Hi, I’m basically a noob so I kindly ask to bear with me.
I’ll explain my setup: I have a house that I’m renting through AirBnB that is in front of my home. In order to save some money I’ve bought two wap60ghz to share my internet connection with the AirBnB. Due to security reasons I want the AirBnB to be isolated from my main network. As far as I’ve been able to gather, there are three options to accomplish this:
Use a VLAN
Port Isolation
Setup a different subnet with firewall rules
However, here is an issue. I can’t access the configuration of my ISP’s router so option 1 is out of the table. The antennas don’t support port isolation and even if they did I’m not sure it’d work the way I want to. The only option left is number 3 and it’s the one I’ve been trying to configure. The network that I’m trying to achieve is this:
I’m trying to use the slave antenna as the router for the 192.168.1.1 subnet.
So far, I haven’t managed to make it work. I’ve set up a DHCP client in the wireless interface and I can ping google.com and 8.8.8.8. I’ve setup a DHCP server on the ether1 interface that assigns ips to the downstream devices but I can’t ping google nor 8.8.8.8 nor 192.168.18.1 from that interface and downstream devices don’t have access to the internet.
Could someone help me with this issue? The configuration of the slave antenna is attached below. Thank you in advance. myconfig.rsc (2.24 KB)
I think it won’t be possible to separate the subnets on the antenna, but rather on the access point because the antennas act as a wireless extension of the ISP modem subnet and also don’t have enough interfaces to do routing on them. That’s why you should make the AP the DHCP server
I forgot to mention this, but I can’t use the access point as a router because it’s an old isp router that I’m repurposing as an access point. It basically lacks any configurability beyond deactivating the dhcp server to use as an AP. Also, it doesn’t have a WAN port because it has the fibre modem integrated in it.
So, is it not possible to use the mikrotik antennas as routers to create a subnet? Neither the master nor the slave antennas?
Actually there might be a way - if you create a bridge on the slave antenna as per instructions on how to create a PtP link, fix the mode of the W60G interface to station-bridge, assign to the bridge only the W60G interface and add static address and default route for the bridge, then it might work:
What I would do is get a hapax3 for example and ignore the ISP modem router altogether just use the feed from it as private WANIP to the hapax3 and all devices connect to the hapax3.
Thanks TheCat12 for pointing out the mistake I made with the wlan configuration and with the suggestion.
I’ve now managed to have internet access with the devices connected to the 192.168.1.0 subnet. However, I’m not sure how to make the devices in the 192.168.1.0 subnet stop seeing the devices in the main 192.168.18.0 subnet. Can I block that type of traffic from the antenna with firewall rules or something? If so, how could I do that?
