Separate ssid relay server mode + layer 2 isolated dhcp guest network

we have a windows domain controller serving dhcp requests on 10.1.1.x network. peplink balance 30 router is the gateway router at

  1. Pepwave One AP is setup with ssid “private” that relays to windows dhcp server at 10.1.1.x. this AP can be accessed with it’s IP address on the 10.1.1.x network. AP is setup in bridge mode. this works: client connecting via ssid “private” is able to access network resources + Internet and given all the same ip configuration (ip, gateway, subnet, dns etc) on the 10.1.1.x network

  2. when we setup scenario 1 in router mode, client connecting to same “private” ssid is given address and related ip configuration via “relayed” dhcp server at 10.1.1.x, but no access to network resources or Internet

  3. we setup Pepwave One AP to router mode and have it act as a dhcp server giving out address leases on a different network 192.168.1.x and assign ssid of “public guest.” we enable layer 2 isolation + block LAN access. client accessing this ssid “public guest” is given address in the 192.168.1.x range and has access to the Internet, but does not have access to LAN resources . . . which is what we want.

what we can’t seem to figure out:
making both ssid scenarios coexist and work properly on the same AP. we want to keep guests on a separate isolated network for Internet only while having staff computers accessing the ssid “private” with access to network resources + Internet.

it seems like we have to choose one scenario or the other and dedicate that AP to one scenario. we don’t have enough space in the 10.1.1.x network to accommodate guest users.

i’m sure this has been discussed before (and perhaps has an obvious solution), but i can’t find this exact issue in the forums. using the balance 30 to control all of our APs is not an option due to it’s limitations, and especially not applicable due to my issues above.

is there something i’m missing to get both scenarios #1 and #3 to work on one pepwave AP? thank you for any information you can provide. it would be greatly appreciated.


Can I suggest design below.

You enable Guest Protect and Layer 2 Isolation on Guest SSID to achieve your requirements. This design is more simple and easy.

Thank you TK Liew.

How do you get ssid private to use relayed windows 2008r2 dhcp server at 10.1.1.x to pick up an address in the 10.1.1.x network so that it can communicate with computers in the 10.1.1.x network . . . while still keeping the ssid guest network as diagramed above in the network?

I need to be able to remote desktop into clients that connect wirelessly to the “private” ssid.


Please refer to the diagram again. I suggest to use for SSID private as well. AP will act as DHCP server for subnet If you enable AP as Router mode - IP Forwarding, users from 10.1.1.x will able to access wifi client (connected to SSID private) with IP subnet

Hope this help.