Joined: Thu Apr 01, 2010 9:03 am

Need a solution for hotspot user segregation

Wed Sep 28, 2011 1:09 am

Hi there,
I was wondering if someone could help me adjust a hotspot setup so that each user, whether they connect by wireless or LAN I'd like to segregate them from each other. My idea was to give each user a separate VLAN to do this, but to be honest I'm not sure how I'd go about adjust the hotspot to allow this.

Could someone help me with this or any other methods they can think of.

Thank you.
Joined: Tue Aug 11, 2009 3:19 am

Re: Need a solution for hotspot user segregation

Wed Sep 28, 2011 1:22 am

Wirelessly you'd need to disable forwarding on the wireless interface so that frames between users aren't forwarded in hardware on the radio itself. Then all traffic to the router or other APs goes through the firewall, where you can drop it. You may have to include bridge filters here, or turn on use of the IP firewall for bridged interfaces depending on your network. That's for RouterOS APs, if you are using other APs you will have to see if they support client isolation.

For wired connections you will need to buy switches that can implement layer 2 security. Many implementations call these 'private VLANs'. The router is unaware of it, it's all in the switches.

You cannot implement solutions such as 'one VLAN per user'. You'll have to find a way to make your current equipment implement client isolation, or purchase equipment that has such a feature if your current equipment doesn't support it.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

