How can i set a Guest Wifi?

Hello all

I've set multiple SSIDs at my router.

#2.4G
Original SSID : original_2G
virtual SSID1 : VSSID1_2G
virtual SSID2 : VSSID2_2G

#5G
Original SSID : original_5G
virtual SSID1 : VSSID1_5G
virtual SSID2 : VSSID2_5G

Like this.

It works great, but i would like to add a guest wifi option.

I've already checked

What i want to do is, make one of my virtual SSIDs in to guest wifi.
guest wifi what i am saying is...

  1. Uses same network subnet with original ssids
  2. Devices which are connected to guest wifi cannot have access to the devices which are connected to original ssids or with physical cables at my router

So i googled, and i found out NoForwarding and NoForwardingBTNBSSID options.

Since my router is using MediaTek's chips, this should work. i've already used this to set multiple SSIDs, by configuring .dat file.

With NoForwardingBTNBSSID option is enabled at my virtual SSID, the device connected to this virtual SSID should not be able to access to the device which is connected to original SSID.

I've set this as enabled for all virtual SSIDs, and restarted my router(also tried restarting, reloading for each tries.)
Then, I've opened a ftp server at my PC, which is connected to original SSID.
Then, i tried access to that ftp server with my phone, which is connected to virtual SSID.

However, i can access to ftp server from my phone.

I guess this way is the wrong way to set guest wifi that i am saying.

Any suggestions for this situation?

1 Like

Best practice would be like this:

  • New 'guest' interface. (like lan, but new static ip, on a new subnet)
  • New 'wlanX' device for the guest SSID, but enable 'isolation'.
  • Make the guest SSID use the guest interface (duh...)

Also If openwrt is an internet connected router (not just a 'dumb' AP):

  • New 'GUEST' firewall zone for the new guest interface mentioned above.
  • Allow forwarding GUEST-> WAN only (basically copy existing LAN zone config)
  • (Optional) Allow forwarding from LAN to GUEST so you can see your guest's devices (or IoT devices).

I probably missed a detail, but you should get the idea...