Differences

This shows you the differences between two versions of the page.

--- howto:use_cases:wireless:guest_ap [2016/02/15 09:23]
admin [GUI]
+++ howto:use_cases:wireless:guest_ap [2018/05/24 09:05]
@@ Line 1: / Line 1: @@
-====== Guest AP ======
-A 'wireless guest ap' basically is just an VAP (__V__irtual __A__ccess-__P__oint) running on the same physically wireless interface as the normal access-point.
-However the VAP can have its own SSID with its own encryption settings which differs form the main wlan.
-Running the guest instance as a virtual interface, makes it possible to separate it completeley from the private part of the network.
-===== Overview =====
-==== Level of difficulty ===
-   Medium
-==== Use-case ===
-It is quiet nice to let friends and other visitors use your wireless network to give them access to the internet. But offering the private wireless password, even to close friends, isn't a preferrable option.
-These instructions shows how to setup an independent guest-network with the following properties:
-^ wireless guest access ^^
-|SSID: | guest-wlan |
-|Passphrase: | guest-access |
-|Encryption: | WPA2-PSK (AES) |
-|Network: | 192.168.101.1 |
-|DHCP: | yes |
-|DHCP range: | 62 - 100 |
-|Internet: | yes |
-==== Related topics ====
-Aarticles:
-  * [[documentation:configuration:uci|UCI]] \\
-  * [[howto:general:dhcp:multiple_dhcp|Multiple DHCP-Server instances]] \\
-  * [[howto:general:virtual_ap|Multiple virtual ap's]] \\
-Config-files:
-  * [[documentation:configuration:config_files:config_network|/etc/config/network]] \\
-  * [[documentation:configuration:config_files:config_wireless|/etc/config/wireless]] \\
-  * [[documentation:configuration:config_files:config_dhcp|/etc/config/dhcp]] \\
-  * [[documentation:configuration:config_files:config_firewall|/etc/config/firewall]] \\
-===== Instructions =====
-==== GUI ====
-In this section we will configure step-by-step the guest access point.
-==== UCI Config System ====
-  * **Define new Network**
-<code>
-uci delete network.guest
-uci set network.guest=interface
-uci set network.guest.proto=static
-uci set network.guest.ipaddr=192.168.101.1
-uci set network.guest.netmask=255.255.255.0
-</code>
-  * **Define virtual wireless interface**
-__Note:__ the device 'wl0' must be replaced by the device listed in your 'wifi-device' section!
-<code>
-uci delete wireless.guest
-uci set wireless.guest=wifi-iface
-uci set wireless.guest.device=wl0
-uci set wireless.guest.mode=ap
-uci set wireless.guest.network=guest
-uci set wireless.guest.ssid=guest-wlan
-uci set wireless.guest.encryption=mixed-psk
-uci set wireless.guest.key=guest-access
-</code>
-  * **Add DHCP server for guest network**
-<code>
-uci delete dhcp.guest
-uci set dhcp.guest=dhcp
-uci set dhcp.guest.interface=guest
-uci set dhcp.guest.start=62
-uci set dhcp.guest.limit=38
-uci set dhcp.guest.leasetime=1h
-</code>
-  * **Setup firewall for guest-network**
-<code>
-uci delete firewall.guest_zone
-uci set firewall.guest_zone=zone
-uci set firewall.guest_zone.name=guest
-uci set firewall.guest_zone.network=guest
-uci set firewall.guest_zone.input=REJECT
-uci set firewall.guest_zone.forward=REJECT
-uci set firewall.guest_zone.output=ACCEPT
-uci delete firewall.guest_forwarding
-uci set firewall.guest_forwarding=forwarding
-uci set firewall.guest_forwarding.src=guest
-uci set firewall.guest_forwarding.dest=wan
-uci delete firewall.guest_rule_dns
-uci set firewall.guest_rule_dns=rule
-uci set firewall.guest_rule_dns.name='Allow DNS Queries'
-uci set firewall.guest_rule_dns.src=guest
-uci set firewall.guest_rule_dns.dest_port=53
-uci set firewall.guest_rule_dns.proto=udp
-uci set firewall.guest_rule_dns.target=ACCEPT
-</code>
-  * **Store changes**
-<code>
-uci commit
-</code>
-  * **Apply changes**
-<code>
-/etc/init.d/network restart
-</code>
-==== UCI config files (native) ====
-  * **Define new Network**
-[[documentation:configuration:config_files:config_network|/etc/config/network]]
-<code>
-config interface 'guest'
-        option proto 'static'
-        option ipaddr '192.168.101.1'
-        option netmask '255.255.255.0'
-</code>
-  * **Define virtual wireless interface**
-[[documentation:configuration:config_files:config_wireless|/etc/config/wireless]]
-<code>
-config wifi-iface
-        option device 'wl0'
-        option mode 'ap'
-        option network 'guest'
-        option ssid 'guest-wlan'
-        option encryption 'mixed-psk'
-        option key 'guest-access'
-</code>
-Note: key must contain at least 8 characters
-Note: the device 'wl0' must be replaced by the device listed in your 'wifi-device' section!
-  * **Add DHCP server for guest network**
-[[documentation:configuration:config_files:config_dhcp|/etc/config/dhcp]]
-<code>
-config dhcp 'guest'
-        option interface 'guest'
-        option start '62'
-        option limit '38'
-        option leasetime '1h'
-</code>
-  * **Setup firewall for guest-network**
-[[documentation:configuration:config_files:config_firewall|/etc/config/firewall]]
-New zone for 'guest':
-<code>
-config zone
-        option name 'guest'
-        list network 'guest'
-        option input 'REJECT'
-        option forward 'REJECT'
-        option output 'ACCEPT'
-</code>
-Allow internet access:
-<code>
-config forwarding
-        option src ‘guest’
-        option dest 'wan'
-</code>
-Allow DNS queries:
-<code>
-config rule
-        option name 'Allow-DNS'
-        option src 'guest'
-        option dest_port '53'
-        option proto 'tcpudp'
-        option target 'ACCEPT'
-</code>
-  * **Apply changes**
-<code>
-/etc/init.d/network restart
-</code>
-===== Troubleshooting =====
-   Not available, yet

Differences

Page Tools