Did that. But it's not all that important. I doubt they'll know what to do to get to each other. I'm more worried about them connecting to the modem and what's behind it.If I understand you right, you just want to use the RB2011 as an AP?
To isolate wireless clients from each other, untick the 'default forward' box on the wireless interface.
The wlan1/wlan2 was just saying that either of those are available to work with. wlan2 will only be present when a Guest WiFi is set up. But I am seeing that is not necessary. The wlan1 alone will be just fine if I could just keep users from being able to get to the "back of the house". Although, I doubt any will be sober enough. But it still could happen though. We have a lot of young techies. No need for a VAP for this. The unit will only be used as a AP. It's the only unit that I have found that has good range and stable connectivity.To prevent the wireless clients from being able to see anything on the "modem" network, you will need to create a firewall rule that blocks access to that subnet from the WLAN subnet.
The only uncertainty in your post is the comment about wlan1/wlan2. Do you want the Pub customers to be on a separate VAP?
I've read about this and saw that there were many ways to do this that I got lost. Matter of fact I think it was in a thread that you were a part of. I'm some what savvy, but right now I am so scattered that I am having problems wrapping my head around this. Otherwise, I'd have had this long since done. So any instructions would be greatly appreciated. I'm in down and dirty mode.the simplest way is to use a horizon on bridge
This is exactly what you need. In this tut. i make two wireless networks (Home(wlan1) and Guest(wlan2)) and separate them to different DHCP Pool, using firewall NAT and rules.Just got an RB2011iAS-2HnD-IN running RouterOS 6.32.3 with great hassle in shipping. UPS sent it on a detour to Puerto Rico on its way to Colorado. Anyway what I need to do is set this up so that it is a stand alone WiFi AP with a straight connection to the Internet and not able to access the Modem/Router Network or anything that is also connected to the Modem. So it can be in HomeAP mode with a Guest WiFi/wlan2 or WISP AP and use the wlan1, I just need Network Isolation. I have been searching through here all day and have found many similar situations, but no answers that will suit mine. Now I know most all the off-the-shelf consumer units that do Guest APs have a check box for Network Isolation. I realize this is a whole different ball game. I have seen many recommendations on this unit as to its great WiFi capability, which I checked out and so far it's a lot better that the billions of other units I have tried and pray it will do the trick. The Modem is a Comcast Business Grade unit that I would rather not touch. My POS, office computers, printers and Jukebox are hardwired to it. That's the reason for needing the network isolation. Although my POS has its own stand alone Redbox Firewall, this access needs to be "separate".
My set up will be:
Hardwire connection from Modem/Router > RB2011iAS-2HnD-IN > Pub Customers
Any assistance will be greatly appreciated.
Thank you. The Macedonian translation is a trip. But now before I proceed, I am taking the unit in to see if the power of the WiFi is what it is professed to be and be of use to me. Which I should have done before posting here, but I was hoping to set the unit up before I take the thing in and be done. Although, I did know better, good things are not that easy and I knew that when I bought this.This is exactly what you need. In this tut. i make two wireless networks (Home(wlan1) and Guest(wlan2)) and separate them to different DHCP Pool, using firewall NAT and rules.
Follow images from tutorial: http://www.mikrotikmacedonia.net/index. ... ,43.0.html
Isolation from everything will be just fine. There will be no wired users and even if there were, isolation would be just fine and wanted. So I would do it on wlan1, since that's all there really needs to be. So how do I use/do "horizon"?using horizon you can isolate wired lan from wlan1 and from wlan2 and vice-versa sharing dhcp and lan addressing the problem with horizon is wlan users get isolated from wired lan users some times you dont want that