Configuring DrayTek Vigor2830 for limited Guest Wi-Fi access
Posted by Roy Panetta on 12 February 2014 05:24 PM
Customer has a Vigor2830n router providing Wi-Fi access wireless on their LAN for internal staff. Staff can also access the Internet using a wired LAN connection to the LAN.
Customer wants guests to have limited access to the internet via wireless but no access to the local corporate LAN via wireless. Ideally a password to access internet resources (only guests should have to enter a password) and some time limit and/or usage limits.
For this scenario we will create a separate VLAN with its own IP subnet for guest users. Also a separate Wi-Fi SSID will be created for guests only and this will be allocated to the guest VLAN. Guest user ID’s will be created in the User Management section in the router and a time and data quota allocated according to a time schedule. Next, set up firewall rules to force guest users to log into the network and be allocated the time and data quota. Internal staff does not need to be authenticated by the router.
Step 1: Create Guest VLAN
Go to LAN>>VLAN configuration menu. Select Enable and allocate each LAN port and Wireless LAN SSID to the appropriate VLAN. Here we place all LAN ports and SSID to VLAN0 (Staff network) except for SSID2 which is allocated to VLAN1 (Guest network). The guest network is also allocated to LAN2 IP subnet.
Step 2: Create Guest IP Subnet
Go to LAN>>General Setup configuration menu and enable LAN2 and assign an IP subnet. Here we used 192.168.2.1. Click on Details page to enable this LAN and enter required DHCP details.
Step 3: Create Guest Wi-Fi SSID
Go to Wireless LAN>>General Setup and enable the guest wireless LAN. Here we enabled SSID 2 and named it guests. We also select Isolate Member and Isolate VPN options to prevent access to other network users.
To enable Wi-Fi security go to Wireless LAN >> Security Settings configuration menu and enter required details for SSID 2.
Step 4: Create Guest Users
Step 4.a- General Setup
Go to User Management>>General Setup configuration menu. Select the mode to be Rule-Based. This is required to make guest users log into the network and be authenticated before they can access the Internet. Also a landing page can be specified here if you wish to direct them to your website.
For more information on how to use the Landing Page feature, click here
Step 4.b - Create Guest User Accounts
Go to User Mangement>>User Profile configuration menu and select the next available index and create required users. We have created two users “guest1” and “guest2” for guest1 we have allowed 10 concurrent log in sessions and also selected authentication method as well as enabling the Landing Page. Towards the bottom of the page we have enabled the time and data quota according to a time schedule.
For more information onHow to Use User Management – with Time Quota including setting up the Schedule feature click here
Step 4.c - Create Guest User Group
Go to “User Management>>User Group” configuration menu and create a group to include all the guest user names. Here we have created a group called “guest users” to include guest1 and guest2 users. This group will be used in the firewall configuration.
Step 5: Create Firewall Rules
In this last step we create a firewall rule that when a guest user tries to access the Internet they will be required to authenticate and be directed to the web landing page.
Step 6: Test Guest login
The last step is to login into the guest Wi-Fi network. You should see a prompt to enter the username and password. If authentication is successful you will be directed to a landing web page and can then browse the Internet
Go to “User Management>>User Online Status” page to check how many users are logged in. You will see who is logged in and how long they have been connected.