Hello,
I’m trying to do guest wifi (2 virtual wlan) and create vlan for guests. Can somebody provide a configuration to do this? I also want that client don’t see each other and cannot use internal resources. I have read multiple tutorial but neither have answer to my question.
first thing disable default forwarding on wireless interface
then on bridge you have to isolate wireless lan from another user device interfaces
i there are more than one access-point or radio you will need additional settings on local infrastructure
I’ve made this configuration. Can someone check if this is ok?
/interface wireless
add default-forwarding=no disabled=no mac-address=CE:2D:E0:C9:C6:D1 \
master-interface=wlan1 name=wlan-guest1 security-profile=guest ssid=\
"Guest" wps-mode=disabled
add default-forwarding=no disabled=no mac-address=CE:2D:E0:C9:C6:D2 \
master-interface=wlan2 name=wlan-guest2 security-profile=guest ssid=\
"Guest" wps-mode=disabled
/interface bridge
add fast-forward=no name=bridge-guest
/interface bridge port
add bridge=bridge-guest interface=wlan-guest1
add bridge=bridge-guest interface=wlan-guest2
/ip address
add address=10.5.0.1/28 interface=bridge-guest network=10.5.0.0
/ip pool
add name=dhcp-guest ranges=10.5.0.2-10.5.0.14
/ip dhcp-server
add address-pool=dhcp-guest disabled=no interface=bridge-guest name=dhcp-guest
/ip firewall filter
add action=drop chain=forward comment="Drop tries to reach not WAN from guest WLAN" in-interface=bridge-guest out-interface-list=!WAN
in bridge port assign horizon 1 to wlan1 and wlan2
Sure, so now I’ve got this:
/interface bridge port
add bridge=bridge-guest horizon=1 interface=wlan-guest1
add bridge=bridge-guest horizon=1 interface=wlan-guest2
That’s all?