Guest Wi-Fi using LuCI
Guest Wi-Fi refers to a separate wireless network that provides Internet access for guests and/or untrusted devices while keeping them isolated from the main network. This guide is based on the more comprehensive Guest Wi-Fi basics, providing a more user-friendly approach through the LuCI web interface.
1. Network
Start by creating an empty bridge device. This will ensure that the guest interface is always up and running regardless of the state of the wireless interface(s) and it’s a must to avoid problems with the DHCP server if the guest network needs to use both radios.
Go to Network→Interfaces→Devices
Click “Add Device Configuration...”.
Set the Device type to “Bridge device”, name it “br-guest” and check the “Bring up empty bridge” box.
Do not specify any wired ports.
Click “Save”.
Click “Save & Apply”.
Go to the “Interfaces” tab to create the new guest interface.
Click “Add new interface...”.
Set the interface name, set the protocol to “Static address”, select the previously created bridge device and click “Create interface”.
Set an IP address in a subnet that does not overlap with the address space used by any existing interface.
Select mask “255.255.255.0”.
Go to “Firewall Settings”.
Enter a name (guest) in the “-- custom --” field to create a new guest zone and press ENTER.
The guest interface will be assigned to the newly created firewall zone.
Go to “DHCP Server”.
Click “Set up DHCP Server”.
Leave the default settings.
Click “Save”, then “Save & Apply”.
Verify that the guest interface is up.
2. Wireless
Go to Network→Wireless
Click the “Add” button to the right of the radio you will be using.
In “Interface Configuration”, set the SSID and attach the wireless interface to the guest network.
Click “Save”, then “Save & Apply”.
3. Firewall
Go to Network→Firewall.
Make sure that the guest firewall zone was created during the creation of the interface and the default policies for the Input, Output and Forward chains look like on the screenshot.
Click “Edit” next to the guest zone.
Allow forward to the wan zone and click “Save”, then “Save & Apply”.
Finally, create traffic rules accepting DNS and DHCP requests originating from the guest zone.
4. Troubleshooting
Currently empty