bomba6 Posted August 14, 2013 Share Posted August 14, 2013 Hi. I was wondering: can I create a "guest wifi" network with my current routers, without the need to buy a new smart router? As demonstrated in the picture, I have a "main" tp-link 741 router, a second 741 router that is configured as an AP (wds) which is connected wireless to the main router. I also have an old 3com router which now serves as a switch/hub (its wifi is turend off by me) and connected by wire to the main router. I would like to know if it is possible to use the 3com to create a guest wifi that could only connect the Internet, while the wired clients connected to it need to retain the access to the inner network. Thanks! Link to comment Share on other sites More sharing options...
manroweb Posted August 14, 2013 Share Posted August 14, 2013 Not sure you can create it with a the default firmware, but on the TP LINK 741 you can load dd-wrt. This will allow you to setup multiple SSID's from one Access point, and have them separated. Link to comment Share on other sites More sharing options...
bomba6 Posted August 14, 2013 Author Share Posted August 14, 2013 Yes, I know that, but I was trying to avoid installing a firmware on my router. (Don't want to brick it). Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted August 14, 2013 Veteran Share Posted August 14, 2013 Unless the router advertises it as a supported function, you'll probably need to flash a 3rd party firmware like OpenWRT on it, my router supported it out of the box, but it was a "power user" router. Link to comment Share on other sites More sharing options...
TPreston Posted August 14, 2013 Share Posted August 14, 2013 huh ? if he is going to use two routers cant he just change the subnet and ip4 gateway to the other router ? Still I doubt this would give him different vlans and the firewall is probably rubbish only supporting "low medium high" Link to comment Share on other sites More sharing options...
manroweb Posted August 14, 2013 Share Posted August 14, 2013 huh ? if he is going to use two routers cant he just change the subnet and ip4 gateway to the other router ? Still I doubt this would give him different vlans and the firewall is probably rubbish only supporting "low medium high" I took the diagram to mean he needed both current access points as they were for the existing network. Maybe that was a wrong assumption to make. Will have to wait for the OP to reply Link to comment Share on other sites More sharing options...
bomba6 Posted August 14, 2013 Author Share Posted August 14, 2013 That's correct, I can't change the topology of the network. All I can (and hope to) do is enable the WiFi in the 3com and separate the WiFi only from my network. The computers connected by wire need to stay there, with the same subnet as the other computers in the network. Link to comment Share on other sites More sharing options...
JonnyLH Posted August 14, 2013 Share Posted August 14, 2013 (edited) huh ? if he is going to use two routers cant he just change the subnet and ip4 gateway to the other router ? Still I doubt this would give him different vlans and the firewall is probably rubbish only supporting "low medium high" Although they're called routers, home routers are just gateways which simple switching capabilities. They can't actually route between networks. They work on L2. This idea is a very long shot but you can try this: Subnet the whole network apart from the guest wireless network to the defacto 192.168.0.0/24. Whatever device is your gateway, make sure that IP sits on the highest IP so: 192.168.0.254. Subnet the guest network to 192.168.0.224/28. In theory, the guest network can't talk to any machine on the main subnet but since the gateway is still in range, it'll be able to talk to the internet. Even though technically the guest device is in the main subnet range, when it hits the client on the guest network, those boxes still can't talk to the main range. Edited August 14, 2013 by SHoTTa35 Cleaned - Left suggestions however TPreston 1 Share Link to comment Share on other sites More sharing options...
bomba6 Posted August 14, 2013 Author Share Posted August 14, 2013 Jonny, your idea is interesting, but as I mentioned, I need the PC and the Printer on the 3com to be in the same subnet as the PC on the 741 #1 (and #2). According to your solution, I can't have that. Am I right? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted August 14, 2013 Veteran Share Posted August 14, 2013 Another way you can do it is to create a double nat situation. Have one router closer to the internet than the other. The one that is directly off the internet would be your guest network and the router behind that would be your secure network. The guest network would never see anything on the secure network. This would be the most simple way of doing it without vlans, firmware updates, or other networking equipment. Otherwise you would (and is recommended) to have vlans and the proper networking equipment to be able to do what you want with the wireless. That includes having access points capable of multiple vlans and ssids Link to comment Share on other sites More sharing options...
JonnyLH Posted August 14, 2013 Share Posted August 14, 2013 Jonny, your idea is interesting, but as I mentioned, I need the PC and the Printer on the 3com to be in the same subnet as the PC on the 741 #1 (and #2). According to your solution, I can't have that. Am I right? Only way to do it is to change the subnet mask on the guest machines then, it sorta defies the point though. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted August 14, 2013 Veteran Share Posted August 14, 2013 Jonny, your idea is interesting, but as I mentioned, I need the PC and the Printer on the 3com to be in the same subnet as the PC on the 741 #1 (and #2). According to your solution, I can't have that. Am I right? If you need to be able to print from a different network, use google print or have a hp printer that supports eprint. With these options anything that can email can print, just send the doc as an attachment. In my scenerio you can open the port up for printing and forward it to a printer of your choosing, that would give anyone on the guest network the ability to print and not have access to anything else. Link to comment Share on other sites More sharing options...
bomba6 Posted August 14, 2013 Author Share Posted August 14, 2013 +sc302, again- the printer alone is not the problem. There are other PCs connected to the router. Thank you all for replying. I guess I'll just buy the 842 or 1043, or get enough courage to install DD-WRT. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted August 14, 2013 Veteran Share Posted August 14, 2013 The tp-link 842 does support multiple ssid's but it does not support vlans. IMO if you are looking for inexpensive, build a pfsense firewall you will need a nic for each vlan (to make life easier on you), then put your waps/accesspoints on the vlans you need them to be on. Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted August 14, 2013 Veteran Share Posted August 14, 2013 I wouldn't use DD-WRT, unless I'm missing something the last supported release was 5 years ago and has a known security flaw in it. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 14, 2013 MVC Share Posted August 14, 2013 ^ what??? 5 years ago -- you blind?? I show latest builds were dated 7-24-2013 ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2013/07-24-2013-r22118/ Link to comment Share on other sites More sharing options...
Roger H. Veteran Posted August 14, 2013 Veteran Share Posted August 14, 2013 Sorry guys, good info but it's off topic Let's help the OP with his problem :) To the OP, I think you'll need software to do it or get a "special router" (that already has the software basically). DD-WRT or Tomato or other 3rd part stuff is the best way to go in this regard unless you want to buy said special router. bomba6 1 Share Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted August 15, 2013 Veteran Share Posted August 15, 2013 ^ what??? 5 years ago -- you blind?? I show latest builds were dated 7-24-2013 ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2013/07-24-2013-r22118/ I'm not talking about trunk builds or whatever, I'm talking about "stable" builds. I'd never recommend using OpenWRT trunk builds to somebody, but I have no problem recommending stable builds, and stable OpenWRT builds have the benefit of not being out of date. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 15, 2013 MVC Share Posted August 15, 2013 Your statement was "supported" releases, they support the current releases be it they call them stable or not, etc.. I run development code for pfsense, not considered stable by any means.. But its clearly supported, if you find an issue you report it. Normally next snapshot that comes out corrects it, etc. So the current version for openwrt is great, unless your on a lower end box.. Then they suggest you use backfire, which is OLD -- so what is your point? "Lower end devices with only 16 MiB RAM will easily run out of Memory, for bcm47xx based devices is Backfire with brcm-2.4 recommended" Clearly dd-wrt is being supported -- look at their changes and tickets http://svn.dd-wrt.com/timeline Just because they don't call the release "stable" seems an odd reason to tell someone not to use it.. Are they in an enterprise with 100's of people using the internet and if the router goes down they loose their job or get some boss yelling at them -- wtf you using non "stable" code for ;) Link to comment Share on other sites More sharing options...
bomba6 Posted August 16, 2013 Author Share Posted August 16, 2013 Solved by installing DD-WRT on the main 741. Easy installation, not so straight forward configuration, but explained really well in their Wiki. Thanks everybody. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 16, 2013 MVC Share Posted August 16, 2013 out of curiosity which build did you install ;) What was the date on it? Link to comment Share on other sites More sharing options...
bomba6 Posted August 16, 2013 Author Share Posted August 16, 2013 DD-WRT v24-sp2 (07/24/13) std(SVN revision 22118) Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 16, 2013 MVC Share Posted August 16, 2013 Well that sure looks newer than 5 years old ;) Dude I don't think you understand the use of answer feature.. Looks to me that manroweb was first to suggest dd-wrt, so he really should be the best answer.. Or if someone gave you clearer detailed instructions on using dd-wrt, then they would get the best answer flag, etc. Not your own post ;) Saying you put dd-wrt on it and working. Link to comment Share on other sites More sharing options...
Recommended Posts