Asus RT-N12 D1 – Creating Multiple SSIDs

Asus RT-N12 D1

These Step-By-Step instructions are for creating Multiple SSIDs on your Asus RT-D12 D1 router.  The term “Multiple SSIDs” refers to having more than one Wireless Name Broadcasting from the Router.  For example, you may have a “Company” wireless name in which company users connect to for Internet and Shared resources.  You may also want a “Guest” wireless name to broadcast from the same router in which other users can connect to for Internet but NOT be able to access any of the Company computers.  These Step-by-Step instructions below are designed with this purpose in mind.

Remember that the RT-N12 D1 revision is a good bit different than the revisions before it.  Most notably the B1 and C1 revisions so these instructions are specifically tailored for the Asus RT-N12 D1. 

Most importantly, before proceeding your Asus RT-N12 D1 must be using Firmware version dd-wrt.v24-18774_NEWD-2_K2.6_mini.bin.  If you have not yet installed this version of DD-WRT on the Asus RT-N12 D1 then head over to How to install DD-WRT on the Asus RT-N12 D1 and then come back once you’re done.

  1. Connect to the router @
    note: If your Router IP is different you need to keep that in mind as you work through these instructions.  You will need to substitute for your Router IP.

  2. Open the Wireless -> Basic Settings tab.  Make the following selections below.

    1. Wireless Network Name (SSID) : (input your desired private network name here)
    2. Click on Save at the bottom.
    3. Under the Virtual Interfaces section press the Add button
    4. Wireless Network Name (SSID):(input your desired guest network name here)
    5. Wireless SSID Broadcast: Enable
    6. AP Isolation: Enable
    7. Network Configuration: Bridged
    8. Click on Save at the bottom.
    9. Click on Apply Settings at the bottom.
    10. IMPORTANT!  Do NOT try to implement Wireless Security at this time.  This will need to be done at the very end.
  3. Open the Setup -> Networking tab
    1. Under Create Bridge section click Add
    2. type “br1” into the blank input box that is on the left side of all the options that just appeared.
    3. For the STP setting choose Off.
    4. Click on Apply Settings at the bottom.
    5. Under Create Bridge section new input boxes will appear (note: This new bridge needs to have an address that is in a different subnet than your main LAN.
      1. IP Address:
      2. Subnet Mask:
      3. Click on Save at the bottom.
      4. Click on Apply Settings at the bottom.
        note: sometimes on the next step you need to wait a few seconds before certain options appear.  Wait about 30 seconds then proceed.
      5. Under Assign to Bridge section click Add
      6. Select “br1” in the left drop down menu that appears. Then for the Interface select “wl0.1” in the other.
      7. Click on Save at the bottom.
      8. Click on Apply Settings at the bottom.
      9. After a few seconds the Current Bridging Table should now show:

        Bridge Name   STP enabled    Interfaces
        br0                       no                    vlan0 eth1
        br1                        no                    wl0.1

      10. Under the Multiple DHCP Server section click on Add.
      11. For the first drop down choose br1
      12. Click on Save at the bottom.
      13. Click on Apply Settings at the bottom.
  4. Open the Administration -> Command tab
    1. Within Commands text box input:

      #Guest Wireless Firewall Separation from main LAN
      iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT –to `nvram get wan_ipaddr`
      iptables -I FORWARD -i br1 -m state –state NEW -j ACCEPT
      iptables -I FORWARD -p tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu
      iptables -I FORWARD -i br1 -o br0 -m state –state NEW -j DROP
      iptables -I FORWARD -i br0 -o br1 -m state –state NEW -j DROP
      iptables -I INPUT -i br1 -m state –state NEW -j DROP
      iptables -I INPUT -i br1 -p udp –dport 67 -j ACCEPT
      iptables -I INPUT -i br1 -p udp –dport 53 -j ACCEPT
      iptables -I INPUT -i br1 -p tcp –dport 53 -j ACCEPT

    2. Click on Save Firewall
  5. Open the Administration -> Management tab and go to the bottom.  Then select Reboot Router

Test! Test! Test!

  • Make sure you unplug your LAN cable for testing wireless Internet
  • Make sure Both SSID’s can be accessed and Internet works
  • Make sure Private SSID still has access to local network
  • Make sure Guest SSID cannot access local network or router
  • Once you know this all works, you can log back into the unit and go back to Wireless->Wireless Security and set the Encryption types for both the Main and Virtual Wireless interfaces.