This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
howto:use_cases:wireless:guest_ap [2015/06/30 13:43] admin [UCI config files (native)] |
howto:use_cases:wireless:guest_ap [2018/05/24 09:05] (current) |
||
---|---|---|---|
Line 30: | Line 30: | ||
Aarticles: | Aarticles: | ||
- | * [[documentation:configuration:uci|UCI]] \\ | ||
* [[howto:general:dhcp:multiple_dhcp|Multiple DHCP-Server instances]] \\ | * [[howto:general:dhcp:multiple_dhcp|Multiple DHCP-Server instances]] \\ | ||
* [[howto:general:virtual_ap|Multiple virtual ap's]] \\ | * [[howto:general:virtual_ap|Multiple virtual ap's]] \\ | ||
Line 44: | Line 43: | ||
==== GUI ==== | ==== GUI ==== | ||
- | Not available, yet | + | In this tutorial we will configure step-by-step the guest access point. |
- | ==== UCI Config System ==== | + | At first open your browser and go to your router's configurations website (default: 192.168.11.1). Log in to the router with your password. |
- | * **Define new Network** | + | Go to the __Network Settings__ tab and then to __Wireless__. |
- | <code> | + | |
- | uci delete network.guest | + | |
- | uci set network.guest=interface | + | |
- | uci set network.guest.proto=static | + | |
- | uci set network.guest.ipaddr=192.168.101.1 | + | |
- | uci set network.guest.netmask=255.255.255.0 | + | |
- | </code> | + | |
- | + | ||
- | * **Define virtual wireless interface** | + | |
- | __Note:__ the device 'wl0' must be replaced by the device listed in your 'wifi-device' section! | + | |
- | <code> | + | {{ :howto:use_cases:wireless:nxtgui_guestap1.png?nolink&800 |}} |
- | uci delete wireless.guest | + | |
- | uci set wireless.guest=wifi-iface | + | |
- | uci set wireless.guest.device=wl0 | + | |
- | uci set wireless.guest.mode=ap | + | |
- | uci set wireless.guest.network=guest | + | |
- | uci set wireless.guest.ssid=guest-wlan | + | |
- | uci set wireless.guest.encryption=mixed-psk | + | |
- | uci set wireless.guest.key=guest-access | + | |
- | </code> | + | |
- | + | ||
- | * **Add DHCP server for guest network** | + | |
- | <code> | + | |
- | uci delete dhcp.guest | + | |
- | uci set dhcp.guest=dhcp | + | |
- | uci set dhcp.guest.interface=guest | + | |
- | uci set dhcp.guest.start=62 | + | |
- | uci set dhcp.guest.limit=38 | + | |
- | uci set dhcp.guest.leasetime=1h | + | |
- | </code> | + | |
- | + | ||
- | * **Setup firewall for guest-network** | + | |
- | <code> | + | |
- | uci delete firewall.guest_zone | + | |
- | uci set firewall.guest_zone=zone | + | |
- | uci set firewall.guest_zone.name=guest | + | |
- | uci set firewall.guest_zone.network=guest | + | |
- | uci set firewall.guest_zone.input=REJECT | + | |
- | uci set firewall.guest_zone.forward=REJECT | + | |
- | uci set firewall.guest_zone.output=ACCEPT | + | |
- | + | ||
- | uci delete firewall.guest_forwarding | + | |
- | uci set firewall.guest_forwarding=forwarding | + | |
- | uci set firewall.guest_forwarding.src=guest | + | |
- | uci set firewall.guest_forwarding.dest=wan | + | |
- | + | ||
- | uci delete firewall.guest_rule_dns | + | |
- | uci set firewall.guest_rule_dns=rule | + | |
- | uci set firewall.guest_rule_dns.name='Allow DNS Queries' | + | |
- | uci set firewall.guest_rule_dns.src=guest | + | |
- | uci set firewall.guest_rule_dns.dest_port=53 | + | |
- | uci set firewall.guest_rule_dns.proto=udp | + | |
- | uci set firewall.guest_rule_dns.target=ACCEPT | + | |
- | </code> | + | |
- | + | ||
- | * **Store changes** | + | |
- | <code> | + | |
- | uci commit | + | |
- | </code> | + | |
- | + | ||
- | * **Apply changes** | + | |
- | <code> | + | |
- | /etc/init.d/network restart | + | |
- | </code> | + | |
- | + | ||
- | ==== UCI config files (native) ==== | + | |
- | + | ||
- | * **Define new Network** | + | |
- | [[documentation:configuration:config_files:config_network|/etc/config/network]] | + | |
- | <code> | + | |
- | config interface 'guest' | + | |
- | option proto 'static' | + | |
- | option ipaddr '192.168.101.1' | + | |
- | option netmask '255.255.255.0' | + | |
- | </code> | + | |
- | + | ||
- | * **Define virtual wireless interface** | + | |
- | [[documentation:configuration:config_files:config_wireless|/etc/config/wireless]] | + | |
- | <code> | + | |
- | config wifi-iface | + | |
- | option device 'wl0' | + | |
- | option mode 'ap' | + | |
- | option network 'guest' | + | |
- | option ssid 'guest-wlan' | + | |
- | option encryption 'mixed-psk' | + | |
- | option key 'guest-access' | + | |
- | </code> | + | |
- | Note: the device 'wl0' must be replaced by the device listed in your 'wifi-device' section! | + | |
- | + | ||
- | * **Add DHCP server for guest network** | + | |
- | [[documentation:configuration:config_files:config_dhcp|/etc/config/dhcp]] | + | |
- | <code> | + | |
- | config dhcp 'guest' | + | |
- | option interface 'guest' | + | |
- | option start '62' | + | |
- | option limit '38' | + | |
- | option leasetime '1h' | + | |
- | </code> | + | |
- | + | ||
- | * **Setup firewall for guest-network** | + | |
- | [[documentation:configuration:config_files:config_firewall|/etc/config/firewall]] | + | |
- | + | ||
- | New zone for 'guest': | + | |
- | <code> | + | |
- | config zone | + | |
- | option name 'guest' | + | |
- | list network 'guest' | + | |
- | option input 'REJECT' | + | |
- | option forward 'REJECT' | + | |
- | option output 'ACCEPT' | + | |
- | </code> | + | |
- | Allow internet access: | + | In the under right corner of every radio you will notice a button [+] which creates a new virtual access point. After creating the access point a SSID is required. To edit the existing one click on the pencil next to the name of the access point of your choice. |
- | <code> | + | |
- | config forwarding | + | |
- | option src ‘guest’ | + | |
- | option dest 'wan' | + | |
- | </code> | + | |
- | Allow DNS queries: | + | {{ :howto:use_cases:wireless:nxtgui_guestap2.png?nolink&800 |}} |
- | <code> | + | |
- | config rule | + | |
- | option name 'Allow-DNS' | + | |
- | option src 'guest' | + | |
- | option dest_port '53' | + | |
- | option proto 'tcpudp' | + | |
- | option target 'ACCEPT' | + | |
- | </code> | + | |
- | * **Apply changes** | + | After choosing or creating your access point you must open the __Advanced__ section underneath the encryption settings. Now you must select __Bridge to__ **GUEST_LAN** and now it's separated from the other LANs. |
- | <code> | + | |
- | /etc/init.d/network restart | + | |
- | </code> | + | |
===== Troubleshooting ===== | ===== Troubleshooting ===== |