Asus rt-n66u dhcp restrictions
I have a small office, using an rtn66u as firewall etc. comcast gw -> rt-n66u -> switches. There is a Linux box with dnsmasq providing dhcp for the wired network, based on Mac addresses. If a device is not listed, it doesn't get an address from dnsmasq.
I want to have the router provide dhcp for the wireless devices only. With employees using BYOD due to tablets and laptops, and a lot of short term consultants in and out, connections to wireless are simply by password. But when I turn on the routers dhcp, it hands out addresses to wired devices as well. I also have guest wireless, but that does not touch the internal network.
Is there a way to restrict the router dhcp to the wireless portion only? Do I need to set up wireless as a subnet, and create a route? Ultimately I will put in a firewall box (prolly pfsense) and turn the router to an access point, but that is a few months down the road.
·Time Warner Cable
Not that I can think of.
You have basically two options here.
1. Turn on Enable Manual Assignment in router. Then you can assign you wired networks a specific address based on mac address. Wired computers still would get adress from dhcp but it would always be the same address.
2. Limit the routers dhcp range to something smaller. Say 192.168.1.100 tp 192.168.1.200. Then manually configure each wired devices address so it uses a ip below the routers dhcp range. This is done under local area network properties. Network properties then select ip4 properties.
ip address: 192.168.1.10
You can also manually set dns servers or just get them from router.
Thank you for your reply. Its is what I expected to hear, but not what I was hoping for. :-(
We used an older soho router before that allowed it to assign DHCP to wireless only, so it did exactly what we wanted. But it was overloaded by an increase in users, and kept failing.
Option 1 eliminates my dnsmasq service, and relies on the router to dish out all the ip's, which is not the ultimate goal. As soon as the new firewall comes into play, the router goes to a simple WAP, and has no dhcp ability.
I tried [part of] option 2 already. When I set the Asus to provide a limited range of addresses, it still gives them out to both wired and wireless connections. The wired machines all take the Asus address over the dnsmasq address first. Curiously, I get no warning or errors regarding having 2 dhcp servers on the network.
I guess I can turn off dhcp on the router, and make wireless devices get addresses from the dnsmasq server. But it gets rid of guest access.
·Time Warner Cable
You have to manually reconfigure the computers interface. Basically you are setting a static ip on computer. Computer will not even look for dhcp server.
. Pick up on step 6.
The only thing that would change in my config above it the ip address.
Computer 1 192.168.1.10
computer 2 192.168.1.11
Thats about the best you can get.
|reply to Pzdtech |
I don't believe your factory firmware allows you to create VLAN's or virtual LANs.
If you were to upgrade your router to say DD-WRT you would have the ability to do what you want.
You basically would split the radio (port) from the rest of the router and assign it to it's own VLAN and then assign a new DHCP server to that VLAN. A couple of firewall settings to block that VLAN from listening to DHCP's being passed between the wired and wireless networks should about finish it. You would then be able to disable the other DHCP server assigned to feed the rest of the router leaving just the new internal DHCP server feeding the wireless.
Check out the Tutorials in the Advances sections referring to VLANS and you should be able to come up with what you need. If not a shout on either the General or Advanced Networking the DD-WRT forums should get you more specific assistance. »www.dd-wrt.com/phpBB2/