Community discussions

MikroTik App
 
hardtik
just joined
Topic Author
Posts: 15
Joined: Sat Apr 15, 2017 11:00 pm

Connect clients of virtual Wi-Fi interface

Sat Sep 25, 2021 10:10 pm

Hi guys,

I need your help... with my "hAP ac" device configuration.
I have main wireless interfaces like wlan1 and wlan2 (2.4G & 5G), and each of them has own virtual interface (3,4).
Clients of main interface for example wlan1 can reach each other. But clients of virtual interface are isolated.
It is default behaviour and it is exactly what I needed before (so I do not know how to enable it on virtual interface, I just created it).

Now I have to get more complex configuration. I need one more virtual wireless interface with own SSID, which allows to control LAN resources available for clients.
So each client of that Wi-Fi network will be able to access specific IP/Port of single machine (connected via Ethernet port) and still not be able to connect each other.

Is it doable with RouterOS?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: Connect clients of virtual Wi-Fi interface

Sat Sep 25, 2021 11:17 pm

Just create a new virtual-Interface , identical to your previous Vitural and Isolated Wifi-Interface.
Via the Firewall you can Accept and Block the access between your networks.
 
hardtik
just joined
Topic Author
Posts: 15
Joined: Sat Apr 15, 2017 11:00 pm

Re: Connect clients of virtual Wi-Fi interface

Sun Sep 26, 2021 12:45 am

OK, thanks, I will check.

Though it is not clear for me which firewall rule (defcon) is responsible for accepting connection for default interface.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: Connect clients of virtual Wi-Fi interface

Sun Sep 26, 2021 12:57 am

if I am not mistaken, the "defcon" Firewall will not block any traffic between local Networks.
So you will have to add new rules unter "/ip firewall filter"

Give us a heads up if you need help with it !
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: Connect clients of virtual Wi-Fi interface

Sun Sep 26, 2021 1:06 am

You will have to check some things ...


- Some WLAN interfaces with "Default forward" enabled (clients can see each other) or not
- "Access list" can overrule "Default forward" set in WLAN interface
- WLAN interface connected to a bridge or not.
- bridge or unconnected interface member of some interface lists . "LAN" and "WAN" are default (defcon) interface list names that are used in the default firewall rules.
- bridged interfaces traffic does not pass the firewall, if not forced to use "Use IP firewall" in bridge "Settings" menu.
 
hardtik
just joined
Topic Author
Posts: 15
Joined: Sat Apr 15, 2017 11:00 pm

Re: Connect clients of virtual Wi-Fi interface

Sun Sep 26, 2021 1:29 am

Yes, some example will be helpful to be sure that I do all correctly.
 
hardtik
just joined
Topic Author
Posts: 15
Joined: Sat Apr 15, 2017 11:00 pm

Re: Connect clients of virtual Wi-Fi interface

Sun Sep 26, 2021 3:12 am

- Some WLAN interfaces with "Default forward" enabled (clients can see each other) or not
Both has "Default forward" enabled, but works different.
- "Access list" can overrule "Default forward" set in WLAN interface
Nothing is specified in lists.
bridge or unconnected interface member of some interface lists . "LAN" and "WAN" are default (defcon) interface list names that are used in the default firewall rules.
Not sure I understand well, all ports are connected to Bridge (some of them has Role disabled, probably cause not connected).
- bridged interfaces traffic does not pass the firewall, if not forced to use "Use IP firewall" in bridge "Settings" menu.
Yes it is unchecked.

But probably I have found the reason. It has Filters tab there.
So 4 rules for drop forward in/out... wlan3 and wlan4.
That was the reason.

I guess setup rules there is better than in Firewall from point of view of performance. I have found the way to enable IP section there.

But unfortunately it does not work (MAC-Protocol-Num and port "800 (ip)").

Who is online

Users browsing this forum: No registered users and 29 guests