Implementing Inexpensive Multiple SSID Networks: Part II - Page 2

By Eric Geier

December 04, 2007

Adding the virtual interface(s)

 

The first item on the list is to configure the virtual SSID interface(s):

 

  1. Select the Wireless tab.
  2. Under the Virtual Interfaces section, click Add.
  3. Specify your desired SSID, broadcast, and isolation settings; but make sure you set the network configuration as Unbridged and create a subnet by defining an IP address and subnet mask for the interface.

 

Figure 1 [below] shows an example of configuring the virtual SSID to be segregated from the main SSID. This is because the virtual interface IP address (192.168.2.1) is on another subnet from the main SSID’s IP address (192.168.1.1).

figure1.png

 

If you wanted the virtual SSID to be on the same VLAN as the main SSID, (meaning people on the virtual SSID could access the network of the main SSID) you could, for example, enter 192.168.1.2 for the virtual interface IP address.

 

Later, you’ll have to specify the DHCP settings, including the IP address range that matches the IP information you set up here.

 

4. Click the Save button to save, but not apply your changes.

 

Configuring the DNS and DHCP settings

 

Now, you must manually configure the DNS and DHCP settings for each virtual interface:

 

  1. Select the Services tab.
  2. Under the DNSMasq section, enter the following set of code (with any applicable edits as discussed) in the Additional DNSMasq Options box for each virtual SSID:

 

interface=wl0.1

dhcp-option=wl0.1,3,192.168.2.1

dhcp-option=wl0.1,6,192.168.1.1

dhcp-range=wl0.1,192.168.2.100,192.168.2.249,255.255.255.0,1440m

 

figure2.png

Figure 2: Example of configuring the DNS and DHCP settings.

 

 

Keep in mind each virtual SSID requires its own set of code. Additionally, make sure you specify the correct interface number in each set. The wl0.1 refers to the Virtual Interface wl0.1 SSID (seen in the wireless section of DD-WRT); for example if you are setting up a second virtual SSID then its set of code would contain wl0.2, the third would be wl0.3, and so on.

 

Even when using only one virtual SSID, you should also keep in mind the other variables this code presents:

·        The IP address in the second line of code should be the address you specified earlier when setting up the virtual interface in the wireless section.

·        The IP address in the third line of code should be the main or original address of your router which is 192.168.1.1 by default.

·        The last line of the code specifies (in consecutive order) the following, separated by comas in the code:

o       Starting IP address of the DHCP addresses, matching the subnet you defined.

o       Ending IP address of the DHCP addresses, matching the subnet you defined.

o       Subnet mask.

o       Client lease time. (in minutes)

 

3. Click the Save button to save but not apply your changes.

 

Configuring Firewall (VLAN) Settings

You also have to manually configure firewall settings for each virtual interface to prevent users on the virtual SSID(s) from accessing the original network:

 

  1. Click the Administration tab.
  2. Click the Commands tab.
  3. Enter the following in the Commands box for each virtual SSID:

 

iptables -I INPUT -i wl0.XXX -m state --state NEW -j logaccept

 

Replace XXX with the virtual interface number shown on the main wireless page of DD-WRT.

 

Note: If you already have specified commands (shown in the Firewall section) click the Edit button which should make your existing commands appear in the commands box. After you make your desired additions/edits in the box, you can click the Save Firewall button as step six instructs.

 

  1. Add the following two lines of code in the Commands box for each virtual interface you want to segregate from the main SSID:

 

iptables -I FORWARD -i wl0.XXX -o br0 -j logdrop

iptables -I FORWARD -i br0 -o wl0.XXX -j logdrop

 

Replace XXX with the virtual interface number shown on the main wireless page of DD-WRT.

 

  1. If you have more than one virtual SSID and you want to segregate the virtual SSIDs from each other, add the following two lines of code (with applicable edits as discussed) in the Commands box for each virtual SSID link you would like to segregate:

 

For example, if you have two virtual SSIDs (not counting your main one) you would like to segregate, add the following:

 

(This prevents communication like file sharing, pinging, etc between your first and second virtual SSID.)

 

iptables -I FORWARD -i wl0.1 -o wl0.2 -j logdrop

iptables -I FORWARD -i wl0.2 -o wl0.1 -j logdrop

 

When adding your third virtual SSID that you would like to segregate from the others you would add the following two sets of code:

 

(This prevents communication between your third and first virtual SSID)

 

iptables -I FORWARD -i wl0.1 -o wl0.3 -j logdrop

iptables -I FORWARD -i wl0.3 -o wl0.1 -j logdrop

 

(This prevents communication between your third and second virtual SSID)

 

iptables -I FORWARD -i wl0.2 -o wl0.3 -j logdrop

iptables -I FORWARD -i wl0.3 -o wl0.2 -j logdrop

 

  1. Click Save Firewall.
  2. Click the Management sub-tab of the Administration section.
  3. Scroll down and click Apply Settings.

 

You’re done; your router should now be broadcasting multiple SSIDs!

 

Finish reading the tutorial.

 

 

Pages: 1 2 3


Comment and Contribute
(Maximum characters: 1200). You have
characters left.