Difference between revisions of "Template:Networking rutos configuration example guest wifi"

Revision as of 12:01, 2 July 2020

Introduction

Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.

If you're having trouble finding some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.

Configuring home router (RUTX)

New LAN

File:Networking rutx configuration examples guest wifi 2 v1.png

Login to the router's WebUI, switch to ADVANCED mode and navigate to the Network → Interfaces page and do the following:

Enter a custom name.
Click the Add button.

	File:Networking rutx configuration examples guest wifi 2 v1.png
Select protocol Static address. Enter a IPv4 address. Enter a IPv4 netmask. Enable DHCP server. Don't forget to Save&Apply the changes.

New Wireless

File:Networking rutx configuration examples guest wifi 4 v1.png

Navigate to the Network → Wireless page and do the following:

Click Add.
Enable instance.
Select mode Access Point.
Enter ESSID.
Assign it to new Guest LAN network.
Enter Wireless security key and Save&Apply changes.

File:Networking rutx configuration examples guest wifi 5 v1.png

Wait for configuration to apply. Two Wireless Access Points should be enabled

Edit Firewall zone

File:Networking rutx configuration examples guest wifi 6 v1.png

Navigate to the Network → Firewall → General Settings page and do the following

Click the Add button.
Enter a custom name.
Add new created Guest LAN to Covered networks.
Select WAN interfaces for Allow forward to destination zones.
Select WAN interfaces for Allow forward from destination zones.
Save&Apply changes.

Results

Wireless users connected to SSID: “RUTX_WIFI”, will be assign to “LAN”, and will get IP from main pool 192.168.1.0/24.

Wireless users connected to SSID: “GUEST'S_WIFI”, will be assign to LAN “Guest”, and will get IP from new pool 10.10.10.0/24.

Guest hosts are unable to access any data from pool 192.168.1.0/24.

Namespaces

Variants

Views

More

Search

Difference between revisions of "Template:Networking rutos configuration example guest wifi"

Revision as of 12:01, 2 July 2020

Contents

Introduction

Configuring home router (RUTX)

New LAN

New Wireless

Edit Firewall zone

Results

Navigation menu

Personal tools

NAVIGATION

Tools

Categories

@@ Line 4: / Line 4: @@
 Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.
-==Configuring router (RUTX)==
+----
-Before you start configuring the router <b>turn on "Advanced WebUI" mode</b>. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.
+If you're having trouble finding some of the parameters described here on your device's WebUI, you should <b>turn on "Advanced WebUI" mode</b>. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.
-[[File:Networking_rutx_manual_webui_basic_advanced_mode_v1.gif|border|class=tlt-border]]
+[[File:Networking rutx manual webui basic advanced mode v1.gif|border|class=tlt-border]]
+==Configuring home router (RUTX)==
-===New WiFi AP===
+===New LAN===
-----
 <table class="nd-othertables_2">
      <tr>
          <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 3 v1.png|border|class=tlt-border]]</th>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutx configuration examples guest wifi 2 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
          <td style="border-bottom: 1px solid white>
-Login to the router's WebUI, navigate to the '''Network → Wireless''' page. Click '''Add'''. You can use either, 2.4GHz or 5GHz WiFi. Then you will be forwarded to the configuration window.
+Login to the router's WebUI, switch to '''ADVANCED''' mode and navigate to the '''Network → Interfaces''' page and do the following:
 <ol>
-     <li></li>
+     <li>Enter a custom '''name'''.</li>
-     <li></li>
+     <li>Click the '''Add''' button.</li>
-    <li></li>
-    <li></li>
-</ol>
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=395; style="border-bottom: 1px solid white;></th>
-        <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 4 v2.png|border|class=tlt-border]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white;>
-On '''General Setup''' tab do the following:
-<ol>
-    <li>'''Enable''' instance.</li>
-    <li>Select mode '''Access Point'''.</li>
-    <li>Enter a custom '''ESSID'''.</li>
-    <li>Expand the drop-down menu '''Network'''.</li>
-    <li>Uncheck the '''lan''' interface.</li>
-    <li>Create a new interface, enter a custom name '''Guest'''.</li>
 </ol>
          </td>
@@ Line 59: / Line 34: @@
      <tr>
          <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutx configuration examples guest wifi 2 v1.png|border|class=tlt-border]]</th>
-[[File:Networking rutos configuration examples guest wifi 5 v1.png|border|class=tlt-border]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white;>
-Switch to '''Wireless Security''' tab and do the following:
-<ol>
-    <li>Select '''Encryption''' type.</li>
-    <li>Select '''Cipher''' type.</li>
-    <li>Enter '''Key'''.</li>
-    <li>'''Save&Apply''' changes.</li>
-</ol>
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=395; style="border-bottom: 1px solid white;></th>
-        <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 6 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
          <td style="border-bottom: 1px solid white>
-Wait for configuration to apply. Two Wireless Access Points should be enabled
-<ol>
-    <li></li>
-    <li></li>
-    <li></li>
-    <li></li>
-</ol>
-        </td>
-    </tr>
-</table>
-===New LAN interface===
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=395; style="border-bottom: 1px solid white;></th>
-        <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration example openvpn bridge use case 12 v1.png|border|class=tlt-border]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
-Now go to '''Network → Interfaces''' and press '''Edit''' next to your newly created LAN interface:
 <ol>
-    <li></li>
-</ol>
+     <li>Select protocol '''Static address'''.</li>
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=395; style="border-bottom: 1px solid white;></th>
-        <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 2 v1.png|border|class=tlt-border]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
-In the '''General setup''' section, do the following:
-<ol>
-     <li>Select '''Protocol''' - Static. Confirm by clicking "SWITCH PROTOCOL".</li>
      <li>Enter a '''IPv4 address'''.</li>
      <li>Enter a '''IPv4 netmask'''.</li>
-     <li>Enable '''DHCP server'''.</li>
+     <li>'''Enable''' DHCP server.</li>
-     <li>Press '''Save&Apply'''.</li>
+     <li>Don't forget to '''Save&Apply''' the changes.</li>
 </ol>
          </td>
@@ Line 135: / Line 51: @@
 </table>
-===Firewall rules===
+===New Wireless===
-----
 <table class="nd-othertables_2">
@@ Line 142: / Line 57: @@
          <th width=395; style="border-bottom: 1px solid white;></th>
          <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration example openvpn bridge use case 15 v1.png|border|class=tlt-border]]</th>
+[[File:Networking rutx configuration examples guest wifi 4 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
          <td style="border-bottom: 1px solid white;>
-Navigate to '''Network → Firewall → General Settings'''. There create a new '''Zone''' rule by pressing '''Add''' button. Then you will be forwarded to the configuration window.
+Navigate to the '''Network → Wireless''' page and do the following:
 <ol>
-     <li></li>
+     <li>Click '''Add'''.</li>
+    <li>'''Enable''' instance.</li>
+    <li>Select mode '''Access Point'''.</li>
+    <li>Enter '''ESSID'''.</li>
+    <li>Assign it to new '''Guest''' LAN network.</li>
+    <li>Enter '''Wireless security''' key and '''Save&Apply''' changes.</li>
 </ol>
          </td>
@@ Line 159: / Line 79: @@
      <tr>
          <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutx configuration examples guest wifi 5 v1.png|border|class=tlt-border]]</th>
-[[File:Networking rutos configuration examples guest wifi 8 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
-         <td style="border-bottom: 1px solid white;>
+         <td style="border-bottom: 1px solid white>
-In the '''ZONE''' page, do the following:
+Wait for configuration to apply. Two Wireless Access Points should be enabled
 <ol>
-     <li>Enter a custom '''Name'''.</li>
+     <li></li>
-     <li>Add new created ''"Guest"'' LAN to '''Covered networks'''.</li>
+     <li></li>
-     <li>Select WAN interfaces for '''Allow forward to destination zones'''.</li>
+     <li></li>
-    <li>Select WAN interfaces for '''Allow forward from destination zones'''.</li>
-    <li>'''Save&Apply''' changes.</li>
      <li></li>
 </ol>
@@ Line 177: / Line 94: @@
 </table>
-----
+===Edit Firewall zone===
-<table class="nd-othertables_2">
-    <tr>
-        <th width=395; style="border-bottom: 1px solid white;></th>
-        <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 9 v1.png|border|class=tlt-border]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white;>
-In order to disable WebUI or SSH access to RUTX from Guest's_WiFi network navigate to the '''Network → Firewall → Traffic Rules''' page and do the following:
-<ol>
-    <li>Enter a custom '''Name'''.</li>
-    <li>Select ''"guest_zone"'' for '''Source zone'''.</li>
-    <li>Select ''"lan"'' for '''Destination zone'''.</li>
-    <li>Click the '''Add''' button. Then you will be forwarded to the configuration window.</li>
-</ol>
-        </td>
-    </tr>
-</table>
-----
 <table class="nd-othertables_2">
@@ Line 204: / Line 100: @@
          <th width=395; style="border-bottom: 1px solid white;></th>
          <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 10 v1.png|border|class=tlt-border]]</th>
+[[File:Networking rutx configuration examples guest wifi 6 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
          <td style="border-bottom: 1px solid white;>
-Do the following in the '''TRAFFIC RULES''' page:
+Navigate to the '''Network → Firewall → General Settings''' page and do the following
 <ol>
-     <li>'''Enable''' instance.</li>
+     <li>Click the '''Add''' button.</li>
-     <li>Change the '''Destination zone''' to ''"Device (input)"''.</li>
+     <li>Enter a custom '''name'''.</li>
-     <li>Enter the '''Destination port''' to reject. By default ports 22, 80, 443 are used to access the web user interface and SSH.</li>
+    <li>Add new created Guest LAN to '''Covered networks'''.</li>
-     <li>Change the '''Action''' to ''"Reject"''.</li>
+     <li>Select '''WAN''' interfaces for '''Allow forward to destination zones'''.</li>
+     <li>Select '''WAN''' interfaces for '''Allow forward from destination zones'''.</li>
      <li>'''Save&Apply''' changes.</li>
      <li></li>
@@ Line 222: / Line 119: @@
 ==Results==
-If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUTX_WiFi_2G" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.
------
-<table class="nd-othertables_2">
-    <tr>
-        <th width=525; style="border-bottom: 1px solid white;"></th>
-        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 14 v1.jpg|border|class=tlt-border|300px|center]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
 Wireless users connected to SSID: “'''RUTX_WIFI'''”, will be assign to “LAN”, and will get IP from main pool '''192.168.1.0/24'''.
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=525; style="border-bottom: 1px solid white;"></th>
-        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 13 v1.jpg|border|class=tlt-border|300px|center]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
-LAN users are able to access any data from pool 192.168.1.0/24. For example they can access Web UI.
-         <ol>
-            <li></li>
-            <li></li>
-            <li></li>
-            <li></li>
-        </ol>
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=525; style="border-bottom: 1px solid white;"></th>
-        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 12 v2.jpg|border|class=tlt-border|300px|center]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
 Wireless users connected to SSID: “'''GUEST'S_WIFI'''”, will be assign to LAN “Guest”, and will get IP from new pool '''10.10.10.0/24'''.
-        <ol>
-            <li></li>
-            <li></li>
-            <li></li>
-        </ol>
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
+Guest hosts are unable to access any data from pool 192.168.1.0/24.
-    <tr>
-        <th width=525; style="border-bottom: 1px solid white;"></th>
-        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 11 v1.jpg|border|class=tlt-border|300px|center]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
-Guest hosts are unable to access any data from pool 192.168.1.0/24. And access to RUTX Web UI or SSH is restricted.
-        <ol>
-            <li></li>
-            <li></li>
-            <li></li>
-        </ol>
-        </td>
-    </tr>
-</table>