Answer the question
In order to leave comments, you need to log in
Is it possible in mikrotik to allow wlan clients only the Internet, and those who are in the access list also have access to the local network + DHCP from a domain controller?
Greetings!
Actually, SUBJ)
is it possible to organize such a scheme with one WiFi network (without an additional guest one): a client connecting to it, by default, receives an address from DHCP Mikrotik and access only to the Internet, but if it is in the access list, it receives an address from the controller domain and access to the local network?
Answer the question
In order to leave comments, you need to log in
If without "protection against fools", then:
1) prohibit dhcp packets between lan and wlan;
2) hang a separate DHCP server with a separate subnet on wlan
3) prohibit communication between different subnets by the rules of fireball
(you can also use vlan and not subnets)
4) who needs it - add static lease to the main grid (the one that has access to the main one)
What's the point?
There is a "Guest" network with a simple password for guests and smart employees
And a "Firm" network with a complex password that no one except the admin knows - access to the corporate network.
I can't imagine how the subject should work. The client clung to WiFi - roughly speaking, the ethernet wire was plugged into the socket. Setevuha sent a request to DHCP, received the address. Everything. This address is from the domain DHCP, or from the guest - whoever answered first, that is the address of the client.
And if you remove the DHCP server from the Mikrotik, create a bridge from WiFi and a local network? In the bridge filter, disable everything except DHCP for the WiFi interface. Add rules to the filter that allow certain MAC addresses to connect to the internal network.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question