Difference between revisions of "Template:Networking rutos configuration example guest wifi"

Revision as of 15:29, 15 July 2020

Introduction

Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.

Configuring router (RUTX)

Before you start configuring the router turn on "Advanced WebUI" mode. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.

New Wireless

Networking rutos configuration examples guest wifi 3 v1.png

Login to the router's WebUI, navigate to the Network → Wireless page and do the following:

Click Add.

Networking rutos configuration examples guest wifi 4 v2.png

On General Setup tab do the following:

Enable instance.
Select mode Access Point.
Enter ESSID.
Expand the drop-down menu Network.
Uncheck the lan interface.
Create a new interface, enter name Guest.

Networking rutos configuration examples guest wifi 5 v1.png

Switch to Wireless Security tab and do the following:

Select Encryption type.
Select Cipher type.
Enter Key.
Save&Apply changes.

Networking rutos configuration examples guest wifi 6 v1.png

Wait for configuration to apply. Two Wireless Access Points should be enabled

New LAN

Networking rutos configuration examples guest wifi 1 v2.png

Navigate to the Network → Interfaces page and do the following:

Find new interface called GUEST and click the Edit button.

Networking rutos configuration examples guest wifi 2 v1.png

In the General setup section, do the following:

Select Protocol - Static. Confirm by clicking "SWITCH PROTOCOL".
Enter a IPv4 address.
Enter a IPv4 netmask.
Enable DHCP server.
Press Save&Apply.

Edit Firewall

Networking rutos configuration examples guest wifi 7 v1.png

Navigate to the Network → Firewall → General Settings page and do the following

Click the Add button.

Networking rutos configuration examples guest wifi 8 v1.png

In the ZONE page, do the following:

Enter a custom name.
Add new created Guest LAN to Covered networks.
Select WAN interfaces for Allow forward to destination zones.
Select WAN interfaces for Allow forward from destination zones.
Save&Apply changes.

Networking rutos configuration examples guest wifi 9 v1.png

Navigate to the Network → Firewall → Traffic Rules page and do the following

Enter Name.
Select guest for source zone.
Select lan for destination zone.
Click the Add button.

Networking rutos configuration examples guest wifi 10 v1.png

In the TRAFFIC RULES page, do the following:

Enter a custom name.
Add new created Guest LAN to Covered networks.
Select WAN interfaces for Allow forward to destination zones.
Select WAN interfaces for Allow forward from destination zones.
Save&Apply changes.

Results

If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUT_WiFi" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.

Wireless users connected to SSID: “RUTX_WIFI”, will be assign to “LAN”, and will get IP from main pool 192.168.1.0/24.

Wireless users connected to SSID: “GUEST'S_WIFI”, will be assign to LAN “Guest”, and will get IP from new pool 10.10.10.0/24.

Guest hosts are unable to access any data from pool 192.168.1.0/24.

Namespaces

Variants

Views

More

Search

Difference between revisions of "Template:Networking rutos configuration example guest wifi"

Revision as of 15:29, 15 July 2020

Contents

Introduction

Configuring router (RUTX)

New Wireless

New LAN

Edit Firewall

Results

Navigation menu

Personal tools

NAVIGATION

Tools

Categories

@@ Line 2: / Line 2: @@
 ==Introduction==
-Most of us are aware, that network security is critical. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest's WiFi.
+Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.
-==Configuring the router==
+==Configuring router (RUTX)==
 Before you start configuring the router <b>turn on "Advanced WebUI" mode</b>. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.
-[[File:Networking_rutos_manual_webui_basic_advanced_mode_75.gif|border|center|class=tlt-border|1102x93px]]
+[[File:Networking_rutx_manual_webui_basic_advanced_mode_v1.gif|border|class=tlt-border]]
-===New WiFi AP===
+===New Wireless===
 ----
 <table class="nd-othertables_2">
      <tr>
-         <th width=270; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=950; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_Guest_Wifi_7.8_Guest_wifi_add.png|border|class=tlt-border|800x176px|right]]</th>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 3 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
-         <td style="border-bottom: 4px solid white>
+         <td style="border-bottom: 1px solid white>
-Login to the router's WebUI, navigate to the '''Network → Wireless → SSIDs''' page. Click '''Add'''. Then you will be forwarded to the configuration window.
+Login to the router's WebUI, navigate to the '''Network → Wireless''' page and do the following:
+<ol>
+    <li>Click '''Add'''.</li>
+    <li></li>
+    <li></li>
+    <li></li>
+</ol>
          </td>
      </tr>
@@ Line 29: / Line 35: @@
 <table class="nd-othertables_2">
      <tr>
-         <th width=220; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=950; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_Guest_Wifi_7.8_Guest_wifi_Interface_new.png|border|class=tlt-border|866x407px|right]]</th>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
+[[File:Networking rutos configuration examples guest wifi 4 v2.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
@@ Line 38: / Line 45: @@
      <li>'''Enable''' instance.</li>
      <li>Select mode '''Access Point'''.</li>
-     <li>Enter a custom '''SSID'''.</li>
+     <li>Enter '''ESSID'''.</li>
-    <li>Enter a custom '''Password'''.</li>
      <li>Expand the drop-down menu '''Network'''.</li>
-     <li>Create a new interface, by clicking '''Add'''</li>
+     <li>Uncheck the '''lan''' interface.</li>
-     <li>Enter a custom name '''GuestLan'''.</li>
+     <li>Create a new interface, enter name '''Guest'''.</li>
 </ol>
-Once done, '''Save & Apply changes'''.
          </td>
      </tr>
@@ Line 51: / Line 56: @@
 ----
-===New LAN interface===
-----
 <table class="nd-othertables_2">
      <tr>
-         <th width=220; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=970; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_Guest_Wifi_7.8_Lan_interface_new.png|border|class=tlt-border|843x633px|right]]</th>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
+[[File:Networking rutos configuration examples guest wifi 5 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
-         <td style="border-bottom: 1px solid white>
+         <td style="border-bottom: 1px solid white;>
-Once you have saved the Wireless interface, a new window should pop-up. Configure it as following:
+Switch to '''Wireless Security''' tab and do the following:
 <ol>
-     <li>Select '''Protocol''' - Static.</li>
+     <li>Select '''Encryption''' type.</li>
-     <li>Enter a '''IPv4 address'''.</li>
+     <li>Select '''Cipher''' type.</li>
-     <li>Enter a '''IPv4 netmask'''.</li>
+     <li>Enter '''Key'''.</li>
-    <li>Enable '''DHCPv4'''.</li>
+     <li>'''Save&Apply''' changes.</li>
-     <li>Enable '''DHCPv6'''.</li>
 </ol>
          </td>
      </tr>
 </table>
 ----
 <table class="nd-othertables_2">
      <tr>
-         <th width=220; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=970; style="border-bottom: 1px solid white;" rowspan=2>[[File:RutOS_Guest_Wifi_7.8_Lan_interface_new_firewall.png|border|class=tlt-border|843x633px|right]]</th>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 6 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
          <td style="border-bottom: 1px solid white>
-Then move to Firewall Settings section:
+Wait for configuration to apply. Two Wireless Access Points should be enabled
 <ol>
-     <li>Expand '''Create / Assign firewall-zone''' menu.</li>
+     <li></li>
-     <li>Add a new zone by clicking '''Add''' button</li>
+    <li></li>
-     <li>Add a new '''Guest zone''' zone.</li>
+     <li></li>
+     <li></li>
 </ol>
-'''Save & Apply changes''' when done.
          </td>
      </tr>
 </table>
-===Firewall rules===
+===New LAN===
 ----
 <table class="nd-othertables_2">
      <tr>
-         <th width=270; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=950; style="border-bottom: 1px solid white;" rowspan=2>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 1 v2.png|border|class=tlt-border]]</th>
-[[File:RutOS_Guest_Wifi_7.8_firewall_zone_edit_button.png|border|class=tlt-border|785x261px|right]]</th>
      </tr>
      <tr>
-         <td style="border-bottom: 1px solid white;>
+         <td style="border-bottom: 1px solid white>
-Navigate to '''Network → Firewall → General Settings'''. There edit a new '''Zone''' rule that we added in LAN interface configuration, by pressing '''Edit''' button. Then you will be forwarded to the configuration window.
+Navigate to the '''Network → Interfaces''' page and do the following:
 <ol>
-     <li></li>
+     <li>Find new interface called GUEST and click the '''Edit''' button.</li>
 </ol>
          </td>
@@ Line 110: / Line 115: @@
 ----
 <table class="nd-othertables_2">
      <tr>
-         <th width=220; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=970; style="border-bottom: 1px solid white;" rowspan=2>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 2 v1.png|border|class=tlt-border]]</th>
-[[File:RutOS_Guest_Wifi_7.8_Lan_interface_zone_config.png|border|class=tlt-border|849x578px|right]]</th>
      </tr>
      <tr>
-         <td style="border-bottom: 1px solid white;>
+         <td style="border-bottom: 1px solid white>
-In the '''ZONE''' page, do the following:
+In the '''General setup''' section, do the following:
 <ol>
-     <li>Change Input to '''Accept'''.</li>
+     <li>Select '''Protocol''' - Static. Confirm by clicking "SWITCH PROTOCOL".</li>
-     <li>Select WAN interfaces for '''Allow forward to destination zones'''.</li>
+    <li>Enter a '''IPv4 address'''.</li>
+     <li>Enter a '''IPv4 netmask'''.</li>
+    <li>Enable '''DHCP server'''.</li>
+    <li>Press '''Save&Apply'''.</li>
 </ol>
-When done, '''Save & Apply changes'''
          </td>
      </tr>
 </table>
+===Edit Firewall===
 ----
 <table class="nd-othertables_2">
      <tr>
-         <th width=250; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=970; style="border-bottom: 1px solid white;" rowspan=2>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:RutOS_Guest_Wifi_7.8_firewall_traffic_rule_add.png|border|class=tlt-border|787x116px|right]]</th>
+[[File:Networking rutos configuration examples guest wifi 7 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
          <td style="border-bottom: 1px solid white;>
-In order to disable WebUI or SSH access to the router from Guest's_WiFi network navigate to the '''Network → Firewall → Traffic Rules''' page and do the following:
+Navigate to the '''Network → Firewall → General Settings''' page and do the following
 <ol>
-    <li>Select '''Add new forward rule'''.</li>
+     <li>Click the '''Add''' button.</li>
-    <li>Enter a custom '''Name'''.</li>
-    <li>Select ''"Guest_zone"'' for '''Source zone'''.</li>
-    <li>Select ''"lan"'' for '''Destination zone'''.</li>
-     <li>Click the '''Add''' button. Then you will be forwarded to the configuration window.</li>
 </ol>
          </td>
@@ Line 150: / Line 154: @@
 </table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=250; style="border-bottom: 1px solid white;></th>
-        <th width=970; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:RutOS_Guest_Wifi_7.8_firewall_traffic_rule_config.png|border|class=tlt-border|848x625px|right]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white;>
-Do the following in the '''TRAFFIC RULES''' page:
-<ol>
-    <li>Choose Protocols from drop down menu '''UDP TCP'''.</li>
-    <li>Change the '''Destination zone''' to ''"Device (input)"''.</li>
-    <li>Enter the '''Destination port''' to reject. By default ports 22, 80, 443 are used to access the web user interface and SSH.</li>
-    <li>Change the '''Action''' to ''"Drop"''.</li>
-</ol>
-'''Save & Apply''' changes.
-        </td>
-    </tr>
-</table>
-===Alternative Firewall rules===
 ----
 <table class="nd-othertables_2">
      <tr>
-         <th width=270; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=950; style="border-bottom: 1px solid white;" rowspan=2>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:RutOS_Guest_Wifi_7.8_firewall_zone_edit_button.png|border|class=tlt-border|785x261px|right]]</th>
+[[File:Networking rutos configuration examples guest wifi 8 v1.png|border|class=tlt-border]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white;>
-If you wish to block all the device ports and only allow the user to access internet, then we will need to configure firewall rules alternatively. Navigate to '''Network → Firewall → General Settings'''. There edit a new '''Zone''' rule that we added in LAN interface configuration, by pressing '''Edit''' button. Then you will be forwarded to the configuration window.
-<ol>
-    <li></li>
-</ol>
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=220; style="border-bottom: 1px solid white;></th>
-        <th width=970; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:RutOS_Guest_Wifi_7.8_Lan_interface_zone_config_option_2.png|border|class=tlt-border|849x578px|right]]</th>
      </tr>
      <tr>
@@ Line 199: / Line 166: @@
 In the '''ZONE''' page, do the following:
 <ol>
+    <li>Enter a custom '''name'''.</li>
+    <li>Add new created Guest LAN to '''Covered networks'''.</li>
      <li>Select WAN interfaces for '''Allow forward to destination zones'''.</li>
+    <li>Select WAN interfaces for '''Allow forward from destination zones'''.</li>
+    <li>'''Save&Apply''' changes.</li>
+    <li></li>
 </ol>
-When done, '''Save & Apply changes'''
          </td>
      </tr>
@@ Line 210: / Line 181: @@
 <table class="nd-othertables_2">
      <tr>
-         <th width=250; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=970; style="border-bottom: 1px solid white;" rowspan=2>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:RutOS_Guest_Wifi_7.8_firewall_traffic_rule_add.png|border|class=tlt-border|787x116px|right]]</th>
+[[File:Networking rutos configuration examples guest wifi 9 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
          <td style="border-bottom: 1px solid white;>
-In order to disable most of the devices access to the router from Guest's_WiFi network navigate to the '''Network → Firewall → Traffic Rules''' page and do the following:
+Navigate to the '''Network → Firewall → Traffic Rules''' page and do the following
 <ol>
-    <li>Select '''Add new forward rule'''.</li>
+     <li>Enter '''Name'''.</li>
-     <li>Enter a custom '''Name'''.</li>
+     <li>Select '''guest''' for source zone.</li>
-     <li>Select ''"Guest_zone"'' for '''Source zone'''.</li>
+     <li>Select '''lan''' for destination zone.</li>
-     <li>Select ''"lan"'' for '''Destination zone'''.</li>
+     <li>Click the '''Add''' button.</li>
-     <li>Click the '''Add''' button. Then you will be forwarded to the configuration window.</li>
 </ol>
          </td>
@@ Line 229: / Line 199: @@
 ----
 <table class="nd-othertables_2">
      <tr>
-         <th width=250; style="border-bottom: 1px solid white;></th>
+         <th width=395; style="border-bottom: 1px solid white;></th>
-         <th width=970; style="border-bottom: 1px solid white;" rowspan=2>
+         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:RutOS_Guest_Wifi_7.8_firewall_traffic_rule_config_option_2.png|border|class=tlt-border|848x625px|right]]</th>
+[[File:Networking rutos configuration examples guest wifi 10 v1.png|border|class=tlt-border]]</th>
      </tr>
      <tr>
          <td style="border-bottom: 1px solid white;>
-Do the following in the '''TRAFFIC RULES''' page:
+In the '''TRAFFIC RULES''' page, do the following:
 <ol>
-     <li>Choose Protocols from drop down menu '''UDP TCP'''.</li>
+     <li>Enter a custom '''name'''.</li>
-     <li>Change the '''Destination zone''' to ''"Device (input)"''.</li>
+     <li>Add new created Guest LAN to '''Covered networks'''.</li>
-     <li>Enter the '''Destination port''' to Accept. We will need to accept ports 67 68 in order for DHCP to work and 53 for routers DNS.</li>
+    <li>Select WAN interfaces for '''Allow forward to destination zones'''.</li>
-     <li>Change the '''Action''' to ''"Accept"''.</li>
+     <li>Select WAN interfaces for '''Allow forward from destination zones'''.</li>
+     <li>'''Save&Apply''' changes.</li>
+    <li></li>
 </ol>
-'''Save & Apply''' changes.
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=250; style="border-bottom: 1px solid white;></th>
-        <th width=970; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Traffic_rule_move_up.gif|border|class=tlt-border|800x325px|right]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white;>
-Then we will need to move up the traffic rule to the top, in order to be able to use these settings:
          </td>
      </tr>
 </table>
 ==Results==
-If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUTX_WiFi_2G" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.
+If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUT_WiFi" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.
------
-<table class="nd-othertables_2">
-    <tr>
-        <th width=525; style="border-bottom: 1px solid white;"></th>
-        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 14 v1.jpg|border|class=tlt-border|300px|center]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
 Wireless users connected to SSID: “'''RUTX_WIFI'''”, will be assign to “LAN”, and will get IP from main pool '''192.168.1.0/24'''.
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=525; style="border-bottom: 1px solid white;"></th>
-        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 13 v1.jpg|border|class=tlt-border|300px|center]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
-LAN users are able to access any data from pool 192.168.1.0/24. For example they can access Web UI.
-         <ol>
-            <li></li>
-            <li></li>
-            <li></li>
-            <li></li>
-        </ol>
-        </td>
-    </tr>
-</table>
-----
-<table class="nd-othertables_2">
-    <tr>
-        <th width=525; style="border-bottom: 1px solid white;"></th>
-        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 12 v2.jpg|border|class=tlt-border|300px|center]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
 Wireless users connected to SSID: “'''GUEST'S_WIFI'''”, will be assign to LAN “Guest”, and will get IP from new pool '''10.10.10.0/24'''.
-        <ol>
-            <li></li>
-            <li></li>
-            <li></li>
-        </ol>
-        </td>
-    </tr>
-</table>
-----
+Guest hosts are unable to access any data from pool 192.168.1.0/24.
-<table class="nd-othertables_2">
-    <tr>
-        <th width=525; style="border-bottom: 1px solid white;"></th>
-        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
-[[File:Networking rutos configuration examples guest wifi 11 v1.jpg|border|class=tlt-border|300px|center]]</th>
-    </tr>
-    <tr>
-        <td style="border-bottom: 1px solid white>
-Guest hosts are unable to access any data from pool 192.168.1.0/24. And access to the routers Web UI or SSH is restricted.
-        <ol>
-            <li></li>
-            <li></li>
-            <li></li>
-        </ol>
-        </td>
-    </tr>
-</table>