Community discussions

MikroTik App
 
Martinrossouw
just joined
Topic Author
Posts: 2
Joined: Mon Jun 20, 2022 11:14 pm

Routing second network isolated to main?  [SOLVED]

Mon Jun 20, 2022 11:48 pm

Hi, Im wondering if anyone can help me, I've scoured the internet as deep as I dare and can't find anything that could help me. I am a network administrator, so I know enough to get by, but I think this is a little advanced for what I know and I have never done anything like this. I need to connect a client's home (internet) with their business, but the conventional 'connect two arials and stick it on the roof' deal wont work as there are mayor obstacles in the way, and buying more arials is not an option, but I have another client's Mikrotik omni in a perfect position to link them up. I've talked it over with him and I can route them through his omni, but I need to find a way to isolate his network from theirs. I've done my digging and found talk about firewall rules(which I am decently familiar with, but still slightly confused), and VLAN(which I understand the idea behind, but have never worked with before), but nothing like what I want to do. I'm sure I'm going to need a mix of both, but don't know how I would go about it, I know how to work with firewall rules, but vlan is very new to me. I want to isolate the two wlan devices, whether through IP or MAC, so that neither business can see the other's devices or data. There are currently only three devices on the omni, so it is not a problem if I need to make mayor changes. Please help me.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Routing second network isolated to main?

Tue Jun 21, 2022 5:25 pm

If the other client's omni will be a single intermediate hop, directly serving both "first client"'s wireless devices, then you could add a virtual AP to the other client's omni, set it to ap-brudge mode, configure private security profile, set it with default-forwarding=yes (which seems to be default anyway) and don't add it to any bridge nor set it with IP settings. Which then makes it a (L2) hub for connected wireless clients. Then set up wireless gear on "first client"'s locations as clients to the new VAP (with disabled client roaming) ... and configure those as if they were connected point-to-point.
When everything's up and running, you might want to hide SSID of VAP ... not that it offers huge improvement of security, but there's no need to advertise the PtP link over single hop either.
 
Martinrossouw
just joined
Topic Author
Posts: 2
Joined: Mon Jun 20, 2022 11:14 pm

Re: Routing second network isolated to main?

Tue Jun 21, 2022 8:34 pm

Thanks, I believe I actually understand what your saying and it makes a lot of sense, thank you.

Who is online

Users browsing this forum: dj23, kovacspro, spookymulder84, tjanas94 and 26 guests