CPE210 Configuration

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

CPE210 Configuration

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
76 Reply
Re:CPE210 Configuration
2017-04-22 05:59:56

R1D2 wrote

First you create an interface with name guest. Be sure to assign a static IP and a netmask:





Then set up DHCP, it can help to not have to change between IPs on your laptop/PC:





Now configure the switch. Port WAN (the blue one) is software port 1, so physical port 1 is sw port 2 and physical port 2 is sw port 3, right. I use port 2 as the guest port. Make sure your laptop/PC is connected to physical port 2 during setup, so you are still on the LAN after saving and applying. Make also sure the desired port is untagged member of VLAN 3 and no member of VLAN 1 anymore. Then connect your laptop/PC to physical port 1 and got to the LuCI web UI again. You have to use http://192.168.3.1/ now and you need to log in again:





That's it, your laptop/PC now is connected to the guest LAN (or else you can't log into the web UI). See network settings to find out the IP assigned to your laptop/PC:




That's it. Tested it offline and all seems to work. Port 2 is dedicated to the guest lan, checked using arp -a. will go online later. Thanks R1D2 for all of your help and patience dealing with this noobie. appreciated.
  0  
  0  
#63
Options
Re:CPE210 Configuration
2017-04-22 06:36:05
Are you able to set up the firewall for yourself to protect the LAN network against access from the guest network?

See https://wiki.openwrt.org/doc/recipes/guest-wlan-webinterface for how to do with the web UI (it's the old UI theme shown there, but identical steps as with the modern one).

Or see https://wiki.openwrt.org/doc/recipes/guest-wlan for how to do this on the command line using an editor (ssh into the router or scp the files to your PC).

It strongly depends on your topology and policies, so I would prefer to help if questions arise instead of telling steps you probably won't need.
Anyway, connect the CPE to your guest port, look up its IP (in DHCP menu), connect PC to LAN and test, test, test.

Only one more step to become a VLAN expert for OpenWRT finally and that's firewalling! ;)
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#64
Options
Re:CPE210 Configuration
2017-04-22 12:32:45
yes, thanks you for share!
  0  
  0  
#65
Options
Re:CPE210 Configuration
2017-04-22 17:52:36

R1D2 wrote

Anyway, connect the CPE to your guest port, look up its IP (in DHCP menu), connect PC to LAN and test, test, test.;)
I can see that the guest network is on a subnet by logging onto the CPE's ssid and viewing the IP address on the device used (iPad). I'm lost on the testing part. How to: pinging? What else?
  0  
  0  
#66
Options
Re:CPE210 Configuration
2017-04-22 18:23:46

cayvman wrote

That's it. Tested it offline and all seems to work. Port 2 is dedicated to the guest lan, checked using arp -a. will go online later. Thanks R1D2 for all of your help and patience dealing with this noobie. appreciated.

On the subnet 192.168.3.1 which the cpe is connected show I have wifi and device indicates connected, however, when try to go to the web indicates no network connection.
I must have inadvertently closed off the internet. Or failed to turned it on.
  0  
  0  
#67
Options
Re:CPE210 Configuration
2017-04-22 21:29:11

cayvman wrote

I must have inadvertently closed off the internet. Or failed to turned it on.


Did you set up the firewall already? Installed a zone forwarding?

See https://wiki.openwrt.org/doc/recipes/guest-wlan-webinterface#configure_the_firewall

"pinging" means to use the ping command on the cmd line to test connectivity. Syntax is: ping IP-address
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#68
Options
Re:CPE210 Configuration
2017-04-23 03:05:25

R1D2 wrote

Did you set up the firewall already? Installed a zone forwarding?

See https://wiki.openwrt.org/doc/recipes/guest-wlan-webinterface#configure_the_firewall

"pinging" means to use the ping command on the cmd line to test connectivity. Syntax is: ping IP-address

Did none of the above. I can ping the subnet and access openwrt when I connect to the port 1 of the router (VLAN3) but I don't have a connection to the internet. Will review the link and see what I can see and hopefully know what I currently don't know.
I ran through the steps outlined in the link and still no internet on the subnet.. When I connect the pc to the port1 of the router, i get nothing. I can get to the router via the ip, but that's it.
File:
firewall.PNGDownload
  0  
  0  
#69
Options
Re:CPE210 Configuration
2017-04-23 03:10:44

cayvman wrote

Did none of the above. I can ping the subnet and access openwrt when I connect to the port 1 of the router (VLAN3) but I don't have a connection to the internet. Will review the link and see what I can see and hopefully know what I currently don't know.


You need to install inter-zone forwarding explicitly, because default policy is REJECT. You always have to grant rights for access to other resources except to the router itself.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#70
Options
Re:CPE210 Configuration
2017-04-23 17:08:24

R1D2 wrote

You need to install inter-zone forwarding explicitly, because default policy is REJECT. You always have to grant rights for access to other resources except to the router itself.

Just so I understand correctly, creating the Guest Interface, then dedicating a port for the subnet does not allow for internet connectivity? That the firewall rules must be established as a final step.
  0  
  0  
#71
Options
Re:CPE210 Configuration
2017-04-23 17:25:53

cayvman wrote

Just so I understand correctly, creating the Guest Interface, then dedicating a port for the subnet does not allow for internet connectivity? That the firewall rules must be established as a final step.


Yes. You need inter-zone forwarding, just three lines in the firewall config:

[CODE]config forwarding
option src 'guest'
option dest 'wan'
[/CODE]

or using the web UI ( "Zone => Forwardings" in the "Zones" section):

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#72
Options