Page 1 of 1

Simplest way to isolate WiFi users?

Posted: Sat Jul 14, 2018 2:52 pm
by mrmut
I have a network with several WiFi access points. They are in bridge mode, which is fine currently, but I am thinking of making WiFi users completely isolated from rest of the network.

What is the best way to do it? My idea is to set some kind of Firewall rule that will allow communication only between firewall users and gateway for internet access?

Thanks

Re: Simplest way to isolate WiFi users?

Posted: Sat Jul 14, 2018 6:32 pm
by sutrus
Interface -> Wireless -> disable Default-Forward

Re: Simplest way to isolate WiFi users?  [SOLVED]

Posted: Sun Jul 15, 2018 2:19 am
by UpRunTech
Disabling default forward will work only on each AP. Wireless devices on different APs will still be able to see each other. The solution here is to use CAPSMAN with local forwarding and default forward disabled. That way there is only one logical bridge on the Wifi network and you can then use some firewall rules to keep this Wifi bridge traffic separated from the wired traffic. Maybe use 2 separated subnets (and 2 DHCP servers as a result). Just make sure the CAPSMAN controller has enough beefcake to deal with the anticipated traffic. RB2011 and similar devices with a single core will not cope so well. Use a newer HAPAC2, HEX or 3011 (or other multicore router).

Re: Simplest way to isolate WiFi users?

Posted: Sun Jul 15, 2018 5:25 am
by chechito
use horizon on bridges