Hello!
I am thinking about how to prevent access to the winbox for guest wifi by defining mac addresses. If you have an idea, please write it. I think you need to create a firewall rule for the allowed ones and another one to block all the others. I currently have a guest wifi network created with the quick setup. Thanks
I think the best solution would be creating separate VLAN and virtual wifi interface for guest network and then create new interface list called guests or something and add new VLAN to that list. That way your trusted LAN network can access winbox but newly created network can’t
Thank you for taking the time to ask. Your suggestion sounds like a good idea. How should this be implemented? Should everything be reset, or can it be done without it?
If you played with quickset then i think it would be a good idea to reset the device. Then you can create two separate VLANs, one for your main network and one for your guest network.
What device are you using ? Do you have any complex configuration or are you using default configuration ?
I have a basic configuration, with as many differences as the Back to Home wireguard, a couple of black filter rules and the port forwald are set for a couple of devices. My device is hAP ax³ and the routeros is 7.15
Look into topic @infabo posted and see if you want to go that way first.
I would rather use the two separate VLANs you suggested. Is there a step-by-step description or video somewhere to set this up?
It is a single bridge filter rule necessary to achieve what you want.
But you prefer risking to fuck up (by loosing access to your device, introducing unnecessary complexity, …) your whole configuration just because you like VLANs. Okay, go ahead.
There is a lot of material on youtube. TheNetworkBerg have great series on VLANs. Also there is great topic created by @pcuinite: http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/246
But as @infabo stated it’s more complicated than solution he proposed. I wasn’t aware of that topic so I didn’t suggest that.
If you want to learn networking or more about RouterOS then this is a good way to learn something but as @infabo warned you, there is great chance that you get locked out of the router. There are steps that need to be preformed before messing with VLANs.
If you want to proceed with VLANs then i suggest you to read topic i linked you and maybe watch some of the videos. Try to config router yourself and if something is not working come back here with config export and we will help you.