Beruflich Dokumente
Kultur Dokumente
I have seen several HowTos, tutorials, and forum posts about how to setup multiple (B)SSIDs using DD-WRT and although most of these write-ups indeed helped creating multiple SSIDs, none gave me an actual working virtual SSID. Most of the time I wasn't even able to connect to the new virtual interface and in those rare occassions that it did connect, I never got an IP address. The reason none of these write-ups work, is because they are all based on the same base tutorial which, for one reason or the other, no longer works reliably. I took all these write-ups and figured out what is needed to get it to work again. The following HowTo is what worked for me on my Linksys WRT54GL v1.1 and Linksys WRT310N . It created two BSSIDs, each with their own MAC address so any device is able to connect to either BSSID without getting utterly confused. The main BSSID has access to the internet and to your local network. The second (virtual) BSSID only has access to the internet. I was only able to test it on my routers, so I would appreciate it if you dropped me an email here to let me know if this worked for you too (or not).
Start IP Address (DHCP) End IP Address (DHCP) Security Mode WPA Algorithms
WPA Personal TKIP
100 149
Done
BSSID vs SSID
There's much confusion about what the difference is between a SSID and a B SSID. Some routers can only create multiple SSIDs while others can create multiple B SSIDs. For now, it's only important to know that multiple B SSIDs is what you want if your router supports it. A BSSID is a truly seperate interface with its own MAC address, while multiple SSIDs share the same MAC address confusing many wireless clients (like PDAs) causing them to be unable to see some or all of the created wireless networks.
telnet 192.168.1.1
and press Enter. You will now see the DD-WRT login screen.
Enter "root" (without the quotes) as your login name, press Enter, then enter your password and press Enter again. You will now see yet another prompt. At the prompt, type nvram get wl0_corerev and press Enter.
A number will be printed, here's what that number means for you:
0-4 5-8 You are out of luck. Your router will not do multiple (B)SSIDs. Your router will do multiple SSIDs, but not multiple BSSIDs.
A higher number means it's a newer build. Always try the highest number first and if that gives problems, try a lower number. You will also notice there are several versions for each build. The most notably are the "VINT" and the "NEWD" branches. "VINT" stands for "Vintage" and you need that if you have a wl0_corerev smaller than 9. If you have a wl0_corerev of 9 or up, use one of the "NEWD" versions. "NEWD" stands for "New Driver". Within each of these two branches, there are more subversions like "mini", "mega", "voip". What this means exactly can be found elsewhere on the net. If you are unsure which file to get, just go for the "std" version. Chances are that's what you need anyway.
Flashing DD-WRT
You can also find many very good tutorials on the interwebs on how to flash a new version of DD-WRT to your router so I won't go into much detail here. A few things to remember though. First and foremost, if your router still has its original firmware and this is the first time you are going to flash dd-wrt, please check the Supported Devices list for any special instructions (which can be found under "Notes for running dd-wrt"). Sometimes you need to flash a special version first before you can flash any of the other versions. Another thing to remember is that it's best to reset the router to its default settings before and after you flash the new firmware. It's not always necessary but it rules out certain problems you might encounter when you don't. There are two ways to reset the router to its factory defaults. You can either telnet to your router and at the prompt type these two commands:
Or you can reset the router to its default settings using the 30/30/30/30 method (yes, I added an extra "30"): Remove all cables (except the power cable) from the router. Press and hold the reset button (at the back of the router) for 30 seconds. While keeping the reset button pressed, remove the power cable and wait another 30 seconds. Still while keeping the reset button pressed, reconnect the power cable and wait another 30 seconds. Finally, release the reset button and wait another 30 seconds. Reboot your router (by power cycling it) Personally, I prefer the first method for resetting my modem. :)
Do you need professional PDFs? Try PDFmyURL!
Wireless
Click the
Add
Virtual Interfaces
Wireless Network Name (SSID) Wireless SSID Broadcast AP Isolation Network Configuration
SSIDVirtual Or whatever name you want to give this interface. Enabled Disabled Bridged If you don't want the SSID to be visible, choose Disabled here. You can enable this if you don't want clients on this interface to talk to each other. That's not a typo! Every other HowTo says you should choose UNbridged, but you should really choose Bridged here!
Click the
Save
Click the
Save
Now click the Wireless Security sub-tab. For each interface, choose the appropriate security mode and enter a key (if necessary). Click the Save button. Your screen will now look something like this:
Click the Services tab, and scroll down to the box, enter the following:
DNSMasq
interface=br1 dhcp-range=br1,192.168.2.100,192.168.2.149,255.255.255.0,1440m
Click the
Save
button.
This tells the router that (amongst other things) the new bridge will give connecting clients an IP address in the 192.168.2.100 - 192.168.2.149 range. Now go to the following:
Administration
tab, sub-tab
Commands
Command Shell
, enter the
if [ "`nvram get wan_proto`" = "pppoe" ]; then wanif="`nvram get pppoe_ifname`" else wanif="`nvram get wan_ifname`" fi # Make sure br1 has access to the internet: iptables -I INPUT -i br1 -m state --state NEW -j logaccept iptables -I FORWARD -i br1 -o $wanif -m state --state NEW -j ACCEPT # Keep the two wireless networks from talking to each other: iptables -I FORWARD -i br0 -o br1 -j logdrop iptables -I FORWARD -i br1 -o br0 -j logdrop # Keep br1 from accessing the router: iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
Click the
Save Firewall
button.
In the same input box (which is now empty again), we need to enter a startup script to create the new bridge, move the virtual wireless interface to it, and setup the new interface's IP address. But for it all to work, we need to properly setup NAS. But how NAS needs to be setup depends on the security settings for each wireless interface. At the start of this HowTo, I asked you to enter the proper security settings for each interface. This information has been used to generate the code below. If you need different security settings, change it at the start of the HowTo and come back here.
# Set some important values: nvram set dnsmasq_enable=1 if [ "`nvram get dhcpfwd_enable`" = "0" ]; then nvram set dns_dnsmasq=1 nvram set dhcp_dnsmasq=1 nvram set auth_dnsmasq=1 fi # Create bridge br1, move the virtual wireless interface to it, # and setup the interface's IP address: brctl addbr br1 brctl delif br0 wl0.1 brctl addif br1 wl0.1 ifconfig br1 192.168.2.1 netmask 255.255.255.0 ifconfig br1 up # Properly setup NAS killall nas # Main:
nas -P -i -s -g
/tmp/nas.wl0lan.pid -H 34954 -l br0 \ "`nvram get wl0_ifname`" -A -m 4 -k "`nvram get wl0_wpa_psk`" \ "`nvram get wl0_ssid`" -w 2 \ "`nvram get wl0_wpa_gtk_rekey`"
# Virtual interface #1: nas -P /tmp/nas.wl0.1lan.pid -H 34954 -l br1 \ -i wl0.1 -A -m 4 -k "`nvram get wl0.1_wpa_psk`" \ -s "`nvram get wl0.1_ssid`" -w 2 \ -g "`nvram get wl0.1_wpa_gtk_rekey`"
Now copy and paste the code from the box above into the Click the
Save Startup
Command Shell
input box.
Management
button.
Wait until your router has rebooted itself and you should now have two working (B)SSIDs! If you can't connect to the virtual interface, wait 5 minutes and try again. Sometimes, for reason completely unknown to me, it takes a few minutes before the virtual interface actually starts working. If waiting doesn't help, then you probably have some left-over configuration settings that are messing with the virtual interface. Try resetting your router to its factory default (see the part about resetting to factory default under "Flashing DD-WRT" above) and try the HowTo again. Be aware though that resetting your router to factory default means you will loose all your settings like port forwarding rules, MAC cloning, etc. So write down all your settings before resetting your router.
Revision History
v8.0 Mar 9, 2014 Apparently this HowTo didn't work (properly) with newer routers. People were able to create multiple BSSIDs but the virtual wireless interfaces had no internet access. To solve this I've made some changes to the firewall script. Sept 7, 2009 Some people who connected to the internet through PPPoE reported the HowTo did not work for them. I made a small change in the firewall script which should hopefully solve the problem. Aug 8, 2009 I got myself a Linksys WRT310N and found out my HowTo did not result in working multiple BSSIDs on this router. After some experimenting I found out why and I have now corrected the HowTo so it works on more routers. May 2, 2009 Newer EKO firmwares did not work with this HowTo because it created an IP conflict between interface br1 and wl0.1. This has been fixed and this HowTo should now also work with the newer firmware versions. Dec. 19, 2008 I actually reverted some of the changes I made in the previous revision of this HowTo because WEP still didn't work as it should. As it is now, I don't experience any problems with WEP at all, but if you do, please let me know. Dec. 13, 2008 If you set the security mode to WEP for one or both of the interfaces, the NAS settings didn't work causing the router to be unable to issue an IP address for the wireless interface. This has been fixed. Nov. 28, 2008 I removed the PPPoE tick box again since the WAN interface can actually be anything (and not either "vlan1" or "ppp0" as I assumed). This version of the HowTo creates code that should work with whatever your WAN interface's name is ("vlan1", "vlan2", "ppp0", etc.).
v7.0 v6.0
v5.0
v4.1
v4.0
v3.0
v2.0 Nov. 18, 2008 I assumed the WAN interface was always "vlan1" but when your router is setup as PPPoE, then the WAN interface is "ppp0". I added a tick box where you can specify wether or not you are using PPPoE. v1.0 Oct. 10, 2008 Original Document