OpenWrt Hotspot Vlan

SYNOPSYS

Add another VLAN providing an open wireless network separated from the LAN in which resides the secured wireless network and the ethernet ports.
This setup is done on a good old WRT54G running OpenWrt Backfire 10.03.1.
Following this you will end up with 2 separated DHCP powered LANs

  • 192.168.0.x on ethernet ports and private Wifi
  • 192.168.200.x on Wifi hotspot

SCHEMATICS

WRT54G switch

PROCEDURE

  • add the VLAN definition in /etc/config/network
original VLANs
1
2
3
4
5
6
7
8
9
config 'switch_vlan' 'eth0_0'
    option 'device' 'eth0'
    option 'vlan' '0'
    option 'ports' '0 1 2 3 5'

config 'switch_vlan' 'eth0_1'
    option 'device' 'eth0'
    option 'vlan' '1'
    option 'ports' '4 5'
VLAN to add
1
2
3
4
config 'switch_vlan' 'eth0_2'
    option 'device' 'eth0'
    option 'vlan' '2'
    option 'ports' '5'
  • add the interface definition in /etc/config/network
original interfaces
1
2
3
4
5
6
7
8
9
10
11
config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.0'
    option 'proto' 'static'
    option 'netmask' '255.255.255.0'
    option 'ipaddr' '192.168.0.1'

config 'interface' 'wan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.1'
    option 'proto' 'dhcp'
interface to add
1
2
3
4
5
6
config 'interface' 'hotspot'
    option 'type' 'bridge'
    option 'ifname' 'eth0.2'
    option 'proto' 'static'
    option 'netmask' '255.255.255.0'
    option 'ipaddr' '192.168.200.1'
  • add the wifi-iface into /etc/config/wireless
original wifi-iface
1
2
3
4
5
6
7
config 'wifi-iface'
    option 'device' 'wl0'
    option 'network' 'lan'
    option 'mode' 'ap'
    option 'ssid' 'PrivateSSID'
    option 'encryption' 'psk'
    option 'key' 'secret'
wifi-iface to add
1
2
3
4
5
6
7
config 'wifi-iface'
    option 'device' 'wl0'
    option 'network' 'hotspot'
    option 'mode' 'ap'
    option 'ssid' 'OpenSSID'
    option 'encryption' 'none'
    option 'isolate' '1'
  • turn on dhcp service on the new interface into /etc/config/dhcp
dhcp service to add
1
2
3
4
5
config 'dhcp'
    option 'interface' 'hotspot'
    option 'start' '100'
    option 'limit' '150'
    option 'dynamicdhcp' '1'
  • forward traffic from wireless interface to WLAN
original zones and forwarding rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
config zone
    option name             wan
    option network          'wan'
    option input            REJECT
    option output           ACCEPT
    option forward          REJECT
    option masq             1
    option mtu_fix          1

config zone
    option name             lan
    option network          'lan'
    option input            ACCEPT
    option output           ACCEPT
    option forward          REJECT

config forwarding
    option src              lan
    option dest             wan
zone and forwarding rules to add
1
2
3
4
5
6
7
8
9
10
config zone
    option name             hotspot
    option network          'hotspot'
    option input            ACCEPT
    option output           ACCEPT
    option forward          REJECT

config forwarding
    option src              hotspot
    option dest             wan
  • restart the services
1
2
3
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
/etc/init.d/network restart