D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: net-user-2012 on December 29, 2012, 11:57:03 PM
-
Hi all, I could use some advice/help.
I have a wired DLink DGL-4100 as my main router and DHCP server. Attached to this, I have a hard-wired Linksys WRT610N which is acting as a dual-band access point. All are on network 192.168.1.0/24.
I would like to create a second "guest" wifi network using a spare DLink DIR655 router. Guest clients should have access to Internet but absolutely NO access to machines and resources on the 192.168.1.0/24 network.
I connected the DLink DIR655 WAN port to one of the Linksys LAN ports (since it is basically a switch). I configured the DLink DIR655 with LAN IP 192.168.2.1, activated its DHCP to give out 192.168.2.100-105. I set the DLink DIR655 WAN Internet Connection Type as Dynamic IP (DHCP). The DLink DGL4100 assigns an IP to the DIR655 on the WAN side (e.g. 192.168.1.200).
With this setup, wireless clients on the DLink DIR655 2.0/24 network get assigned an IP on the 2.0 network. They can access the Internet. However they can still see all the 1.0/24 clients.
What am I doing wrong, how come the networks aren't isolated?
How should I set this up properly?
Do I need to use the DMZ setting on the DLink DGL4100?
I know I could get rid of the Linksys and use the Guest Access feature on the DLink DIR655. However I would like to use the Linksys for its dual band feature.
Thanks in advance!
-
Connect the 655 directly to the 4100, you might use the DMZ. Turn on wireless
Partition on the 655. And you might use a different router address and subnet on the 655. Youll need to make sure the channels differ from the other AP aswell.
Then enable guest zone ir just used the main wifi as ur guest wifi.
I would try turning the 655 in to a router. There is a sticky about this in the FAQ Library.
-
Thanks for your suggestion. I connected the 655 (WAN) to the 4100 (LAN). The 4100 assigned the 655 a LAN IP. I put the 655 in the DMZ.
I left the 655 in router mode and kept it on a different subnet (2.0/24). The 655 has its DHCP server turned on. Wireless clients can connect to the 655 and to the Internet. However, they can still connect to the primary 1.0/24 network clients/servers. So, the guest wifi network is not sequestered.
Any other suggestions?
-
Update:
I ended up connecting the 655 (WAN) directly to my cable modem, then connected the 4500 (WAN) to the 655 (LAN). DHCP server activated on the 655 for a 192.168.2.0/24 subnet and static IP assigned to the 4500 (192.168.2.2 WAN side) with a LAN side 192.168.1.0/24 network. Wifi enabled on the 655 as the guest network.
Access seems to be working with this approach. Guest wifi clients on the 2.0 network can access Internet but cannot get to the 1.0 network resources.
My remaining questions:
1. I had portforwarding enabled on the 4500. Now that the 655 is the first router, how do I set it so the specified port requests cascade to the 4500 so I can access the 1.0 network from the outside?
2. What can I do further on the 655 setup options to lock the guest wifi down?
-
Now you have a 4500? I thought you had a 4100?
You might put the router into the DMZ on the 655. I would turn off SPI and firewall if possible on the DGL and set NAT to endpoint independent. Or turn the router in to an AP and disable DHCP and NAT functions. Having two routers on the line is very problematic to get working correctly.
Guest WiFi is locked to the WAN side of the router so what ever security you use, it's best to use WPA2 and AES only or Auto for better compatibility with wireless devices.