hello good day fellow MT users, i have a RB532 box that im using as a router and a hotspot. everything is working good and well. i was just wondering if i could set client isolation on the hotspot network. [ i don’t have a built-in AP on the RB532 box] so i can’t disable the default forwarding feature on the wlan.
is this possible without the built-in wireless AP device/?
Thank you
yes, you can. make ip-binding and use type=blocked.
futhermore, try
this manual for any other information.
Regards,
C. G.
hello,
what do you mean by try ip binding = block, i don’t want to block clients. what i want to do is not let clients see each other on the wifi lan network.
i also use ip binding for bypass purposes.
thank you
yup
by bypass away mean as the client will get your internet connection without authentication....
Hi:
I have the same situation in my network it is very important to me to isolate my clients from each other because I think it is the suitable solution for my nightmare (MAC Spoofing) (MAC Cloning)
no, you can’t. if customers are in one lan segment.
you can do that with layer3 router or even some bridge. and isolated customers have to be in DIFFERENT INTERFACE on it. futher info you can find on manual/wiki.
regards,
C. G.
I have the same problem is that my clients are folders shared between them even if the pppoe is active. How do I stop this?
Hmmm…
what shall I say. You can - but that involves quite heavy configuration on the router.
Just make sure that every client is using a /30 subnet - and apply separation filter rules on these subnets, especially forward/out-interface rules.
It’s a PITA to configure - but it is the only suitable solution.
For WLan’s - the SGS4xx Series firewalls is using exactly what you want - using the so called Mac-Address assignment.
E.g. - it publishes it’s own MAC for any request coming from the WLan on the network, and applies mac-based security based on the configuration. The easiest however is to force every user to use a VPN, to secure the network. However not really suitable for that.
And - no. I have never done such things on routerOS.
I am on my first configuration of RouterOS - where I actually only separate subnets on the Ethernet Ports.
WLan is open, not routed. Only possibility to gain access to the network there is using OpenVPN which is bridged to the internal LAN of the RB153…