Difference between revisions of "Template:Networking rutos configuration example guest wifi"
(34 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
==Introduction== | ==Introduction== | ||
− | Most of us are aware, that network security is | + | Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi. |
− | ==Configuring | + | ==Configuring router (RUTX)== |
Before you start configuring the router <b>turn on "Advanced WebUI" mode</b>. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI. | Before you start configuring the router <b>turn on "Advanced WebUI" mode</b>. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI. | ||
− | [[File: | + | [[File:Networking_rutx_manual_webui_basic_advanced_mode_v1.gif|border|class=tlt-border]] |
Line 15: | Line 15: | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 3 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td style="border-bottom: | + | <td style="border-bottom: 1px solid white> |
− | Login to the router's WebUI, navigate to the '''Network → Wireless | + | Login to the router's WebUI, navigate to the '''Network → Wireless''' page and do the following: |
+ | <ol> | ||
+ | <li>Click '''Add'''.</li> | ||
+ | <li></li> | ||
+ | <li></li> | ||
+ | <li></li> | ||
+ | </ol> | ||
</td> | </td> | ||
</tr> | </tr> | ||
Line 29: | Line 35: | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
+ | [[File:Networking rutos configuration examples guest wifi 4 v2.png|border|class=tlt-border]]</th> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 38: | Line 45: | ||
<li>'''Enable''' instance.</li> | <li>'''Enable''' instance.</li> | ||
<li>Select mode '''Access Point'''.</li> | <li>Select mode '''Access Point'''.</li> | ||
− | <li>Enter | + | <li>Enter '''ESSID'''.</li> |
− | |||
<li>Expand the drop-down menu '''Network'''.</li> | <li>Expand the drop-down menu '''Network'''.</li> | ||
− | <li> | + | <li>Uncheck the '''lan''' interface.</li> |
− | <li> | + | <li>Create a new interface, enter name '''Guest'''.</li> |
</ol> | </ol> | ||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
Line 51: | Line 56: | ||
---- | ---- | ||
− | |||
− | |||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
+ | [[File:Networking rutos configuration examples guest wifi 5 v1.png|border|class=tlt-border]]</th> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td style="border-bottom: 1px solid white> | + | <td style="border-bottom: 1px solid white;> |
− | + | Switch to '''Wireless Security''' tab and do the following: | |
<ol> | <ol> | ||
− | <li>Select ''' | + | <li>Select '''Encryption''' type.</li> |
− | <li> | + | <li>Select '''Cipher''' type.</li> |
− | <li>Enter | + | <li>Enter '''Key'''.</li> |
− | + | <li>'''Save&Apply''' changes.</li> | |
− | <li> | ||
− | |||
</ol> | </ol> | ||
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
+ | |||
---- | ---- | ||
+ | |||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 6 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | + | Wait for configuration to apply. Two Wireless Access Points should be enabled | |
<ol> | <ol> | ||
− | <li> | + | <li></li> |
− | <li> | + | <li></li> |
− | <li> | + | <li></li> |
+ | <li></li> | ||
</ol> | </ol> | ||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | === | + | |
+ | ===New LAN Interface=== | ||
---- | ---- | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 1 v2.png|border|class=tlt-border]]</th> |
− | [[File: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td style="border-bottom: 1px solid white | + | <td style="border-bottom: 1px solid white> |
− | Navigate to '''Network → | + | Navigate to the '''Network → Interfaces''' page and do the following: |
<ol> | <ol> | ||
− | <li></li> | + | <li>Find new interface called GUEST and click the '''Edit''' button.</li> |
+ | |||
</ol> | </ol> | ||
</td> | </td> | ||
Line 110: | Line 115: | ||
---- | ---- | ||
+ | |||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 2 v1.png|border|class=tlt-border]]</th> |
− | [[File: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td style="border-bottom: 1px solid white | + | <td style="border-bottom: 1px solid white> |
− | In the ''' | + | In the '''General setup''' section, do the following: |
<ol> | <ol> | ||
− | <li> | + | <li>Select '''Protocol''' - Static. Confirm by clicking "SWITCH PROTOCOL".</li> |
− | <li> | + | <li>Enter a '''IPv4 address'''.</li> |
+ | <li>Enter a '''IPv4 netmask'''.</li> | ||
+ | <li>Enable '''DHCP server'''.</li> | ||
+ | <li>Press '''Save&Apply'''.</li> | ||
</ol> | </ol> | ||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
+ | ===Edit Firewall=== | ||
---- | ---- | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration examples guest wifi 7 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white;> | <td style="border-bottom: 1px solid white;> | ||
− | + | Navigate to the '''Network → Firewall → General Settings''' page and do the following: | |
<ol> | <ol> | ||
− | + | <li>Click the '''Add''' button.</li> | |
− | |||
− | |||
− | |||
− | <li>Click the '''Add''' button | ||
</ol> | </ol> | ||
</td> | </td> | ||
Line 150: | Line 154: | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
---- | ---- | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration examples guest wifi 8 v1.png|border|class=tlt-border]]</th> |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 199: | Line 166: | ||
In the '''ZONE''' page, do the following: | In the '''ZONE''' page, do the following: | ||
<ol> | <ol> | ||
+ | <li>Enter a custom '''Name'''.</li> | ||
+ | <li>Add new created ''"Guest"'' LAN to '''Covered networks'''.</li> | ||
<li>Select WAN interfaces for '''Allow forward to destination zones'''.</li> | <li>Select WAN interfaces for '''Allow forward to destination zones'''.</li> | ||
+ | <li>Select WAN interfaces for '''Allow forward from destination zones'''.</li> | ||
+ | <li>'''Save&Apply''' changes.</li> | ||
+ | <li></li> | ||
</ol> | </ol> | ||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
Line 210: | Line 181: | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration examples guest wifi 9 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white;> | <td style="border-bottom: 1px solid white;> | ||
− | + | To disable Web UI or SSH access to RUTX from Guest's_WiFi network navigate to the '''Network → Firewall → Traffic Rules''' page and do the following: | |
<ol> | <ol> | ||
− | |||
<li>Enter a custom '''Name'''.</li> | <li>Enter a custom '''Name'''.</li> | ||
− | <li>Select ''" | + | <li>Select ''"guest_zone"'' for '''Source zone'''.</li> |
<li>Select ''"lan"'' for '''Destination zone'''.</li> | <li>Select ''"lan"'' for '''Destination zone'''.</li> | ||
− | <li>Click the '''Add''' button | + | <li>Click the '''Add''' button.</li> |
</ol> | </ol> | ||
</td> | </td> | ||
Line 229: | Line 199: | ||
---- | ---- | ||
+ | |||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration examples guest wifi 10 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white;> | <td style="border-bottom: 1px solid white;> | ||
− | + | In the '''TRAFFIC RULES''' page, do the following: | |
<ol> | <ol> | ||
− | <li> | + | <li>'''Enable''' instance.</li> |
<li>Change the '''Destination zone''' to ''"Device (input)"''.</li> | <li>Change the '''Destination zone''' to ''"Device (input)"''.</li> | ||
− | <li>Enter the '''Destination port''' to | + | <li>Enter the '''Destination port''' to reject. By default ports 22, 80, 443 are used to access the web user interface and SSH.</li> |
− | <li>Change the '''Action''' to ''" | + | <li>Change the '''Action''' to ''"Reject"''.</li> |
+ | <li>'''Save&Apply''' changes.</li> | ||
+ | <li></li> | ||
</ol> | </ol> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
+ | |||
==Results== | ==Results== | ||
− | If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - " | + | If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUT_WiFi" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Wireless users connected to SSID: “'''RUTX_WIFI'''”, will be assign to “LAN”, and will get IP from main pool '''192.168.1.0/24'''. | Wireless users connected to SSID: “'''RUTX_WIFI'''”, will be assign to “LAN”, and will get IP from main pool '''192.168.1.0/24'''. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Wireless users connected to SSID: “'''GUEST'S_WIFI'''”, will be assign to LAN “Guest”, and will get IP from new pool '''10.10.10.0/24'''. | Wireless users connected to SSID: “'''GUEST'S_WIFI'''”, will be assign to LAN “Guest”, and will get IP from new pool '''10.10.10.0/24'''. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Guest hosts are unable to access any data from pool 192.168.1.0/24. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | Guest hosts are unable to access any data from pool 192.168.1.0/24. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 17:36, 21 July 2020
Introduction
Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.
Configuring router (RUTX)
Before you start configuring the router turn on "Advanced WebUI" mode. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.
New WiFi AP
Login to the router's WebUI, navigate to the Network → Wireless page and do the following:
|
On General Setup tab do the following:
|
Switch to Wireless Security tab and do the following:
|
Wait for configuration to apply. Two Wireless Access Points should be enabled |
New LAN Interface
Navigate to the Network → Interfaces page and do the following:
|
In the General setup section, do the following:
|
Edit Firewall
Navigate to the Network → Firewall → General Settings page and do the following:
|
Results
If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUT_WiFi" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.
Wireless users connected to SSID: “RUTX_WIFI”, will be assign to “LAN”, and will get IP from main pool 192.168.1.0/24.
Wireless users connected to SSID: “GUEST'S_WIFI”, will be assign to LAN “Guest”, and will get IP from new pool 10.10.10.0/24.
Guest hosts are unable to access any data from pool 192.168.1.0/24.