  hi2shy

    hi2shy


    Many thanks to Malitiacurt for his advice on getting my router onto Tomato firmware. I'm using Toastman firmware, VLAN-std and am trying to setup a guest wifi that is not able to see my network shares.

    I followed the instructions in the 2nd post on this link:

    I have set the guest wifi to WPA AES but I couldn't connect initially. Turns out I had to add a space to the end of the password. I've finally managed to connect on the guest wifi but now I have no internet access. I'm not sure what I'm doing wrong here. I hope someone can help me out here.

  Malitiacurt

    Malitiacurt

    Did you only create a new virtual wireless (eg wl0.1)?

    You have to make sure you created a new bridge (eg. br1) with a different ip address/ip range than the one for your main network.

    You also have to create new VLAN for the guest wifi network. (By default vlan 1 is for your normal LAN (br0), vlan 2 is for the WAN, so you should have a vlan 3 for br1.)

    Then make sure to bridge the new wifi network to the network bridge (w0.1 to br1).

    That should be it really.
  hi2shy

    hi2shy

    I seem to be getting myself really confused here! I haven't even started to understand VLANs!!! I'll upload my settings to see if that will shed some light on what I'm doing wrong.

    Attached Files:

  radionerd

    radionerd

    On Virtual Wireless.png You should put something like "guest" in the ssid, then it should show up. Wl0.1 is virtual 2.4Ghz ssid needs something like "Guest" assign it to br1. Looks like everything is good but the SSID is blank.
    Hope this helps,
  Malitiacurt

    Malitiacurt

    I think he blanked out the names of the SSID.

    Hi2shy, based on the screenshots your settings (under Basic, Virtual Wireless and VLANs are correct.)

    However, a few things concern me that could screw things up.

    a) You mentioned the guest wifi is WPA AES. You mean WPA2 AES correct? Virtual wireless interface's security mode should be the same as the main wireless (or none at all). However, I'm guessing it works if you can connect fine to the guest wifi (and get an IP, check to make sure you do get an IP and can ping on your guest wifi).

    b) There is something odd about your setup looking at the basic Settings (LAN.png) screenshot. Your router ( has DHCP enabled and hands out IP's on a range of the 192.168.0.X subnet. However you also have gateway with DNS and WINS enabled at Is that ( also a DHCP server that hands out IP's on the 192.168.0.X subnet?

    And what is this router's WAN IP ( is it's LAN IP, but curious to know if this router's WAN IP is the same as it's LAN IP).

    (I suspect it has something to do with the fact VLAN's are normally isolated. But it seems your router's WAN and LAN are both on the 192.168.0.X subnet, so the VLAN isolation prevents clients on the 192.168.1.X subnet from accessing the 192.168.0.X subnet, hence preventing guest clients from accessing the gateway).

    c) I have to ask just in case, you don't have any IPTABLES rules set in your scripts/firewall under Tomato right?

    IMO the best way to debug this is to start pinging up the 'tree' to see how far you get. Get a computer on the guest wifi.

    If you can ping, then you're connected to the guest router correctly.
    You should also be able to ping from the guest wifi as they're the same gateway.

    Then try to ping If you can't, then either your Tomato router is preventing that or you have some settings on your gateway that's preventing that.
  hi2shy

    hi2shy

    Thanks for the detailed reply.

    a) Yes, that's right, it is WPA2 AES. I think it was set to WPA before when I originally posted but I changed it and I can now connect to the guest wifi.

    b) Yes, is the internet router that also acts as the DHCP. So I use the as the gateway, DNS and the DHCP. The tomato router (WRT320N) has an IP address of

    c) No iptables yet. I did try some but they didn't work for me!!

    OK, I will give the pinging tree a go tonight. Thanks for all your help so far!
