DHCP for Guest WiFi
kilimanj99
Newbie

Hello, I just recently got Verizon Fios and just about done setting everything up. Few quick notes on my setup:

1. Verizon Router: CR1000B

2. DHCP on a home network server

3. Home Network: Let's make one up for this discussion and say 10.10.10.0 /24

On the primary WiFi everything is working perfectly. I had never used the guest functionality before and thought I might try it out. I simply turned on the guest wifi and tried to connect via my phone. I got "Could not obtain IP address" from what I read and am guessing the guest wifi does not have access to my home network 10.10.10.0/24 in which my DHCP  and DNS server sits on 10.10.10.10 and the Verizon routers internal interface at 10.10.10.1. My questions are:

1. What do I need to do to make this work or is it even possible? 

2. What network does Guest use? is it also 10.10.10.0/24 since thats the routers internal network? Or does it use a new one I have to make? If I have to make it where in the router do I set that?

3. If I can make a separate network for guest that could make things easier and I can setup dhcp on the Verizon router only for this new network. How would I do that? If I cannot make a separate network is there a way to allow just DHCP and DNS to talk to my 10.10.10.10 DHCP and DNS server?

Or is there a better way to do this?

 

Thanks in advance

 

Labels (1)
0 Likes
Reply
1 Solution
Capricorn1
Community Leader
Community Leader

Guest networks are typically heavily firewalled by routers like the CR1000B by design. That is so that guest network traffic is isolated from the primary network. I don't know how the CR1000B does its guest network, but I assume it's some sort of VLAN setup with as much isolation between that and the primary network as it can enforce. I read from the CR1000B User Manual that the network name (SSID) differs, but that's about all I found.

For example, I'm unsure (if the DHCP/DNS services were enabled on the CR1000B) if the CR1000B would put the guests on a different subnet with different IP addresses (and a DNS server available at the router's IP address on the guest network) or the same IP addresses on the primary network. I would hope it's different ones. (A moot point since you disabled those.)

Even if that were not the case, I imagine that DHCP requests from the guest network are going to have a hard time reaching your DHCP and DNS servers. DHCP discover requests are sent as a broadcast message, and routers won't forward those from one network to another. I doubt there's even a way to set up a port forwarding rule to have those messages forwarded to your DHCP server.

The CR1000B (and most routers) assume that DNS and DHCP services are available on the router and that DHCP-discover requests from the guest network will be served by the router (which is on the same subnet as the guest network by definition).

The only workaround I could think of is to somehow put your DNS server on the guest network. You would need to find out what subnet that the CR1000B uses for the guest network. I'm not sure how you do that without enabling DHCP and DNS on the CR1000B long enough to connect to it and see what it used. Then, you would add a new wireless network to your DHCP/DNS server (by adding a wireless card or USB adapter if you don't have one [or have one but it's in use for your primary network]).  The new wireless network would have the same SSID that the CR1000B is using for the guest network. You would want to put that wireless NIC at a fixed IP address on the same subnet used by the CR1000B (but not the same IP the CR1000B uses). You would then set up your DHCP server to offer IP addresses in the guest network range to clients on the guest network. It sounds like a bit of work, but it's sort of an interesting challenge.

Assuming you can get past the DHCP-discover issue, I wouldn't offer (or want) guests on my local DNS server. I would just have the DHCP server configure the guest network DNS servers to 8.8.8.8 and 8.8.4.4 to use Google's DNS servers. 

(Please be nice. Verizon Community Leaders are not Verizon employees.)

View solution in original post

3 Replies
Capricorn1
Community Leader
Community Leader

Guest networks are typically heavily firewalled by routers like the CR1000B by design. That is so that guest network traffic is isolated from the primary network. I don't know how the CR1000B does its guest network, but I assume it's some sort of VLAN setup with as much isolation between that and the primary network as it can enforce. I read from the CR1000B User Manual that the network name (SSID) differs, but that's about all I found.

For example, I'm unsure (if the DHCP/DNS services were enabled on the CR1000B) if the CR1000B would put the guests on a different subnet with different IP addresses (and a DNS server available at the router's IP address on the guest network) or the same IP addresses on the primary network. I would hope it's different ones. (A moot point since you disabled those.)

Even if that were not the case, I imagine that DHCP requests from the guest network are going to have a hard time reaching your DHCP and DNS servers. DHCP discover requests are sent as a broadcast message, and routers won't forward those from one network to another. I doubt there's even a way to set up a port forwarding rule to have those messages forwarded to your DHCP server.

The CR1000B (and most routers) assume that DNS and DHCP services are available on the router and that DHCP-discover requests from the guest network will be served by the router (which is on the same subnet as the guest network by definition).

The only workaround I could think of is to somehow put your DNS server on the guest network. You would need to find out what subnet that the CR1000B uses for the guest network. I'm not sure how you do that without enabling DHCP and DNS on the CR1000B long enough to connect to it and see what it used. Then, you would add a new wireless network to your DHCP/DNS server (by adding a wireless card or USB adapter if you don't have one [or have one but it's in use for your primary network]).  The new wireless network would have the same SSID that the CR1000B is using for the guest network. You would want to put that wireless NIC at a fixed IP address on the same subnet used by the CR1000B (but not the same IP the CR1000B uses). You would then set up your DHCP server to offer IP addresses in the guest network range to clients on the guest network. It sounds like a bit of work, but it's sort of an interesting challenge.

Assuming you can get past the DHCP-discover issue, I wouldn't offer (or want) guests on my local DNS server. I would just have the DHCP server configure the guest network DNS servers to 8.8.8.8 and 8.8.4.4 to use Google's DNS servers. 

(Please be nice. Verizon Community Leaders are not Verizon employees.)
kilimanj99
Newbie

Yep that's exactly right and exactly what I want from a guest network however I do not know what this Guest subnet is in order to set it up. I have no problem setting up DHCP/DNS on the Verizon router specifically for this network but cannot find any options to do so.

I guess I could try a few common ones with static IP's like what it comes with 192.268.1.0 or if somehow it still uses the IP range of my internal interface of 10.10.10.0. My guess is that it is still 10.10.10.0 because there is no place to set a network, default gateway, etc. 

If that is the case, I don't want to setup DHCP for that subnet on the verizon router because then I'll have devices randomly going to this or my home dhcp server. And if I can't put a DHCP hole in the guest firewall to reach my home server dhcp server I guess my only option is the put a dedicated dhcp server on the guest network. Maybe I can use an old wifi router just for DHCP.

I'll play with it this week as time permits and post an update. 

If anyone know more please let me know.

Thanks

0 Likes
Reply
Capricorn1
Community Leader
Community Leader

Unfortunately, it doesn't look like the CR1000B is flexible enough to enable DHCP on the wireless guest network only. 

I don't use a Verizon router (and never have). My router/firewall, DHCP server, and DNS server is a PC running Linux. With that, I can set up (a single) DHCP server to offer different IP address ranges on different network interfaces. If I wanted a wireless guest network, I would add a wireless NIC of some type to the router that is specifically for the guest network and set the DHCP server to serve something like 192.168.100.x on it while my main wired and wireless network uses 10.10.10.x. (I use a Netgear Orbi mesh network in access point mode for my wireless network.)

If I read the manual correctly, the CR1000B only used the 2.4 GHz band for the guest wireless network, so just about any old router you have will probably work. You would want at least an 802.11n version. Just put it at a fixed IP address that doesn't conflict with whatever the CR1000B reserves for itself.

(Please be nice. Verizon Community Leaders are not Verizon employees.)