Tutorial for setting up 2 wireless networks?

Kim · July 6, 2013, 6:30pm

Hi.
I simply can’t figure out how to configure one router to host 2 seperated wireless networks, one for private (on one IP range) and one for guests (on another IP range).

Can anyone point me to a proper tutorial - or maybe in a simple way explain from scratch?

Thanks.

rjscomms · July 6, 2013, 9:42pm

Hello,

You could use a normal wireless lan for one network and a virtual access point for the other network.

Have a look back through the MUM presentations. There is one presentation (maybe 2008) that describes virtual access points in a campus setting.

Regards, Dave.

Rudios · July 7, 2013, 6:19am

You probably have a bridge with the etherports and the wlan port as members.

Create a virtual AP, with a dedicated security-profile.
Configure a new dedicated DHCP server with a different range than your internal network and connect that to your VAP.
Check your firewall rules in order to let the new network be able to connect to the internet.

I have done a somehow similar setup, but I did also use VLAN’s because I would like to connect two MT’s together and let them both serve both networks.

I will post my config later.

Kim · July 7, 2013, 1:01pm

The information that you give here, is found all over the place.
What I need is a tutorial.

Do this (and maybe even a “because…”)
Do this
etc…

When you say “Check your firewall rules in order to let the new network be able to connect to the internet” I simply don’t know how to do that properly.
I appreciate your response, but that’s not what I need. Don’t give me your setup.

I know there’s not a tutorial in this forum - or at least I haven’t been able to search my way to it.
So what I ask is if anyone knows where to find such?

Thanks.

Rudios · July 8, 2013, 8:16am

Can you tell us what your current config is.

If you would like to add a new Virtual AP, create one under /interfaces wireless
Use your current wlan interface as the master interface.
Create a new security profile in order to have different WPA(2) security.

It depends on your current config how your firewall rules needs to be ajusted.

Besides your current config, what is your exact goal?
Only a second wlan interface or should also some ether ports be separated?

Kim · July 8, 2013, 3:24pm

Hi Rudios.
Thanks for your reply - really appreciate it!

My goal is to have a separate wireless ap, on a separate network - a separate IP range, so guest can connect to the Internet without having access to my local network.
I did what you tell me to - and a bit more, collected from other instructions.

I created a virtual AP under “Interfaces”, with wlan1 as “Master Interface” - I actually have no other option.
I created a separate “Security Profile”.
I created a new entry under “Address List”, with the wanted address (for example: my private (local) network is 10.1.1.1, and the guest (public) network should be 10.1.10.1) and bound it to wlan2 (the new AP)
I created a DHCP server for the new wlan2 interface.

The result is that I can connect to the new wireless (wlan2), with the password from the new security profile. I get an IP, but the IP is not following the DHCP IP range for wlan2, but the standard (private) IP range. And there’s no actual connection out on the Internet.

As for the “Firewall Rules” part, I have no idea what to show you. I have not touched anything on that part.

Thanks!

Rudios · July 8, 2013, 5:04pm

You should create a new ip pool instead of an address list.
Use that ip pool for your WLAN dhcp server.

Of only internet Access is needed, probably your current Nat masquerade will do.
you have to allow the guest network to pass the router towards the internet and block access to your local network.
/ip firewall filter
add chain=forward in-interface=wlan2 out-interface=.It can all be done more sophisticated, but this will do.

Kim · July 8, 2013, 5:58pm

Hi again.
Now, I did what you said.

I Created an “IP Pool” (pool 1), and bound wlan2 to it, under “DHCP Server”.
I created the firewall entry.

Now, when my device try to connect, it is not accepted - I don’t get an IP address.
Under “IP Pool” I changed the original “dhcp” pool to point to “Next Pool = pool1” - it makes no difference as far as I can see…

Under “DHCP Server” the wlan2 is red - as if something is missing?

Rudios · July 8, 2013, 6:43pm

It would be nice if you post your config.
Do an export compact and post it here, much easier to see what’s wrong.

Kim · July 9, 2013, 1:46pm

With this setup, I get an IP address in the given range. But no access to the Internet…

Rudios · July 9, 2013, 5:07pm

I think you can leave out the source address on the Rico.
You should however create a NAT arc-nat rule to masquerade your internal IP.

Kim · July 9, 2013, 7:16pm

Well - I already tried that, without any luck.
Anyway - I don’t think we get any further.
Thanks for your time, Rudios!

Rudios · July 10, 2013, 4:58am

Are you also giving a Default Gateway via DHCP and does your WLAN 2 interface have an IP address?

You also need some serious forward chain firewall rules.

Kim · May 21, 2016, 7:51am

I followed this tutorial, and got it to work.
http://www.wirelessinfo.be/index.php/mikrotik/pages/vap1