1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How-To: Guest Network/Vlan on Access Point(AP){Dual-Band}<->Router

Discussion in 'Tomato Firmware' started by dleepublic, Apr 4, 2013.

  1. dleepublic

    dleepublic Reformed Router Member

    Here is how I setup a Guest/vlan wireless on a Access Point(AP) with dual-band. The Tomato AP is connected to a Tomato Router.
    My problem was getting the Guest network to connect to the Internet.

    Hope this helps someone.
    Also, open to suggestions if there is a better way.

    My Configuration
    ===============
    Router[192.168.11.1]
    Toastman Tomato/WNR3500Lv1
    LAN IP: 192.168.11.1
    DHCP: 192.168.11.100-150
    Wireless: Off
    Tomato Firmware v1.28.7495 MIPSR2-Toastman-RT K26 USB VPN

    Access Point(AP)[192.168.11.3]
    Shibby Tomato/F7D8301
    LAN/br0: 192.168.11.3, DHCP OFF
    (Guest Network)LAN/br1: 192.168.22.1, DHCP: 192.168.22.200-208
    Tomato Firmware 1.28.0000 MIPSR2-108 K26 USB Big-VPN

    NOTE:
    Network 192.168.11.X has the DHCP on the Router
    Network 192.168.22.X has the DHCP on the AP
    DNS[192.168.11.1] is on the Router

    Overview
    ========
    Basically, I followed the standard steps for configuring a Router<->AP.
    My wireless clients for {2.4Ghz and 5.0Ghz} on 192.168.11.X worked fined.

    I then followed the standard steps for configuring a Guest/vlan wireless using 2.4Ghz.
    *but* -- my wireless Guest/vlan clients on 192.168.22.X could not access the Internet, etc.

    The Problem
    ===========
    There are 3 problems that needed to be solved to fix this:
    1) The Router needs to know how to route to 192.168.22.X
    2) The AP needs to know how to route to any network (including the Internet)
    3) Clients on 192.168.22.X need to know the correct DNS server

    The Solution
    ===========
    1) The Router needs to know how to route to 192.168.22.X
    Basically, if the Router needs to send information to the 192.168.22.X network, the Router should send it to the Access Point(AP)[192.168.11.3], and let the AP take it from there. Add the static route below

    Router: Advanced->Routing->Static Routing Table
    Destination: 192.168.22.0
    Gateway: 192.168.11.3
    Subnet Mask: 255.255.255.0
    Metric: 0
    Interface: LAN

    2) The AP needs to know how to route to any network (including the Internet)
    Basically, if the AP needs to send information to any network (including the Internet) send it to the router; let the Router figure it out. Thus, on the AP you need to configure a default route to the Router[192.168.11.1]. Add the default route to firewall script below.

    AP: Administration->Scripts->Firewall
    route add default gw 192.168.11.1 br0

    3) Clients on 192.168.22.X need to know the correct DNS server
    The DNS server is 192.168.11.1 -- so we need to tell all clients of 192.168.22.X the DNS server is 192.168.11.1. Clients of 192.168.22.X are on br1(bridge1)

    AP: Advanced->DHCP/DNS->Dnsmasq Custom configuration
    dhcp-option=br1,6,192.168.11.1
     

Share This Page