Can you set DNS server at the SSID level?

  • 3
  • Question
  • Updated 4 years ago
  • Answered
I want to have two SSID's, each with their own DNS server settings. In a nutshell, I want to have one for the adults in my house (using default DNS) and one for the kids (using OpenDNS FamilyShield).

Is this possible, to have different DNS for each SSID?
Photo of Chris

Chris

  • 6 Posts
  • 0 Reply Likes
  • unsure

Posted 5 years ago

  • 3
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Official Response
Not at all. There's just a few additional steps to do. Essentially, you can have one SSID use the network as per normal, getting its IP address and DNS assignment from your TimeCapsule. The other SSID gets configured to use NAT and it will get
IP address from the AP, which can be configured to offer DHCP services only to this one subnet.

So let's assume your home network uses the subnet 192.168.1.0/24 and the default DNS is Google (8.8.8.8)
We will set up a NAT zone on the AP for network 192.168.200.0/24 with the OpenDNS DNS servers.

To do this, we need to create two SSIDs, each using a different user profile that assigns a different VLAN. Then we can configure the AP to offer DHCP server service in a NAT zone.

By the way, all these instructions assume your HiveManager account is configured for Enterprise Mode

SSID 1 - ParentsNet
User Profile = Parents, Attribute=3000, VLAN = 1.

SSID 2 - KidNet
User Profile = Kids, Attribute = 3001, VLAN = 200
Within User Profile Kids:
Open User Firewall and under IP Firewall Policy, create a From-Access Policy. Source=ANY, Destination=Any, Service = Any, Action = NAT.
Default Action = Permit

Save the Network Policy and Continue to the Configure and Update page.
Click the link for your AP.
Expand Service Settings
Under DHCP Server & Relay, create a new object (+)
Interface = Mgt0.1
IP address = 192.168.200.254 (this is the IP address for your DHCP server)
Netmask = 255.255.255.0
VLAN = 200 (same as you set for SSID KidNet)
Enter a starting and ending number for your DHCP scope (ie, 192.168.200.100-192.168.200.199). Then click Apply.
Expand DHCP Server Options
Default Gateway = 192.168.200.1 (this assigns this address to a subinterface on the AP)
DNS Server1 IP = your OPENDNS server IP
Expand Advanced, and enable NAT support.
Save the DHCP server object, then highlight it and move it to the selected servers box on the right.
Then save your AP settings, and push the policy to your AP.

When testing:
Client connected to ParentsNet should get an address in 192.168.1.0/24 network with your default DNS assignment.

Client connected to KidsNet should get an address in 192.168.200.0/24 with OpenDNS DNS assignment.