hi
can any one guide me on how can i stop lan users from accessing each other
what i mean is i have setup and hotspot on the device(Wired not wireless)
when 2 users are connected to hotspot they can ping and connect each other
what i want is user should be able to access gateway only
Two options:
Create a firewall rule to drop all traffic not routed to gateway ip address or 0.0.0.0 (make sure bridge firewall is on)
Add Ethernet ports to bridge (not switch slave) and assign bridge Horizon all the same.
Your only real option is to isolate the users on the layer2 network. When two users talk to each other on the same layer2 network, they need not use the router to get to each other, and therefore they don’t. No amount of firewall rules/blocking will do anything to prevent that since the traffic never flows over the router. This means you need to buy hardware that the guests connect to that supports this functionality.
so this is not possible??
Yes it is possible, but only depending on your setup.
If you are using wiresless, set client isolation (disable default forwarding on mikrotik wireless). If you are using the inbuilt mikrotik ethernet ports, use bridge horizons or firewall rules.
If you are expanond the wired network, use managed L2 switches, using port isolation or make every port a different vlan and trunk back to the mikrotik and use bridge horizons..