Set Up Multiple SSIDs and VLANs on a DD-WRT Router
- Creating the Virtual Wireless Network
- Separating the LAN ports
- Firewalling the Networks
DD-WRT is arguably the most popular firmware replacement or upgrade for select wireless routers. In addition to many other things, it gives you the ability to create virtual wireless networks (multiple SSIDs) and configure virtual LANs (VLANs). These features let you offer public or separated access, and are usually found only in more expensive enterprise-level gear. You get them and much more at the cost of just a cheap home router.
In this tutorial, we’ll create a second SSID, segregate it from the main SSID, make two of the LAN ports on the back of the router connect to just the new SSID, and leave the other two LAN ports connected to the main SSID.
You might want to, for example, use this second SSID to offer your visitors wireless Internet access, or encrypt it for use by another department in your organization. Plus, you can also plug computers into the individual networks and/or expand each with more access points. We’ll make it so users won’t be able to snoop or communicate with users from the other SSID or LAN ports, to protect your shared folders and resources.
For the record, this tutorial is based off using the standard DD-WRT version 24 Service Pack 1more specifically, Build 10011.
Before continuing, flash your compatible wireless router with the DD-WRT firmware.
Creating the Virtual Wireless Network
Let’s get started! Bring up the web-based GUI by typing the IP address (192.168.1.1) into a browser and logging in with the username and password you created at the first login. Then follow these steps to create the new virtual SSID:
- Select the Wireless tab.
- Under the Virtual Interfaces section, click the Add button to add a new virtual interface.
- Specify the basic wireless settings.
- For the Network Configuration, choose Unbridged.
- Input an IP address that’s in a different subnet, such as 192.168.2.1. Just make sure the second to last digit isn’t a 1.
- For the subnet mask, you’ll probably want to use the usual one: 255.255.255.0.
- Click Apply Settings to save and apply the changes.
Now create a new bridge and assign the new SSID to it:
- Select Setup > Networking.
- In the Create Bridge section, click the Add button, type br1 into the first (blank) field on the left, and click Apply Settings.
- In the new fields, input the same IP address and subnet mask that you did earlier in the Wireless settings, and click Apply Settings.
- In the Assign to Bridge section, click the Add button, select br1 in the left drop-down menu, select wl0.1 for the Interface, and click Apply Settings.
Lastly, let’s activate a DHCP server for the new bridge:
- Select Setup > Networking.
- In the Multiple DHCP Server section, click the Add button.
- Select br1 in the left drop-down menu.
- Click Apply Settings.