MikroTik Tutorial 31 - LAN & WiFi Client Isolation
ฝัง
- เผยแพร่เมื่อ 2 มิ.ย. 2017
- Learn MikroTik RouterOs Tutorial Series (english)
In this tutorial, I will show you how to isolate LAN & WiFi Clients.
Website:
www.tksja.com
You will need any one of these Mikrotik routerboard router for this tutorial:
RB951Ui-2nD hAP
RB3011UIAS-RM
RB2011UiAS-2HnD-IN
RB750Gr2
hEX RB750Gr3
RB2011iLS-IN
CRS109-8G-1S-2HnD-IN
hAP lite
hAP ac lite tower
mAP lite
wAP
RB951Ui-2HnD
RB951G-2HnD
RB2011UiAS-2HnD-IN
RB941-2nD-TC - วิทยาศาสตร์และเทคโนโลยี
And I wonder why they say that Mikrotik is difficult to configure. Only you need to know a few basic rules and everything can be configured so neatly. Many thanks for this tutorial. It was a must!
Man every time I'm looking for a particular thing to do on a Mikrotik router, you always pop up in the YT search.
Iya mi hafi tell yu dat you good, fi real! When mi come a yard a Christmas mi haffi link yu up!
You've helped me out a lot with my clients.... as I'm new to Mikrotik!
You are doing a good job for free. More blessing
I can’t believe how easy this was... the more I work with these router the more I live them
Great!
Best tutorials ever , thank you so much for your efforts
first of all thanks for good explination
what comes to my mind is this way actually also blocks mac spooofing and arp spoofing? specially when u have in the bridge vlans?
because i use a bridge filter rule to drop all forwarding so nothing well pass in the local network
i can send you the rules and hole settings that i use so we can check which one is better and less impacting on router performance
greetings
thank u so much for the time u invest in doing this videos i learned a lot
Oce You are welcome.
Very helpful this. Thanks
hi TKSJA, thank you for all your tutorials, I've use this one to isolate user, and I also add a rule to stop this isolation between a specific user, I call this user “OK_full” on “address list”.
Its work as I want between wifi user and Ethernet user (isolation stoped), but the isolation is keep between wifi user. The “Default forward” on wifi is one of this raison, have you an idea to do the same things between wifi and lan users.
I added vlan20 like you did in tutorial 39, for guest wifi. So I have vlan20 being given 192.168.20.1/24 addresses, and I want to stop connections from devices on vlan20 to the network on 192.168.88.1/24.
I tried adding a rule like this: src = 192.168.20.1 - 192.168.20.255, dst = 192.168.88.1 - 192.168.88.255, reject
but i'm still able to connect to devices on 192.168.88.1/24 from 192.168.20.1/24 (I enabled Use IP Firewall and Use IP Firewall for VLAN)
Obrigado., do Brasil.
thank you for the job
You are welcome
by the way there is auto isolation in the bridge ports menu i think its also does similar function,sorry didnt try it so not sure
Is it possible to access my AP's in hotspot network on my LAN network? They are in two different networks.
Hi there, please make a tutorial video about configure about Eoip tunneling on microtik. Thnx
what if i have a switch/router on bridge mode between client and mikrotik router, i tried and this wont work, i tried to trace route and the connection goes to the specific client without going to router first
How can i switch of/on data to my clients, please reply
Thank u so much for this. Can u help with some modification. Coz i have an administrator pc connected via wlan0 so i have to check default forwarding for it to access the other pc. How can i make the packets running on wlan0 go thru firewall filter i created
Just create a another virtual AP for the administrator in the same network subnet
whatif the client is on a different LAN with diff ip range and not on the same bridge? what should be the address list?
Hi Rodrick, could you let me know what does the IP Vlan Firewall checkbox is for?
This forwards all layer 2 VLAN traffic through the firewall instead of going directly to the intended device. This is useful if you want to filter VLAn traffic.
Since the connection between devices occurs on the switch, which is located below your router, many APs find it challenging to accomplish this.
I tested it on my structure and it does not work. My routerboard is RB3011UIAS-RM
Hi thanks for the videos, on my router setup is only intefaces used, no bridges. Can we also isolation lan clients
+Ertugrul Usta Here is a video on client isolation th-cam.com/video/UsgJFhkHB9g/w-d-xo.html
i check this video several times but on my router is only erher1 interfaces on this etfaces there is no "use ip fiefall" tick
👏 👏 👏
i have another question, if there is 2 network and if you want the first network allowed access to the second network, and the second network don't allowed to access to the first network.
+Reden Dimaano Create a firewall filter rule like this src address = network 2 & dst address = network 1 action = drop
Can you post a new video for V7 and wifiwave 2?
and how you do non-isolation? example: I am on lan and can' see clients on wifi, but I want to see them?
well, I figured it out after "some" time. In bridge/filters you make a rule forward chain-IN. interface list: LAN - OUT Interface list: LAN, accept. And in Interfaces/Interfaces List you make a list, my example LAN and add every interface to this list you want,... eth2,eth3, wlan1,wlan2.. well, first you must make a list, ofc.
Is it possible to exempt some IP addresses, say for printing and file sharing?
Yes
please tell how, i wanted to connect my NAS beyond my wifi.
can lan games still work while in this kind of settings
If the PC need the communicate with other PCs on the network then the answer is no.
What advantage does it give me to do it on my wisp network?
Not much, it all depends on what you want to achieve.
Please, is it work on router board 5.20 ?
I am not sure, try it and let me know.
Ok
Please help me
I need to add new user on my winbox.But i dont know anything about winbox.
MikroTik Tutorial 3 - Access Control
th-cam.com/video/f8uXI8KI72I/w-d-xo.html
As far as I understood it's a mirrored rejection? Yep?
reject is bad practice, consider drop.
hmm...on my case this rule does't work.
Ensure that "use IP firewall" is selected in the bridge settings.
yes it is, but still not working
how many interfaces did you apply on port?