Was this HowTo useful to you?||
How to setup multiple BSSIDs using DD-WRT
To close the telnet session, type "exit" at the prompt.
Which version of DD-WRT do I need?For newer routers, check the Router Database on dd-wrt.com to see what the latest stable version is for your router.
For older routers, either check the Router Database, or get one of EKO's TNG builds. You can find them here:
A higher number means it's a newer build. Always try the highest number first and if that gives problems, try a lower number. You will also notice there are several versions for each build. The most notably are the "VINT" and the "NEWD" branches. "VINT" stands for "Vintage" and you need that if you have a wl0_corerev smaller than 9. If you have a wl0_corerev of 9 or up, use one of the "NEWD" versions. "NEWD" stands for "New Driver". Within each of these two branches, there are more subversions like "mini", "mega", "voip". What this means exactly can be found elsewhere on the net. If you are unsure which file to get, just go for the "std" version. Chances are that's what you need anyway.
Flashing DD-WRTYou can also find many very good tutorials on the interwebs on how to flash a new version of DD-WRT to your router so I won't go into much detail here. A few things to remember though. First and foremost, if your router still has its original firmware and this is the first time you are going to flash dd-wrt, please check the Supported Devices list for any special instructions (which can be found under "Notes for running dd-wrt"). Sometimes you need to flash a special version first before you can flash any of the other versions. Another thing to remember is that it's best to reset the router to its default settings before and after you flash the new firmware. It's not always necessary but it rules out certain problems you might encounter when you don't.
There are two ways to reset the router to its factory defaults. You can either telnet to your router and at the prompt type these two commands:
Or you can reset the router to its default settings using the 30/30/30/30 method (yes, I added an extra "30"):
Personally, I prefer the first method for resetting my modem. :)
Setting up Multiple (B)SSIDsFrom this point onwards, I assume you already flashed the appropriate version of DD-WRT to your router. Now it's finally time to create a second (virtual) SSID.
All existing HowTos I found, were creating the new virtual wireless interface as an "Unbridged" interface. And this is actually where it goes wrong. We are going to do something different. We are going to create a new bridge called "br1" and hook the new virtual wireless interface to this new bridge.
First point your webbrowser to your router's web interface by typing "http://" in your browser's address bar. If all is well, you will see something like this:
Now click the Wireless tab. A screen with your existing wireless interfaces will appear:
Click the button just below Virtual Interfaces and enter the following information for the new interface:
Click the button. Your screen should look something like this:
Now click the Wireless Security sub-tab. For each interface, choose the appropriate security mode and enter a key (if necessary). Click the button. Your screen will now look something like this:
Click the Services tab, and scroll down to the DNSMasq frame. In the "Additional DNSMasq Options" input box, enter the following:
Click the button.
This tells the router that (amongst other things) the new bridge will give connecting clients an IP address in the - range.
Now go to the Administration tab, sub-tab Commands. In the input box below Command Shell , enter the following:
if [ "`nvram get wan_proto`" = "pppoe" ]; then
wanif="`nvram get pppoe_ifname`"
wanif="`nvram get wan_ifname`"
# Make sure br1 has access to the internet:
iptables -I INPUT -i br1 -m state --state NEW -j logaccept
iptables -I FORWARD -i br1 -o $wanif -m state --state NEW -j ACCEPT
# Keep the two wireless networks from talking to each other:
iptables -I FORWARD -i br0 -o br1 -j logdrop
iptables -I FORWARD -i br1 -o br0 -j logdrop
# Keep br1 from accessing the router:
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
Click the button.
In the same input box (which is now empty again), we need to enter a startup script to create the new bridge, move the virtual wireless interface to it, and setup the new interface's IP address. But for it all to work, we need to properly setup NAS. But how NAS needs to be setup depends on the security settings for each wireless interface. At the start of this HowTo, I asked you to enter the proper security settings for each interface. This information has been used to generate the code below. If you need different security settings, change it at the start of the HowTo and come back here.
Now copy and paste the code from the box above into the Command Shell input box.
Click the button.
Finally, click the Management sub-tab, scroll down and click the button.
Wait until your router has rebooted itself and you should now have two working (B)SSIDs!
If you can't connect to the virtual interface, wait 5 minutes and try again. Sometimes, for reason completely unknown to me, it takes a few minutes before the virtual interface actually starts working. If waiting doesn't help, then you probably have some left-over configuration settings that are messing with the virtual interface. Try resetting your router to its factory default (see the part about resetting to factory default under "Flashing DD-WRT" above) and try the HowTo again. Be aware though that resetting your router to factory default means you will loose all your settings like port forwarding rules, MAC cloning, etc. So write down all your settings before resetting your router.