User Tools

Site Tools


Guest Wi-Fi on a wireless AP using LuCI

Guest Wi-Fi provides internet access to your network members. It also provides firewall security rules to isolate your guest network from the rest. This recipe is based on the Guest Wi-Fi basics and Guest Wi-Fi extras, providing a more user-friendly approach through the LuCI web interface.

The changes below assume an OpenWrt default configuration. We assume that you have a private WLAN set on and want a guest WLAN on

1. Define a new network

Add a new wireless radio

Give it an SSID and add it to the guest network.

2. Edit the newly created interface

At the interfaces, edit the `guest` interface that you just created.

Switch the protocol to a static address.

Fill in the static IP, subnet mask and enable DHCP.
Make sure the static IP is on a different subnet.

3. Set up the firewall zone

At firewall settings, create a new guest firewall zone.

At the firewall settings, edit the newly created guest zone.

Set Input to REJECT, Output to ACCEPT and Foward to REJECT. Allow forward to destination zone: `lan`.

It should look as follows

Also enable masquarading for lan

4. Set up the firewall traffic rules

Now go to the traffic rules tab inside firewall and add the following three rules:

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/network/wifi/guestwifi/guestwifi_dumbap.txt · Last modified: 2020/10/08 13:13 by tmomas