Isolated, guest WiFi network with one AP?
-
My LAN feeds into my pfSense router/firewall. To provide WiFi for my laptops and devices, I have a DD-WRT AP plugged into the LAN that just bridges the clients over into the LAN subnet. The physical path is AP to Cisco switch to pfSense to the cable modem (dumb bridge) and finally out to the internet.
On pfSense, I have a separated ethernet port set aside for an isolated VM test network that I eventually want to use Captive Portal on. I'm curious, can I make a guest AP on the DD-WRT AP that doesn't see or touch the LAN? I'm thinking maybe with VLANs, but I'm not sure how to start.
Any tips or pointers in the right direction would be appreciated!
Thanks!
-
This is setup just like adding a network on a separate NOC or vLAN. I have 2 AP in my location. One on my LAN and one on a dedicated NIC such that it is isolated guest network. Everything is on a separate subnet to allow routing without bridges.
-
This is setup just like adding a network on a separate NOC or vLAN. I have 2 AP in my location. One on my LAN and one on a dedicated NIC such that it is isolated guest network. Everything is on a separate subnet to allow routing without bridges.
Except the AP only has one upstream port. So I'm not sure if this is even possible?
-
I do this with DD-WRT by creating a wireless virtual interface and a bridge on another subnet. DNSMasq service starts dhcpd for bridge via commands (gui dhcpd will not work). Use iptables to nat new bridge over to lan. Basically the guest wifi is using the router lan ip as a wan port.
You may need some block rules to restrict access to internet only.