1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with guest network please

Discussion in 'Tomato Firmware' started by Cino72, Jul 27, 2014.

  1. Cino72

    Cino72 Reformed Router Member

    Question #1 i have large house and have wired 4 routers together to extend my wireless range. they have different sid since i prefer that.

    #1 192.168.1.1 this router handles most everything dhcp gateway guest network ect
    #2 192.168.1.2 wireless uses 192.168.1.1 as gateway
    #3 192.168.1.3 wireless uses 192.168.1.1 as gateway
    #4 192.168.1.4 wireless uses 192.168.1.1 as gateway

    on the primary router I set up a separate vlan and created a bridge and all that to segment the guest from the internal network it runs off 10.10.*.* network. the guest network is fine and works great but how do i get router #2 and #3 and #4 to broadcast the guest network? would i have to set up a separate vlan and bridge on each device?

    Question#2
    it looks like my guest could type in 192.168.1.1 to hit the router config page how can i block that request?

    all the routers have tomato on them

    Tia
     
  2. i1135t

    i1135t Network Guru Member

    I've been able to do this with just two routers but don't see why you cannot do it with more. Once I created the VLAN on my second router and assigned the guest network to it, I added a static route from my primary router to point to the IP of second router so traffic can flow back to it on the return route. For you, I guess each router would need to have a separate VLAN and network scope for the guest network on each AP and add the routes from your primary router and it should work too. To have them be able to talk to each other is a little more complicated but I could see that it's possible if they all physically connect to a common switch, all each VLANed of course and on the same network scope. Good luck!

    Oh btw, don't forget to add iptable rules on each local AP to block access for administering each local router through http, telnet and ssh so they are completely isolated which is the purpose of a guest network.
     
  3. abubin

    abubin Addicted to LI Member

    question #1: yes you do need to create separate vlan and bridge for each of the routers.
     

Share This Page