Help Needed: Guest Wi-Fi and External DHCP

Discussion in 'Tomato Firmware' started by Kevin Glenn, Mar 26, 2014.

  1. Kevin Glenn

    Kevin Glenn Network Newbie Member

    So I am having a heck of a time here. This isn't my first time setting up Tomato. I have it running with isolated guest access on a Linksys E4200 my home network, but in that case it also serves DHCP and handles port forwarding and other firewall duties. It works great, but it's not my problem.

    Now I'm trying to set up Tomato at work on a Linksys E2500 and I'm running into a handful of issues. The first is my IP address; it is in the range. Second, I have DHCP running on a 2008 server and need the main Wi-Fi network to access and use it. Third, I already have a firewall on the network so I don't need to use any firewall features on the router.

    So my goal is this; I want to set up the e2500 with a "MainWiFi" network that gets DHCP from my 2008 server at This network should connect to the main work network and allow access to shared resources. When users connect to the MainWiFi they should be given an address in the range. I then want to have a "GuestWiFi" that is isolated from the main network and using a range like I assume the GuestWiFi will need it's own DHCP server, that's fine.

    I have followed 4 different "Tomato Guest WiFi" tutorials and I have been able to get so far as to have all of the wireless networks connecting to the internet and working properly (if I don't edit br0), but when using the GuestWiFi I am still able to access the computers on my main network. For example, even though the Guest WiFi gives me an IP of I am still able to access server resources like Outlook Web Access at Isolation is obviously not "enabled by default" as the documentation would have me believe. I tried a suggestion from this link; and tried adding the lines to the Administration-->Scripts section but it didn't stop me from traversing networks.

    The next issue is when I try to change the br0 bridge from to and disable DHCP my clients are stopped at the Tomato router when connecting to the MainWiFi and never get an address from DHCP. They end up with a Windows default IP and no Gateway. When I make this change the guest network also loses internet connectivity.

    I've reset the router and repeated almost the same steps like 5 or 6 times so let me see if I can write them down.

    1. Created new LAN bridge "br1"; IP:, NM:, DHCP:
    2. Created new VLAN "3"; all boxes empty, selected "LAN1 (br1)" as bridge
    3. Created new Virtual Wireless Interface "wl0.1"; SSID: Guest, MODE: AP, BRIDGE: LAN1 (br1)

    Any help would be greatly appreciated. I've been pulling my hair out all day trying to get this working. Good thing I have a spare WiFi router for my co-workers to use while I mess with this one!
