Community discussions

 
User avatar
mrmut
Member Candidate
Member Candidate
Topic Author
Posts: 134
Joined: Mon May 18, 2009 2:10 pm

Simplest way to isolate WiFi users?

Sat Jul 14, 2018 2:52 pm

I have a network with several WiFi access points. They are in bridge mode, which is fine currently, but I am thinking of making WiFi users completely isolated from rest of the network.

What is the best way to do it? My idea is to set some kind of Firewall rule that will allow communication only between firewall users and gateway for internet access?

Thanks
 
sutrus
newbie
Posts: 26
Joined: Fri Jun 30, 2017 11:27 pm

Re: Simplest way to isolate WiFi users?

Sat Jul 14, 2018 6:32 pm

Interface -> Wireless -> disable Default-Forward
 
UpRunTech
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Fri Jul 27, 2012 12:11 pm

Re: Simplest way to isolate WiFi users?  [SOLVED]

Sun Jul 15, 2018 2:19 am

Disabling default forward will work only on each AP. Wireless devices on different APs will still be able to see each other. The solution here is to use CAPSMAN with local forwarding and default forward disabled. That way there is only one logical bridge on the Wifi network and you can then use some firewall rules to keep this Wifi bridge traffic separated from the wired traffic. Maybe use 2 separated subnets (and 2 DHCP servers as a result). Just make sure the CAPSMAN controller has enough beefcake to deal with the anticipated traffic. RB2011 and similar devices with a single core will not cope so well. Use a newer HAPAC2, HEX or 3011 (or other multicore router).
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1736
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Simplest way to isolate WiFi users?

Sun Jul 15, 2018 5:25 am

use horizon on bridges

Who is online

Users browsing this forum: No registered users and 3 guests