[Answer ID: 14623]
How to: Create a separate WLAN network Interface for a guests to access Internet only (Professional Firmware).
The following is the instruction on how to create a separate WLAN network Interface for guests to access Internet only.
First, created an additional virtual interface to start with. To crate an additional wireless LAN interface see the following link : here.
Next, follow the steps bellow:
1- Connect PC to router and launch browser to router's management WEB UI.
2- Navigate to the Wireless | Basic Settings Tab .
3- Select the advance option check for the virtual interface that you would like to separate into another network.
4- Set AP Isolation option and click Save Button.
5- Navigate to Setup | Networking tab and under bridging, click Add button. Give the bridge a name (example br1) and next, click "Apply Settings" button.
6- Enter the newly created virtual Interface network IP address. set IP address out side of existing LAN IP network address space.
By default , existing LAN address is 192.168.11.1/255.255.255.0 .
Set the new WLAN address to 192.168.12.1 with 255.255.255.0 subnet MASK.
Next, click "Apply Settings".
7- Under Assign Bridge, click "Add" button. and select "br1" bridge to assign to WLAN virtual interface ath0.1 . As shown bellow.
In general you create a brN and assign it to interface ath0.N where N is the virtual interface number 1 ,2 ,3 ... 8.
8- Next, add DHCP server to this interface: Under DHCPD/Multiple DHCP Server, click add and select "br1" from drop down menu. Next, click "Apply Settings" button.
9 - Finally, to restrict access so that br1 will not be able to access existing W/LAN network and vice versa , copy the following lines :
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
and paste to :
A. Navigate to Administration | Commands
B. Command Shell - Commands BOX
C. Click Save firewall.