• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 663
  • Last Modified:

DD-WRT Virtual Wireless Interface For Guest Network Will Not Authenicate

We upgraded a E1500 v1 to DD-WRT exactly per the instructions.  

We setup the router as an AP with no DHCP and a static IP address with the network cable in Port 1.  We setup the wireless with WPA2 mixed mode/AES and are able to connect to it without issue.

However, when we setup a virtual interface in bridged mode, it authenticates without issue.  However, when we set it up as a true unbridged network with a different IP range it will not authenticate.  We have tried WEP and WPA and it does not work.  It is not a DHCP issue, all devices say authentication error.

We really want a separate guest network that can not access the main resources (10.1.10.X for main wireless and 10.1.11.X for guest network).  

What is going wrong?  How can we resolve this?
0
gta2011
Asked:
gta2011
1 Solution
 
giltjrCommented:
How are you doing authentication?

Just making sure you have not over looked the obvious.  If the authentication server is on an IP subnet that is NOT reachable by the guest network when in unbridged mode, then you won't be able to authenticate.
0
 
Craig BeckCommented:
^^^ The authentication server should only need to be reachable by the RADIUS client (the router).

Can you post the logs please?
0
 
gta2011Author Commented:
The authentication is personal, not enterprise so not RADIUS server is being used.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
giltjrCommented:
Can you define what you mean by "personal" authentication?

To mean that means I have created a certificate for either the person or the device and the certificate is installed on the person's device either as a device or personal certificate.  Then I have a server that authenticates the certificate.
0
 
Craig BeckCommented:
So it's just one passphrase that everyone uses?
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
unbridged was broken for a bit, dunno if it still is. Use this:
http://www.dd-wrt.com/wiki/index.php/Multiple_WLANs
0
 
Fred MarshallPrincipalCommented:
Presumably you've gone through the wiki tutorial:
www.alexlaird.com/2013/03/dd-wrt-guest-wireless/ 
??
0
 
Darr247Commented:
> However, when we set it up as a true unbridged network with a different IP range it will not authenticate.


Where to you expect that virtual network's traffic to go?

If you remove the bridging, it's no longer talking to the wired side of the router... ergo, the virtual SSID may connect and authenticate if it has its own security setup correctly, but that traffic then has nowhere to go since it's a separate network from the bridged (physical) SSID.
0
 
Craig BeckCommented:
Unbridged should still be able to talk to the wired side of the router - it's just routing instead of bridging.  You'd need an interface configured on the router for that unbridged SSID though or it really won't go anywhere.  I think that is what Darr is getting at.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now