Community discussions

MikroTik App
 
FoxJr
just joined
Topic Author
Posts: 16
Joined: Thu Apr 26, 2018 9:19 pm

Wireless Client Isolation

Sun Mar 21, 2021 8:04 pm

Dear Members

I have two Mikrotik hAP installed in a guest house, i want to disable client to client communication. Upon doing some research it was advised to turn off default forwarding on each device antenna (2.4/5Ghz).

I tested this, however, upon doing a network scan via FING from my android phone, all devices are still shown.

Am I missing something?

Thanks in advance, for your help.

Regards,
FoxJr
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Wireless Client Isolation

Sun Mar 21, 2021 11:12 pm

The forwarding setting only blocks client-to-client forwarding when both clients are served by same AP. If you want to block connectivity between clients of different APs, you have to use either bridge filtering on common device (either switch or router, where APs are connected to different ports of same bridge) or use different subnet (can be overlaid to different VLANs) and use IP firewall.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireless Client Isolation

Mon Mar 22, 2021 1:41 am

So the easy thing to do here is have Guess WIFI Upstairs and Guest Wifi Downstairs as two separate SSIDs, being fed by two different vlans.
Then in the forward chain they are blocked automatically if your last forward chain rule is drop all else. Combined with same AP default forwarding turned off should do the trick.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: Wireless Client Isolation

Wed Mar 24, 2021 5:58 pm

Would setting the "bridge uses firewall" setting get this done?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Wireless Client Isolation

Wed Mar 24, 2021 8:30 pm

Would setting the "bridge uses firewall" setting get this done?

It would if HW offload was disabled for involved ports. And if APs were connected to different ports of a bridge.
 
FoxJr
just joined
Topic Author
Posts: 16
Joined: Thu Apr 26, 2018 9:19 pm

Re: Wireless Client Isolation

Thu Mar 25, 2021 2:01 pm

The forwarding setting only blocks client-to-client forwarding when both clients are served by same AP. If you want to block connectivity between clients of different APs, you have to use either bridge filtering on common device (either switch or router, where APs are connected to different ports of same bridge) or use different subnet (can be overlaid to different VLANs) and use IP firewall.
So if I am understanding correctly, if i set port isolation on the ubiquity switch to which the hAP is connected I should achieve the desired result correct?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Wireless Client Isolation

Thu Mar 25, 2021 8:50 pm

Yes.
 
FoxJr
just joined
Topic Author
Posts: 16
Joined: Thu Apr 26, 2018 9:19 pm

Re: Wireless Client Isolation

Fri Mar 26, 2021 9:40 pm

Yes.
Thanks, i will test and revert back accordingly.
 
PackElend
Member Candidate
Member Candidate
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: Wireless Client Isolation

Mon Jul 04, 2022 5:41 pm

Yes.
Thanks, i will test and revert back accordingly.
if there are still hurdles to take, you may read viewtopic.php?t=178333

Who is online

Users browsing this forum: Amazon [Bot], morphema, Ponytred and 40 guests