
wlan2 is part of a new guest-bridge
guest-bridge has a DHCP server assigned with a separate IP pool.
and the guest-bridge has an IP address correspondind to its subnet.
When connecting to wlan2 I get a valid IP address but I'm unable to access the internet.
wlan2 is part of a new guest-bridge
guest-bridge has a DHCP server assigned with a separate IP pool.
and the guest-bridge has an IP address correspondind to its subnet.
When connecting to wlan2 I get a valid IP address but I'm unable to access the internet.
Re: Multiple SSID with separate LANs
As I said before... post your export compact.... I can't troubleshoot your config without seeing the config.Following the suggested configuration I'm able to connect to the office wlan1 and have internet access, but once again I cannot get internet access using the VirtualAP in wlan2.
wlan2 is part of a new guest-bridge
guest-bridge has a DHCP server assigned with a separate IP pool.
and the guest-bridge has an IP address correspondind to its subnet.
When connecting to wlan2 I get a valid IP address but I'm unable to access the internet.
Who is online
Users browsing this forum: mtbdrew and 43 guests