WikiDevi.Wi-Cat.RU:DD-WRT/Separate WLANs

Source - Separate WLANs @ dd-wrt

NOTE: This is an old unmaintained and duplicate guide.

You should use one of the following currently maintained guides instead.

• To separate the WLAN from the LAN see: Separate LAN and WLAN
• To create more than one WLAN and optionally separate them see: Multiple WLANs

Introduction

This tutorial describes creating separate Wireless LANs. The example given here is creating two separate WLANs, one for secure network traffic with access to the Internet, the other for insecure Tivo traffic with no access to the "secure" network or the Internet. Additionally, one physical port (4) is associated with the insecure WLAN. This tutorial requires v.24. DD-WRT v.24 RC-5 was used in making this tutorial.

The purpose for this configuration is that I have two (DirectTV) TiVos, one with a wireless connection that doesn't support encryption and the other with a wired connection. I wanted to allow these two devices to communicate, without compromising the security of my internal network (since my wireless Tivo doesn't support encryption).

Configuration

Step 1: Create Wireless Networks

• a) Go to the 'Wireless -> Basic Settings' Page.

• b) Create the secure network on the physical interface (wl0)

and the insecure network on a virtual interface (wl0.1).

An example configuration is as follows:

Physical Interface wl0
Wireless Mode:                AP
Wireless Network Mode:        Mixed (or whatever you want)
Wireless Network Name (SSID): Home Network
Wireless Channel:             Auto (or whatever you want)
Wireless SSID Broadcast:      Enable
Network Configuration:        Bridged

Virtual Interfaces wl0.1
Wireless Network Name (SSID): Tivo Network
Wireless SSID Broadcast:      Disable
AP Isolation:                 Enabled
Network Configuration:        Unbridged
IP Address:                   192.168.11.1
Subnet Mask:                  255.255.255.0

• c) Go to the 'Wireless -> Wireless Security' Page.

• d) Configure wireless security settings any way you want

(I used WPA for my Secure Network and no security for my TiVos).

Physical Interface wl0
Security Mode:                WPA Personal
WPA Algorithms:               TKIP
WPA Shared Key:               *********
Key Renewal Interval:         3600

Virtual Interfaces wl0.1
Security Mode:                Disabled

Step 2: Create Tivo VLAN (2), bridge (br1),

and associate appropriate the appropriate interfaces (port 4 and wl0.1)

• a) Go to the 'Setup -> VLANs' page.
• b) Change port 4 to VLAN 2
• c) In addition to the above (I'm not sure that a & b actually do anything),

configure NVRAM to move port 4 to VLAN 2 with the following commands

(either through telnet/ssh or 'Administration -> Diagnostics')

nvram set vlan0ports="1 2 3 5*"
nvram set vlan2ports="4 5t"
nvram commit

• d) Create the following startup script (through 'Administration -> Diagnostics')

brctl addbr br1
brctl addif br1 wl0.1
brctl addif br1 vlan2 
ifconfig vlan2 up
ifconfig br1 up

Step 3: Internet Access or DHCP Server on Tivo Network

Now that the basic network has been created, some additional things might come in handy (such as Internet access or a DHCP server).

This section could be used to document this by another user who has need for these features.

The references section provides links to several different tutorials that all provide information that will help in configuring these types of things.

Although I would start with VLAN Detached Networks (Separate Networks With Internet)

References

• Forum Discussion
• Multiple WLANs - Easy GUI guide for creating multiple WLAN's.
• VLAN Configuration
• Separate LAN and WLAN
• WLAN separate from LAN, with independent DHCP
• VLAN Detached Networks (separate Networks with Internet)