SYNOPSYS

Add another VLAN providing an open wireless network separated from the LAN in which resides the secured wireless network and the ethernet ports.
This setup is done on a good old WRT54G running OpenWrt Backfire 10.03.1.
Following this you will end up with 2 separated DHCP powered LANs

  • 192.168.0.x on ethernet ports and private Wifi
  • 192.168.200.x on Wifi hotspot

SCHEMATICS

WRT54G switch

PROCEDURE

  • add the VLAN definition in /etc/config/network
 1
 2
 3
 4
 5
 6
 7
 8
 9
10

# original VLANs
config 'switch_vlan' 'eth0_0'
    option 'device' 'eth0'
    option 'vlan' '0'
    option 'ports' '0 1 2 3 5'

config 'switch_vlan' 'eth0_1'
    option 'device' 'eth0'
    option 'vlan' '1'
    option 'ports' '4 5'
1
2
3
4
5

# VLAN to add
config 'switch_vlan' 'eth0_2'
    option 'device' 'eth0'
    option 'vlan' '2'
    option 'ports' '5'
  • add the interface definition in /etc/config/network
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

# original interfaces
config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.0'
    option 'proto' 'static'
    option 'netmask' '255.255.255.0'
    option 'ipaddr' '192.168.0.1'

config 'interface' 'wan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.1'
    option 'proto' 'dhcp'
1
2
3
4
5
6
7

# interface to add
config 'interface' 'hotspot'
    option 'type' 'bridge'
    option 'ifname' 'eth0.2'
    option 'proto' 'static'
    option 'netmask' '255.255.255.0'
    option 'ipaddr' '192.168.200.1'
  • add the wifi-iface into /etc/config/wireless
1
2
3
4
5
6
7
8

# original wifi-iface
config 'wifi-iface'
    option 'device' 'wl0'
    option 'network' 'lan'
    option 'mode' 'ap'
    option 'ssid' 'PrivateSSID'
    option 'encryption' 'psk'
    option 'key' 'secret'
1
2
3
4
5
6
7
8

# wifi-iface to add
config 'wifi-iface'
    option 'device' 'wl0'
    option 'network' 'hotspot'
    option 'mode' 'ap'
    option 'ssid' 'OpenSSID'
    option 'encryption' 'none'
    option 'isolate' '1'
  • turn on dhcp service on the new interface into /etc/config/dhcp
1
2
3
4
5
6

# dhcp service to add
config 'dhcp'
    option 'interface' 'hotspot'
    option 'start' '100'
    option 'limit' '150'
    option 'dynamicdhcp' '1'
  • forward traffic from wireless interface to WLAN
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

# original zones and forwarding rules
config zone
    option name             wan
    option network          'wan'
    option input            REJECT
    option output           ACCEPT
    option forward          REJECT
    option masq             1
    option mtu_fix          1

config zone
    option name             lan
    option network          'lan'
    option input            ACCEPT
    option output           ACCEPT
    option forward          REJECT

config forwarding
    option src              lan
    option dest             wan
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# zone and forwarding rules to add
config zone
    option name             hotspot
    option network          'hotspot'
    option input            ACCEPT
    option output           ACCEPT
    option forward          REJECT

config forwarding
    option src              hotspot
    option dest             wan
  • restart the services
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
/etc/init.d/network restart