How can I configure a Guest WiFi account?

This guide will enable you to set up a Guest WiFi network on the IQrouter that isolates the guest network traffic from both your home network and from devices that connect to the Guest WiFi.

So guests will not be able to print, access files, or perform any other activity that requires membership on the home network. They basically can get to the Internet and that’s it.

Warning: this involves use of the Advanced Menu’s, where it is possible to make changes that render the device inoperable or seriously misconfigured. Recovery might require a reset to defaults and full reconfiguration.

This procedure is only recommended for technically savvy users.

Before making any changes it is recommended to save your current configuration settings in case you need to restore your old settings. See the following FAQ for help saving/restoring your IQrouter configuration

You can configure the Guest WiFi account on the IQrouter at any time using the IQrouter Administrative Interface

Once you login to the IQrouter Administrative Interface, select the Advanced Menu option.

Select "OK" to enable the advanced menu.

From the Advanced menu options select "WiFi" from the "Network" menu.

In most cases setting up a Guest WiFi network on just the 2.4GHz radio is sufficient as that radio provides the widest range and supports the most client devices. You can add the guest network to either the 2.4GHz radio, 5GHz radio, or both.

Select "Add" on the 2.4GHz radio if you want to add the guest network to this radio. Once you add the guest network and hit "Save & Apply" repeat the steps for the 5GHz radio if you want to add the guest network to this radio.

In the "Interface Configuration -  General Setup" section change the ESSID to "Guest". Select the "Network" option for "create:" and enter "Guest" to define a new network.

In the "Interface Configuration - General Setup" section also select the "Wireless Client Isolation" option so guest devices can’t reach each other.

In the "Interface Configuration - Wireless Security" section select WPA2-PSK for the Encryption type. Enter the pass phrase you want guests to login with as the "Key".

Select "Save & Apply" to continue.

Note: If you are connected to the IQrouter via WiFi your connection may drop after selecting "Save & Apply". Just reconnect to the IQrouter WiFi to continue the configuration. Or, switch to an Ethernet connection now to avoid losing the WiFi connection during this configuration.

If you want to create a Guest network on both 2.4GHz and 5GHz radios repeat the above steps on both radios.

Next we need to configure the network interface for the Guest users.

From the Advanced menu options select "Interfaces" from the "Network" menu.

 Select "Edit" for the "Guest" network.

Select "Static address" for Protocol. Then select the button "Switch protocol" to make the protocol switch.

Scroll down to the "DHCP Server" section and select "Setup DHCP Server". The page will refresh with new DHCP options.

From the top of the page set the following "Common Configuration" settings.

Then scroll down and set the following "DHCP Server" settings.

Select "Save & Apply"

Before leaving the Network page for "Guest", we need to define the firewall zone it will be in. Click the "Firewall Settings" tab.

Create a new firewall zone called "Guest".

Select "Save & Apply"

Next we need to configure the Firewall for the Guest users.

From the Advanced menu options select "Firewall" from the "Network" menu.

Select "Edit" for the "Guest" zone.

Set the following "General Settings" for Zone "Guest". Make sure to set "Input" to "reject" and enable "MSS Clamping".

And allow forward to wan destination zones.

Select "Save & Apply"

Return to the "Firewall" page by selecting "Firewall" from the "Network" menu.

Select the "Traffic Rules" tab to add the support for DHCP and DNS requests from the Guest network.

In the New Forward Rule section, enter GuestDNS as the rule "Name" and set the "Source zone" and "Destination zone" to "Guest". Then select "Add and edit".

Change the "Protocol" to "Any" and verify other settings match below.

Change the "Destination zone" and "Destination port" as shown below.

Select "Save & Apply"

In the New Forward Rule section, enter GuestDHCP as the rule "Name" and set the "Source zone" and "Destination zone" to "Guest". Then select "Add and edit".

Change the "Protocol" to "UDP" and verify other settings match below.

Change the "Destination zone" and "Destination port" as shown below.

Select "Save & Apply"

You should now have the following "Traffic Rules" configured.

That’s it. You now have a fully configured Guest WiFi setup.

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk