Community discussions

MUM Europe 2020
User avatar
Member Candidate
Member Candidate
Topic Author
Posts: 159
Joined: Mon May 18, 2009 2:10 pm

Simplest way to isolate WiFi users?

Sat Jul 14, 2018 2:52 pm

I have a network with several WiFi access points. They are in bridge mode, which is fine currently, but I am thinking of making WiFi users completely isolated from rest of the network.

What is the best way to do it? My idea is to set some kind of Firewall rule that will allow communication only between firewall users and gateway for internet access?

Posts: 27
Joined: Fri Jun 30, 2017 11:27 pm

Re: Simplest way to isolate WiFi users?

Sat Jul 14, 2018 6:32 pm

Interface -> Wireless -> disable Default-Forward
Member Candidate
Member Candidate
Posts: 108
Joined: Fri Jul 27, 2012 12:11 pm

Re: Simplest way to isolate WiFi users?  [SOLVED]

Sun Jul 15, 2018 2:19 am

Disabling default forward will work only on each AP. Wireless devices on different APs will still be able to see each other. The solution here is to use CAPSMAN with local forwarding and default forward disabled. That way there is only one logical bridge on the Wifi network and you can then use some firewall rules to keep this Wifi bridge traffic separated from the wired traffic. Maybe use 2 separated subnets (and 2 DHCP servers as a result). Just make sure the CAPSMAN controller has enough beefcake to deal with the anticipated traffic. RB2011 and similar devices with a single core will not cope so well. Use a newer HAPAC2, HEX or 3011 (or other multicore router).
User avatar
Forum Guru
Forum Guru
Posts: 1749
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia

Re: Simplest way to isolate WiFi users?

Sun Jul 15, 2018 5:25 am

use horizon on bridges

Who is online

Users browsing this forum: MSN [Bot] and 27 guests