You have guests at your home and they want to use your wireless network to retrieve emails, etc off the Internet. This is not a unique situation, but is quite common everywhere, with the proliferation of devices and services that require Internet access. The only issue you face is that if you give them your primary SSID and it’s password, you will probably need to change it when they leave. And, if like me you have 22 devices connected to the primary wireless network, then you need to change the password on each one of them.
To overcome this problem, following method can be followed to enable isolated guest networks on the TP Link WDR4300 router running OpenWRT.
Open a terminal window and perform the steps below.
1. SSH into the TP Link OpenWRT router. $ ssh firstname.lastname@example.org <enter> Enter your router password. At the root prompt (#), type cd /etc/config <enter> 2. Add a guest interface to /etc/config/network # vi network <enter> At end of the file, add: config interface 'guest' option proto 'static' option ipaddr '18.104.22.168' option netmask '255.255.255.0' :wq 3. Add the wireless network # vi wireless <enter> At end of the file, add: config wifi-iface option device 'radio0' option network 'guest' option mode 'ap' option ssid 'myguests' option encryption 'psk2+ccmp' option key 'myguestwlanpassword' :wq To prevent clients from connecting to each other in the guest network, add option isolate '1' This will isolate the clients within the guest network. 4. Add following into the DHCP settings # vi dhcp <enter> At end of the file add: config dhcp 'guest' option interface 'guest' option start '2' option limit '10' option leasetime '2h' option ignore '0' :wq 5. Add firewall rules to isolate the network # vi firewall <enter> At end of the file add: config zone option name 'guest' option list 'guest' option input REJECT option output ACCEPT option forward REJECT config forwarding option src 'guest' option dest 'wan' config rule option src 'guest' option dest_port '53' option proto 'tcpudp' option target ACCEPT config rule option src 'guest' option src_port '67-68' option dest_port '67-68' option proto 'udp' option target ACCEPT :wq # exit <enter> 6. Restart the router.
Now you can connect to the guest network and check if things work fine.