On 01/15/2017 10:19 AM, Gregory P. Ennis wrote: > It seems apparent to me that a > better way to do what I wanted would be to have two wireless routers, > one wifi being controlled by the dhcpd server that assigns ip addresses > through it to known and trusted connections with one subnet, and the > other wifi router assigning addresses on a different subnet to less > trusted users with less access. Probably, but if you're trying to restrict access, you need to be clear about how you're going to achieve that. If your router only has one internal interface, it may be difficult to achieve. If you have two WAPs behind your router, with one in bridging mode (therefore getting addresses from your CentOS DHCP server) and the other in NAT or routing mode, you will have effectively segregated the two. However, systems behind the NAT/routing WAP would still typically have access to the other subnet. You'd need to not only have the untrusted clients behind a WAP of their own, but that WAP would need to allow you to specify firewall rules for outbound traffic. That's not a feature present on most consumer devices.