I
I
Ivan Panteleev2013-11-16 14:52:03
Computer networks
Ivan Panteleev, 2013-11-16 14:52:03

Setting up two isolated WiFi networks on RouterOS

There is a network with the following topology:
01370cfe3165663e1e76e91f44e1cb29.png
There are two access points (Mikrotik SXT 5HnD) with a wifi bridge between them, and an AP that is now acting as a wireless switch and distributing wifi within the house (Mikrotik Groove A-52HPn).
It doesn't work for me to create two isolated WiFi networks, one "guest" and one "home".
I tried to organize VLAN2 on 192.168.88.2 and raise a separate DHСP server for it (distributing addresses in 10.0/24 subnets), and configure VirtualAP on 192.168.88.3 and combine it into a bridge with VLAN2, but this approach failed.
Can you tell me how to solve this problem correctly?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
L
LAA, 2013-11-16
@Yekver

Hey!
The idea is correct in my opinion.
It is necessary to organize a vlan interface on the groove.
Combine this vlan and radio interface into a single bridge.
At the same time, on the Ethernet interface, you must leave the IP address from the 88th network so as not to lose access.
Next, create the same vlan on 88.2 on the physical interface in which the groove is included.
Well, then everything is simple.
If anything - in a personal.

K
Kirill Vasiliev, 2013-12-17
@vasilevkirill

it's so hard to understand the skinte config!

A
ASPI, 2014-04-24
@ASPI

What kind of loss of access are you talking about? winbox can connect to Mikrotik without IP addresses.
In your case, it was generally possible not to set IP addresses on SXTs, but to make a transparent bridge (192.168.203.70 you will receive a second SXT on ether1 after 2 km - in fact, there will be a wireless twisted-pair extender).
I would do this, the wlan1 home network is a guest on the virtual AP - wlan2, both are in the local bridge, the
addressing is the same, but the traffic through wlan2 is either marked and denied to the home network (and shaped) or simply banned by the interface.

C
Cool Admin, 2014-06-05
@ifaustrue

If you have not decided yet - write, I will help you set it up.
In short, you raise a virtual AP, raise a separate masquerading for it on the firewall, and make traffic rules prohibit connecting to the local network, only to remote ones.
You raise a separate dhcp for the virtual AP interface, or even set the hotspot package on it =)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question