Page 1 of 1
Guest vlan with client isolation
Posted: Thu Jul 12, 2018 1:33 am
by rechandler
Hello,
I'm trying to do guest wifi (2 virtual wlan) and create vlan for guests. Can somebody provide a configuration to do this? I also want that client don't see each other and cannot use internal resources. I have read multiple tutorial but neither have answer to my question.
Re: Guest vlan with client isolation
Posted: Thu Jul 12, 2018 1:39 am
by chechito
first thing disable default forwarding on wireless interface
then on bridge you have to isolate wireless lan from another user device interfaces
i there are more than one access-point or radio you will need additional settings on local infrastructure
Re: Guest vlan with client isolation
Posted: Thu Jul 12, 2018 11:26 pm
by rechandler
I've made this configuration. Can someone check if this is ok?
/interface wireless
add default-forwarding=no disabled=no mac-address=CE:2D:E0:C9:C6:D1 \
master-interface=wlan1 name=wlan-guest1 security-profile=guest ssid=\
"Guest" wps-mode=disabled
add default-forwarding=no disabled=no mac-address=CE:2D:E0:C9:C6:D2 \
master-interface=wlan2 name=wlan-guest2 security-profile=guest ssid=\
"Guest" wps-mode=disabled
/interface bridge
add fast-forward=no name=bridge-guest
/interface bridge port
add bridge=bridge-guest interface=wlan-guest1
add bridge=bridge-guest interface=wlan-guest2
/ip address
add address=10.5.0.1/28 interface=bridge-guest network=10.5.0.0
/ip pool
add name=dhcp-guest ranges=10.5.0.2-10.5.0.14
/ip dhcp-server
add address-pool=dhcp-guest disabled=no interface=bridge-guest name=dhcp-guest
/ip firewall filter
add action=drop chain=forward comment="Drop tries to reach not WAN from guest WLAN" in-interface=bridge-guest out-interface-list=!WAN
Re: Guest vlan with client isolation
Posted: Thu Jul 12, 2018 11:33 pm
by chechito
in bridge port assign horizon 1 to wlan1 and wlan2
Re: Guest vlan with client isolation
Posted: Thu Jul 12, 2018 11:42 pm
by rechandler
Sure, so now I've got this:
/interface bridge port
add bridge=bridge-guest horizon=1 interface=wlan-guest1
add bridge=bridge-guest horizon=1 interface=wlan-guest2
That's all?