Dear Members
I have two Mikrotik hAP installed in a guest house, i want to disable client to client communication. Upon doing some research it was advised to turn off default forwarding on each device antenna (2.4/5Ghz).
I tested this, however, upon doing a network scan via FING from my android phone, all devices are still shown.
Am I missing something?
Thanks in advance, for your help.
Regards,
FoxJr
The forwarding setting only blocks client-to-client forwarding when both clients are served by same AP. If you want to block connectivity between clients of different APs, you have to use either bridge filtering on common device (either switch or router, where APs are connected to different ports of same bridge) or use different subnet (can be overlaid to different VLANs) and use IP firewall.
So the easy thing to do here is have Guess WIFI Upstairs and Guest Wifi Downstairs as two separate SSIDs, being fed by two different vlans.
Then in the forward chain they are blocked automatically if your last forward chain rule is drop all else. Combined with same AP default forwarding turned off should do the trick.
Would setting the “bridge uses firewall” setting get this done?
It would if HW offload was disabled for involved ports. And if APs were connected to different ports of a bridge.
So if I am understanding correctly, if i set port isolation on the ubiquity switch to which the hAP is connected I should achieve the desired result correct?
Yes.
Thanks, i will test and revert back accordingly.
if there are still hurdles to take, you may read http://forum.mikrotik.com/t/client-isolation-within-vlan-and-fast-roaming/151704/1