W9980 - separate guest network DHCP service

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

W9980 - separate guest network DHCP service

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
W9980 - separate guest network DHCP service
W9980 - separate guest network DHCP service
2015-05-16 17:26:34
Region : Argentina

Model : TD-W8980

Hardware Version : V1

Firmware Version : 0.6.0 1.10 v0021.0 Build 141215 Rel.41342n

ISP :


Hi All,

I recently got a W9980 and I have a problem with the guest network setup. I have an internal DHCP server, so I have disabled the DHCP service on the router. The problem is that the guest network cannot access the internal DHCP server.

Is there any way to do a "passthrough" for DHCP traffic between the guest and internal network? Or is there a way to enable the DHCP server on the router only for the guest network?

(I have an W9980, hardware version 1 and firmware 0.6.0 1.10 v0021.0 Build 141215 Rel.41342n)


Thanks a lot!
E.
  1      
  1      
#1
Options
7 Reply
Re:W9980 - separate guest network DHCP service
2015-05-18 14:42:06
Did you Enable "Allow Guests to access my Local Network"?
As W9980 works in AP mode, if it is not enabled, W9980 won't be able to communicate with the main router.
http://www.tp-link.com/en/faq-519.html
  0  
  0  
#2
Options
Re:W9980 - separate guest network DHCP service
2015-05-20 05:35:43
Hi Diamond,

I hadn't seen that option before! One question, would that allow someone in the guest network to access all the PCs/Devices on the "private" network? The reason I ask is because every now and then I have people coming home with laptops that are potentially filled with viruses/malware, and I don't any of that accessing my PCs.

Alternatively, if it's possible to enable a firewall between the guest and internal networks, I can add a couple of rules for DHCP.

Cheers,
e.
  0  
  0  
#3
Options
Re:W9980 - separate guest network DHCP service
2015-05-20 14:53:30
would that allow someone in the guest network to access all the PCs/Devices on the "private" network?

Yes. To avoid it, you'd better use W9980 as a router instead of an access point and Disable "Allow Guests to access my Local Network".
  0  
  0  
#4
Options
Re:W9980 - separate guest network DHCP service
2015-05-21 02:25:02
Hi Diamond!

I don't think I explained my setup properly. I'm using the W9980 as a modem/router (not as an AP). From the router I have a wired network to a couple of other devices/PCs and a wireless network where other devices connect (laptops and mobile phones). I call these two networks "internal" as they have all the devices that are under my control (and here I have a DHCP and DNS servers)

Now, I want to use the guest network to isolate any visitors I have at home, to prevent their poorly secured devices/laptops from from trying to get access to any of the devices on the internal network. The problem I face is that since the DHCP server is disabled on the router the devices cannot get hold of an IP (and route, DNS, etc), so they connect to the network, but in order to make them work, I have to ask the visitors to manually configure their devices, which is a PITA.

I think I have a few alternatives, depending on what the W9980 supports. One is to allow the guest network to only allow access to the DHCP server in the internal network (but for what you mentioned the router might only allow full access to the internal network). Alternatively (and ideally) the W9980 should be allowed to enable the DHCP only in the guest network, so in this case, any traffic from the guest network should never be forwarded to the internal network.


Cheers,
e.
  0  
  0  
#5
Options
Re:W9980 - separate guest network DHCP service
2015-05-21 11:11:23
DHCP server is disabled on W9980, isn't it? Then it is not working as a router actually.
Anyway, I should say, you'd better use W9980 as a router with DHCP enabled and Disable "Allow Guests to access my Local Network".
  0  
  0  
#6
Options
Re:W9980 - separate guest network DHCP service
2015-05-22 01:35:00
Hi Diamond!

I think the confusion comes from the term router. I'm sticking to the standard definition of a router ;)
A router[SUP] [a][/SUP] is a networking device that forwards data packets between computer networks. A router is connected to two or more data lines from different networks (as opposed to a network switch, which connects data lines from one single network)


Do you know, in that case, if the DHCP can be disabled on the "internal" network? I already have a DHCP server running on one of my servers which does a few more things that what the W9980 can do.


Cheers,
a.
  0  
  0  
#7
Options
Re:W9980 - separate guest network DHCP service
2015-12-22 05:24:28

eldaras wrote

Hi Diamond,

I hadn't seen that option before! One question, would that allow someone in the guest network to access all the PCs/Devices on the "private" network? The reason I ask is because every now and then I have people coming home with laptops that are potentially filled with viruses/malware, and I don't any of that accessing my PCs.

Alternatively, if it's possible to enable a firewall between the guest and internal networks, I can add a couple of rules for DHCP.

Cheers,
e.


I know this is an old post. I just encountered a similar situation. I have my own dhcp and dns server that is connected to a wired port on my TP-link router (Archer C7). What I did is that in my DHCP server setup, I configured it to send the router ip as gateway to all known computers. Anything unknown is given the DHCP server itself as the router. In other words, all my *knonw" computers directly route packets to TP-Link, but guest/new computers will route to my DHCP server (it can be some other host though). I added a firewall rule in my DHCP server (actually, you can call this "second gateway") to drop packets from these new computers to any LAN address. They can only communicate with internet. Of course, someone can bypass the DHCP supplied gateway and directly send packets to TP-link router totally bypassing what I just did! I can install openwrt to avoid this mess but openwrt's wireless AC support is not that good with Archer C7 at the moment.
  0  
  0  
#8
Options