I thought quickset guest wifi seperated you from everything else, after creating the guest wifi I can still login to my winbox ?
Tangent has an article about that:
https://tangentsoft.com/mikrotik/wiki?name=Isolated%20Guest%20WiFi%20Sans%20VLANs
Check if your quickset did make the settings detailed in the last part of the article.
Thanks, I’ll take a look
The guest wifi setting in quickset does not prevent access to the router itself.
You make a good point, I do want to seperate stuff like IoT devices but don’t want or need to learn about VLANS. I’ve been looking for updated Videos upwards of Router OS 7.13 for AX devices for a better solution to reading which I really strugle with. So what I can see there is make a slave wifi then a seperate network seperated by firewall rules with a seperate external DNS. Will all this work with my Hap ax2 as capsman controller?
edit: Might help to note I’m using ad-blocking and HTTPS dns
Cannot one add to the quickset (reference is still tangent’s article):
/interface wifi add … master-interface=wifi2 name=wifi2g …
/interface bridge filter add action=drop chain=forward in-interface=wifi2g
/interface bridge filter add action=drop chain=forward out-interface=wifi2g
/interface bridge port add bridge=bridge interface=wifi2g
a:
/interface bridge filter add action=drop chain=input in-interface=wifi2g
to prevent router access from the guest wi-fi?
Seems like a logical plan, but the article does touch on the external dns factor as well steering clear of the local cache etc.
As far as I can see, adding that line stops internet access period, this is what quickset does…
14:54:09 system,info device added by (*C = /interface wifi add configuration.ssid=Radio disabled=no master-interface=wifi1)
14:54:09 system,info device added by (*D = /interface wifi add configuration.ssid=Radio disabled=no master-interface=wifi2)
14:54:09 system,info device added by (*E = /interface wifi add configuration.ssid=Radio disabled=no master-interface=cap-wifi2)
14:54:09 system,info bridge port added by (*6 = /interface bridge port add bridge=bridge disabled=no interface=wifi3)
14:54:09 system,info bridge port added by (*7 = /interface bridge port add bridge=bridge disabled=no interface=wifi4)
14:54:09 system,info bridge port added by (*8 = /interface bridge port add bridge=bridge disabled=no interface=wifi5)
14:54:10 system,info bridge filter rule added by (*1 = /interface bridge filter add action=drop chain=forward in-interface=wifi3)
14:54:10 system,info bridge filter rule added by (*2 = /interface bridge filter add action=drop chain=forward out-interface=wifi3)
14:54:10 system,info bridge filter rule added by (*3 = /interface bridge filter add action=drop chain=forward in-interface=wifi4)
14:54:10 system,info bridge filter rule added by (*4 = /interface bridge filter add action=drop chain=forward out-interface=wifi4)
14:54:10 system,info bridge filter rule added by (*5 = /interface bridge filter add action=drop chain=forward in-interface=wifi5)
14:54:10 system,info bridge filter rule added by (*6 = /interface bridge filter add action=drop chain=forward out-interface=wifi5)
14:54:10 system,info static dns entry changed by (/ip dns static set *1 address=192.168.0.254)
14:54:10 system,info dhcp client changed by (/ip dhcp-client set ether1 disabled=no interface=ether1)
14:54:10 system,info device changed by (/interface set wifi1 disabled=no; /queue interface set wifi1; /interface wifi set [ find ] configuration.mode=ap disabled=no)device changed by (/interface set wifi2 disabled=no; /queue interface set wifi2; /interface wifi set [ find ] configuration.mode=ap disabled=no)device changed by (/interface set bridge disabled=no; /interface bridge set bridge disabled=no protocol-mode=rstp; /queue interface set bridge)
14:54:10 system,info device changed by (/interface set cap-wifi2 disabled=no; /queue interface set cap-wifi2; /interface wifi set [ find ] configuration.mode=ap disabled=no)
I’ll go the other way when I have a little more time to play!
I don’t know, maybe the bridge filter rule need to be narrowed to the device address?