Changes

3,811 bytes added , 30 July

no edit summary

Line 1: Line 1: −

<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.4'''] firmware version .</p>

+

<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.08'''] firmware version .</p>

==Introduction==

−

Most of us are aware, that network security is ~~extremely important~~. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.

+

Most of us are aware, that network security is critical. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest's WiFi.

==Configuring the router==

Before you start configuring the router <b>turn on "Advanced WebUI" mode</b>. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.

−

[[File:~~Networking_rutx_manual_webui_basic_advanced_mode_v1~~.gif|border|class=tlt-border]]

+

[[File:Networking_rutos_manual_webui_basic_advanced_mode_75.gif|border|center|class=tlt-border|1102x93px]]

Line 15: Line 15:

<tr>

−

<th width=950; style="border-bottom: 1px solid white;" rowspan=2>[[File:~~WiFi_interfaces~~.png|border|class=tlt-border|~~808x563px~~|right]]</th>

+

<th width=950; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_Guest_Wifi_7.8_Guest_wifi_add.png|border|class=tlt-border|800x176px|right]]</th>

</tr>

<tr>

−

Login to the router's WebUI, navigate to the '''Network → Wireless''' page. Click '''Add'''~~. You can use either, 2.4GHz or 5GHz WiFi~~. Then you will be forwarded to the configuration window.

+

Login to the router's WebUI, navigate to the '''Network → Wireless → SSIDs''' page. Click '''Add'''. Then you will be forwarded to the configuration window.

</td>

</tr>

Line 29: Line 29:

<tr>

−

<th width=950; style="border-bottom: 1px solid white;" rowspan=2>[[File:~~Create new WiFi Interface~~.png|border|class=tlt-border|866x407px|right]]</th>

+

<th width=950; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_Guest_Wifi_7.8_Guest_wifi_Interface_new.png|border|class=tlt-border|866x407px|right]]</th>

</tr>

<tr>

Line 37: Line 37:

<li>'''Enable''' instance.</li>

<li>Select mode '''Access Point'''.</li>

−

<li>Enter a custom '''~~ESSID~~'''.</li>

+

<li>Enter a custom '''SSID'''.</li>

+

<li>Enter a custom '''Password'''.</li>

<li>Expand the drop-down menu '''Network'''.</li>

−

<li>Create a new interface, ~~enter~~ a custom name '''~~Guest~~'''.</li>

+

<li>Create a new interface, by clicking '''Add'''</li>

+

<li>Enter a custom name '''GuestLan'''.</li>

</ol>

+

Once done, '''Save & Apply changes'''.

</td>

</tr>

Line 47: Line 50:

----

+

===New LAN interface===

+

----

<tr>

−

+

<th width=970; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_Guest_Wifi_7.8_Lan_interface_new.png|border|class=tlt-border|843x633px|right]]</th>

−

[[File:~~Wifi interface security~~.png|border|class=tlt-border|~~866x272px~~|right]]</th>

</tr>

<tr>

−

+

−

~~Switch to '''~~Wireless ~~Security''' tab and do the~~ following:

+

Once you have saved the Wireless interface, a new window should pop-up. Configure it as following:

<ol>

−

<li>Select '''~~Encryption~~''' ~~type~~.</li>

+

<li>Select '''Protocol''' - Static.</li>

−

<li>~~Select~~ '''~~Cipher~~''' ~~type~~.</li>

+

<li>Enter a '''IPv4 address'''.</li>

−

<li>Enter '''~~Key~~'''.</li>

+

<li>Enter a '''IPv4 netmask'''.</li>

+

<li>Enable '''DHCPv4'''.</li>

+

<li>Enable '''DHCPv6'''.</li>

+

</ol>

−

~~Once done, '''Save & Apply changes'''.~~

</td>

</tr>

</table>

−

~~===New LAN interface===~~

----

<tr>

−

<th width=970; style="border-bottom: 1px solid white;" rowspan=2>[[File:~~Guest interface config~~.png|border|class=tlt-border|843x633px|right]]</th>

+

<th width=970; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_Guest_Wifi_7.8_Lan_interface_new_firewall.png|border|class=tlt-border|843x633px|right]]</th>

</tr>

<tr>

−

~~Once you have saved the Wireless interface, a new window should pop-up. Configure it as following~~:

+

Then move to Firewall Settings section:

<ol>

−

<li>~~Select~~ '''~~Protocol~~''' ~~- Static. Confirm by clicking "SWITCH PROTOCOL"~~.</li>

+

<li>Expand '''Create / Assign firewall-zone''' menu.</li>

−

<li>~~Enter~~ a '''~~IPv4 address~~'''.</li>

+

<li>Add a new zone by clicking '''Add''' button</li>

−

<li>~~Enter~~ a '''~~IPv4 netmask'''.</li>~~

+

<li>Add a new '''Guest zone''' zone.</li>

−

~~<li>Enable '''DHCP server~~'''.</li>

</ol>

'''Save & Apply changes''' when done.

Line 87: Line 89:

</tr>

</table>

−

===Firewall rules===

----

Line 95: Line 96:

−

[[File:~~Firewall zone~~.png|border|class=tlt-border|785x261px|right]]</th>

+

[[File:RutOS_Guest_Wifi_7.8_firewall_zone_edit_button.png|border|class=tlt-border|785x261px|right]]</th>

</tr>

<tr>

−

Navigate to '''Network → Firewall → General Settings'''. There ~~create~~ a new '''Zone''' rule by pressing '''~~Add~~''' button. Then you will be forwarded to the configuration window.

+

Navigate to '''Network → Firewall → General Settings'''. There edit a new '''Zone''' rule that we added in LAN interface configuration, by pressing '''Edit''' button. Then you will be forwarded to the configuration window.

<ol>

Line 112: Line 113:

−

[[File:~~Firewall zone config~~.png|border|class=tlt-border|849x578px|right]]</th>

+

[[File:RutOS_Guest_Wifi_7.8_Lan_interface_zone_config.png|border|class=tlt-border|849x578px|right]]</th>

</tr>

<tr>

Line 118: Line 119:

In the '''ZONE''' page, do the following:

<ol>

−

<li>~~Enter a custom '''Name'''.</li>~~

+

<li>Change Input to '''Accept'''.</li>

−

~~<li>Add new created ''"Guest"'' LAN~~ to '''~~Covered networks~~'''.</li>

<li>Select WAN interfaces for '''Allow forward to destination zones'''.</li>

−

~~<li>Select WAN interfaces for '''Allow forward from destination zones'''.</li>~~

</ol>

When done, '''Save & Apply changes'''

Line 134: Line 133:

−

[[File:~~New traffic rule~~.png|border|class=tlt-border|787x116px|right]]</th>

+

[[File:RutOS_Guest_Wifi_7.8_firewall_traffic_rule_add.png|border|class=tlt-border|787x116px|right]]</th>

</tr>

<tr>

Line 142: Line 141:

<li>Select '''Add new forward rule'''.</li>

<li>Enter a custom '''Name'''.</li>

−

<li>Select ''"~~guest_zone~~"'' for '''Source zone'''.</li>

+

<li>Select ''"Guest_zone"'' for '''Source zone'''.</li>

<li>Select ''"lan"'' for '''Destination zone'''.</li>

<li>Click the '''Add''' button. Then you will be forwarded to the configuration window.</li>

Line 155: Line 154:

−

[[File:~~Traffic rule config~~.png|border|class=tlt-border|848x625px|right]]</th>

+

[[File:RutOS_Guest_Wifi_7.8_firewall_traffic_rule_config.png|border|class=tlt-border|848x625px|right]]</th>

</tr>

<tr>

Line 161: Line 160:

Do the following in the '''TRAFFIC RULES''' page:

<ol>

−

<li>'''~~Enable~~''' ~~instance~~.</li>

+

<li>Choose Protocols from drop down menu '''UDP TCP'''.</li>

<li>Change the '''Destination zone''' to ''"Device (input)"''.</li>

<li>Enter the '''Destination port''' to reject. By default ports 22, 80, 443 are used to access the web user interface and SSH.</li>

−

<li>Change the '''Action''' to ''"~~Reject~~"''.</li>

+

<li>Change the '''Action''' to ''"Drop"''.</li>

</ol>

'''Save & Apply''' changes.

Line 170: Line 169:

</tr>

</table>

+

===Alternative Firewall rules===

+

----

+

+

<tr>

+

+

+

[[File:RutOS_Guest_Wifi_7.8_firewall_zone_edit_button.png|border|class=tlt-border|785x261px|right]]</th>

+

</tr>

+

<tr>

+

+

If you wish to block all the device ports and only allow the user to access internet, then we will need to configure firewall rules alternatively. Navigate to '''Network → Firewall → General Settings'''. There edit a new '''Zone''' rule that we added in LAN interface configuration, by pressing '''Edit''' button. Then you will be forwarded to the configuration window.

+

<ol>

+

+

</ol>

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

+

[[File:RutOS_Guest_Wifi_7.8_Lan_interface_zone_config_option_2.png|border|class=tlt-border|849x578px|right]]</th>

+

</tr>

+

<tr>

+

+

In the '''ZONE''' page, do the following:

+

<ol>

+

<li>Select WAN interfaces for '''Allow forward to destination zones'''.</li>

+

</ol>

+

When done, '''Save & Apply changes'''

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

+

[[File:RutOS_Guest_Wifi_7.8_firewall_traffic_rule_add.png|border|class=tlt-border|787x116px|right]]</th>

+

</tr>

+

<tr>

+

+

In order to disable most of the devices access to the router from Guest's_WiFi network navigate to the '''Network → Firewall → Traffic Rules''' page and do the following:

+

<ol>

+

<li>Select '''Add new forward rule'''.</li>

+

<li>Enter a custom '''Name'''.</li>

+

<li>Select ''"Guest_zone"'' for '''Source zone'''.</li>

+

<li>Select ''"lan"'' for '''Destination zone'''.</li>

+

<li>Click the '''Add''' button. Then you will be forwarded to the configuration window.</li>

+

</ol>

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

+

[[File:RutOS_Guest_Wifi_7.8_firewall_traffic_rule_config_option_2.png|border|class=tlt-border|848x625px|right]]</th>

+

</tr>

+

<tr>

+

+

Do the following in the '''TRAFFIC RULES''' page:

+

<ol>

+

<li>Choose Protocols from drop down menu '''UDP TCP'''.</li>

+

<li>Change the '''Destination zone''' to ''"Device (input)"''.</li>

+

<li>Enter the '''Destination port''' to Accept. We will need to accept ports 67 68 in order for DHCP to work and 53 for routers DNS.</li>

+

<li>Change the '''Action''' to ''"Accept"''.</li>

+

</ol>

+

'''Save & Apply''' changes.

+

</td>

+

</tr>

+

</table>

+

----

+

+

<tr>

+

+

+

[[File:Traffic_rule_move_up.gif|border|class=tlt-border|800x325px|right]]</th>

+

</tr>

+

<tr>

+

+

Then we will need to move up the traffic rule to the top, in order to be able to use these settings:

+

</td>

+

</tr>

+

</table>

==Results==

If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUTX_WiFi_2G" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.

Dziugas.Syminas

Administrators

405

edits

Namespaces

Variants

Views

More

Search

Changes

How to set up a guest WiFi network (view source)

Revision as of 16:17, 30 July 2024

Navigation menu

Personal tools

NAVIGATION

Tools

Categories