Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Guest vlan with client isolation

Locked
 
rechandler
just joined
Topic Author
Posts: 18
Joined: Mon May 28, 2018 12:47 pm
Location: Poland

Guest vlan with client isolation

Thu Jul 12, 2018 1:33 am

Hello,
I'm trying to do guest wifi (2 virtual wlan) and create vlan for guests. Can somebody provide a configuration to do this? I also want that client don't see each other and cannot use internal resources. I have read multiple tutorial but neither have answer to my question.
Top
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3196
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:
Contact chechito

Re: Guest vlan with client isolation

Thu Jul 12, 2018 1:39 am

first thing disable default forwarding on wireless interface

then on bridge you have to isolate wireless lan from another user device interfaces

i there are more than one access-point or radio you will need additional settings on local infrastructure
Top
 
rechandler
just joined
Topic Author
Posts: 18
Joined: Mon May 28, 2018 12:47 pm
Location: Poland

Re: Guest vlan with client isolation

Thu Jul 12, 2018 11:26 pm

I've made this configuration. Can someone check if this is ok?
Code: Select all
/interface wireless
add default-forwarding=no disabled=no mac-address=CE:2D:E0:C9:C6:D1 \
    master-interface=wlan1 name=wlan-guest1 security-profile=guest ssid=\
    "Guest" wps-mode=disabled
add default-forwarding=no disabled=no mac-address=CE:2D:E0:C9:C6:D2 \
    master-interface=wlan2 name=wlan-guest2 security-profile=guest ssid=\
    "Guest" wps-mode=disabled

/interface bridge
add fast-forward=no name=bridge-guest
/interface bridge port
add bridge=bridge-guest interface=wlan-guest1
add bridge=bridge-guest interface=wlan-guest2

/ip address
add address=10.5.0.1/28 interface=bridge-guest network=10.5.0.0

/ip pool
add name=dhcp-guest ranges=10.5.0.2-10.5.0.14

/ip dhcp-server
add address-pool=dhcp-guest disabled=no interface=bridge-guest name=dhcp-guest

/ip firewall filter
add action=drop chain=forward comment="Drop tries to reach not WAN from guest WLAN" in-interface=bridge-guest out-interface-list=!WAN
Top
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3196
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:
Contact chechito

Re: Guest vlan with client isolation

Thu Jul 12, 2018 11:33 pm

in bridge port assign horizon 1 to wlan1 and wlan2
Top
 
rechandler
just joined
Topic Author
Posts: 18
Joined: Mon May 28, 2018 12:47 pm
Location: Poland

Re: Guest vlan with client isolation

Thu Jul 12, 2018 11:42 pm

Sure, so now I've got this:
Code: Select all
/interface bridge port
add bridge=bridge-guest horizon=1 interface=wlan-guest1
add bridge=bridge-guest horizon=1 interface=wlan-guest2
That's all?
Top
Locked
  4. RouterOS
  5. Beginner Basics