Hwo to add guest Wifi? (with Mikrotik Cloud Router and hAp ac)

surfek · May 22, 2018, 8:27am

Hi,

I have Mikrotik Cloud Router (doing my LAN DHCP (192.168.9.1/24) and routing, with PCC setup to do load balancing for 2 WAN-internet networks) and connected hAP access point with LAN wireless configured.
I would like to add guest wifi (other SSID with network isolation - no access to LAN, just internet).
On hAP ac I configured:

virtual access point for guest SSID
dedicated network e.g. 192.168.99.1/24 with DHCP server for this network
guest bridge
Network is working (I can connect and obtain IP), but of course there is no internet connection as I am missing this part in my config.
Question how to configure it so guests users from 192.168.99.1/24 network on hAP ac are routed to internet but do not have access to whole LAN (192.168.9.1/24 network)?

Thanks for help,

Michal

2frogs · May 22, 2018, 10:52am

You are most likely missing a src-nat.

/ip firewall nat add chain=src-nat src-address=192.168.99.0/24 out-interface=bridge action=masquerade

set out-interface to the bridge for your main network.

To block access from guest to lan:

/ip firewall filter add chain=forward src-address=192.168.99.0/24 dst-address=192.168.9.0/24 action=drop