cancel
Showing results for 
Search instead for 
Did you mean: 

TG582n Guest WLAN

edent
Newbie
Posts: 5
Registered: 10-05-2013

TG582n Guest WLAN

Afternoon,
Is it possible to create a secondary SSID which only has access to the Internet - and no access to the LAN?
Following the tutorial at http://npr.me.uk/mssid.html I'm able to create another SSID which has no encryption - but that, sadly, gives access to my LAN.
I just want a "Guest" SSID that friends can connect to without me giving them a password, but which won't let them monkey with my servers.
Cheers
T
16 REPLIES
njay
Grafter
Posts: 184
Registered: 05-04-2013

Re: TG582n Guest WLAN

Whilst I do not know how to do what you have asked, you must live in isolation or trust your neighbours as an SSID with no password around here would be sucked dry of bandwidth  Grin
edent
Newbie
Posts: 5
Registered: 10-05-2013

Re: TG582n Guest WLAN

Heh :-)  My neighbours all have WiFi, so no worries on that account.
Community Veteran
Posts: 5,109
Thanks: 465
Fixes: 17
Registered: 10-06-2010

Re: TG582n Guest WLAN

I think what you want is "apisolation = enabled" in the "wireless mssid ifconfig" command you linked to before.
Community Veteran
Posts: 3,380
Thanks: 4
Registered: 18-01-2013

Re: TG582n Guest WLAN

Even if your neighbours all have wifi, you may find that their device connects to your unsecured connection anyway. I found out my mother in law had been using the neighbours unsecured gateway for months.
You also leave yourself open to drive by hijacking and how would you explain large amounts of illegal porn downloaded from your connection ?
It's just not worth the risk.
apjashley1
Grafter
Posts: 307
Registered: 31-07-2012

Re: TG582n Guest WLAN

On the same site, npr made another page that achieves what you want: http://npr.me.uk/advdmz.html
He's called it DMZ which isn't the same DMZ we think of normally with firewalls/forwarding.
You'll have to adjust the commands slightly to get the mssid to have no password.
I have tried this method and confirm it gives web access with no access to local computers or the router's settings page.
npr is a member here, he may pop in to help!
edent
Newbie
Posts: 5
Registered: 10-05-2013

Re: TG582n Guest WLAN

I thought AP Isolation just prevented devices on the same WiFi from talking to each other?
To be clear (well - as clear as I can be) I want...

Internet
|
|- |--Ethernet
|  |   
|  |--WiFi (WPA2 secured)
|
|--Guest WiFi (open)

So my laptop can attach to WiFi and talk to the servers on my LAN.
My Friend's phone can attach to the guest wifi and NOT see anything on my LAN.
Community Veteran
Posts: 3,380
Thanks: 4
Registered: 18-01-2013

Re: TG582n Guest WLAN

Have you considered using an old / cheap machine (or a rPi or similar) with a couple of network cards in to provide a seperate access point ?
I currently have a virtual machine on my server which uses the main network card which goes to my PN connection/router as the gateway (192.168.1.x) but also uses the second network card to provide filtered and bandwidth limited data (192.168.2.x) which then feeds a <£10 router configured as an access point.
WAN -> Network card 1 -> Linux Server -> Squid3 / Shorewall / Dansguardian -> Network card 2 -> Edimax cheapo wireless router
It wouldn't take much to just block any internal Samba network or ports to services you don't want your friends to have access to.
edent
Newbie
Posts: 5
Registered: 10-05-2013

Re: TG582n Guest WLAN

No, I hadn't. My last router (from the same manufacturer) had this facility built in.
Community Veteran
Posts: 3,380
Thanks: 4
Registered: 18-01-2013

Re: TG582n Guest WLAN

I set mine up mainly to filter content for my Stepson and prevent him abusing the bandwidth / system but it's also handy when guests come over as they can use the internet without fear of accessing dodgy sites, seeing my internal network or having to set them up with my main router password.
Community Veteran
Posts: 1,841
Thanks: 103
Fixes: 6
Registered: 21-01-2013

Re: TG582n Guest WLAN

Yes, "advdmz.html" will do what you ask -- use option "d" to create a separate LAN for the guest wireless.
As a matter of interest the O2 version of this router has a guest wlan option in the GUI -- makes things a lot easier Wink
When I get time I'll dig out how the O2 router achieves this and put it on the web site.
I do however urge you to use a strong password on the second wireless. I'm sure you trust your friends but a open wireless connection has the potential to give you a shed load of trouble -- don't risk it!
Community Gaffer
Community Gaffer
Posts: 5,154
Thanks: 496
Fixes: 5
Registered: 04-04-2007

Re: TG582n Guest WLAN

I smell a good library article in the making here?
Kelly Dorset
Broadband Service Manager
Community Veteran
Posts: 26,686
Thanks: 910
Fixes: 10
Registered: 10-04-2007

Re: TG582n Guest WLAN

It's likely to remain no more than a smell as creating (or editing) library articles has been broken for months (if not years)!
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Community Gaffer
Community Gaffer
Posts: 5,154
Thanks: 496
Fixes: 5
Registered: 04-04-2007

Re: TG582n Guest WLAN

Bob can create and publish them if we've got a good one.  It just involves a lot of swearing.
Kelly Dorset
Broadband Service Manager
edent
Newbie
Posts: 5
Registered: 10-05-2013

Re: TG582n Guest WLAN

Quote from: npr
Yes, "advdmz.html" will do what you ask -- use option "d" to create a separate LAN for the guest wireless.
I do however urge you to use a strong password on the second wireless. I'm sure you trust your friends but a open wireless connection has the potential to give you a shed load of trouble -- don't risk it!

Brilliant! Just what I was looking for. Yes, I am a refugee here from O2 broadband :-)
I'm quite happy giving out a bit of free wifi for those who need it.  I'm in such an isolated area it wouldn't be worth the war driving :-)