hi. i setup hotspot on wifi interface and it works fine. i uncheck default forward tik in wifi and users can not see each other. but when a user login to hotspot it can ping other interfaces of router.
what is my options to isolate hotspot users in layer2. they can access wifi and go to internet via pppoe interface. maybe vlan. or my option is firewall?
thanks. routeros 6.43.4 on rb951
As long as guest traffic only lives inside single device (single routerboard) it is enough to properly use firewall. If traffic leaves one device and enters another one (e.g. AP separated from router), it’s best to use VLANs.