DD-WRT Virtual Wireless Interface For Guest Network Will Not Authenicate

We upgraded a E1500 v1 to DD-WRT exactly per the instructions.  

We setup the router as an AP with no DHCP and a static IP address with the network cable in Port 1.  We setup the wireless with WPA2 mixed mode/AES and are able to connect to it without issue.

However, when we setup a virtual interface in bridged mode, it authenticates without issue.  However, when we set it up as a true unbridged network with a different IP range it will not authenticate.  We have tried WEP and WPA and it does not work.  It is not a DHCP issue, all devices say authentication error.

We really want a separate guest network that can not access the main resources (10.1.10.X for main wireless and 10.1.11.X for guest network).  

What is going wrong?  How can we resolve this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

How are you doing authentication?

Just making sure you have not over looked the obvious.  If the authentication server is on an IP subnet that is NOT reachable by the guest network when in unbridged mode, then you won't be able to authenticate.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Craig BeckCommented:
^^^ The authentication server should only need to be reachable by the RADIUS client (the router).

Can you post the logs please?
gta2011Author Commented:
The authentication is personal, not enterprise so not RADIUS server is being used.
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Can you define what you mean by "personal" authentication?

To mean that means I have created a certificate for either the person or the device and the certificate is installed on the person's device either as a device or personal certificate.  Then I have a server that authenticates the certificate.
Craig BeckCommented:
So it's just one passphrase that everyone uses?
Aaron TomoskySD-WAN SimplifiedCommented:
unbridged was broken for a bit, dunno if it still is. Use this:
Fred MarshallPrincipalCommented:
Presumably you've gone through the wiki tutorial:
> However, when we set it up as a true unbridged network with a different IP range it will not authenticate.

Where to you expect that virtual network's traffic to go?

If you remove the bridging, it's no longer talking to the wired side of the router... ergo, the virtual SSID may connect and authenticate if it has its own security setup correctly, but that traffic then has nowhere to go since it's a separate network from the bridged (physical) SSID.
Craig BeckCommented:
Unbridged should still be able to talk to the wired side of the router - it's just routing instead of bridging.  You'd need an interface configured on the router for that unbridged SSID though or it really won't go anywhere.  I think that is what Darr is getting at.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Hardware

From novice to tech pro — start learning today.