Difference between revisions of "How to set up a guest WiFi network"
PauliusRug (talk | contribs) |
PauliusRug (talk | contribs) (Created page with "__TOC__ ==Introduction== Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home o...") |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | __TOC__ | |
+ | |||
==Introduction== | ==Introduction== | ||
Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi. | Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi. | ||
Line 14: | Line 15: | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 3 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td style="border-bottom: | + | <td style="border-bottom: 1px solid white> |
Login to the router's WebUI, navigate to the '''Network → Wireless''' page. Click '''Add'''. You can use either, 2.4GHz or 5GHz WiFi. Then you will be forwarded to the configuration window. | Login to the router's WebUI, navigate to the '''Network → Wireless''' page. Click '''Add'''. You can use either, 2.4GHz or 5GHz WiFi. Then you will be forwarded to the configuration window. | ||
+ | <ol> | ||
+ | <li></li> | ||
+ | <li></li> | ||
+ | <li></li> | ||
+ | <li></li> | ||
+ | </ol> | ||
</td> | </td> | ||
</tr> | </tr> | ||
Line 28: | Line 35: | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
+ | [[File:Networking rutos configuration examples guest wifi 4 v2.png|border|class=tlt-border]]</th> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 39: | Line 47: | ||
<li>Enter a custom '''ESSID'''.</li> | <li>Enter a custom '''ESSID'''.</li> | ||
<li>Expand the drop-down menu '''Network'''.</li> | <li>Expand the drop-down menu '''Network'''.</li> | ||
+ | <li>Uncheck the '''lan''' interface.</li> | ||
<li>Create a new interface, enter a custom name '''Guest'''.</li> | <li>Create a new interface, enter a custom name '''Guest'''.</li> | ||
</ol> | </ol> | ||
Line 49: | Line 58: | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration examples guest wifi 5 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 60: | Line 69: | ||
<li>Select '''Cipher''' type.</li> | <li>Select '''Cipher''' type.</li> | ||
<li>Enter '''Key'''.</li> | <li>Enter '''Key'''.</li> | ||
+ | <li>'''Save&Apply''' changes.</li> | ||
</ol> | </ol> | ||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
+ | ---- | ||
+ | |||
+ | <table class="nd-othertables_2"> | ||
+ | <tr> | ||
+ | <th width=395; style="border-bottom: 1px solid white;></th> | ||
+ | <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 6 v1.png|border|class=tlt-border]]</th> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="border-bottom: 1px solid white> | ||
+ | Wait for configuration to apply. Two Wireless Access Points should be enabled | ||
+ | <ol> | ||
+ | <li></li> | ||
+ | <li></li> | ||
+ | <li></li> | ||
+ | <li></li> | ||
+ | </ol> | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
===New LAN interface=== | ===New LAN interface=== | ||
---- | ---- | ||
+ | |||
+ | <table class="nd-othertables_2"> | ||
+ | <tr> | ||
+ | <th width=395; style="border-bottom: 1px solid white;></th> | ||
+ | <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration example openvpn bridge use case 12 v1.png|border|class=tlt-border]]</th> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td style="border-bottom: 1px solid white> | ||
+ | Now go to '''Network → Interfaces''' and press '''Edit''' next to your newly created LAN interface: | ||
+ | <ol> | ||
+ | <li></li> | ||
+ | |||
+ | </ol> | ||
+ | </td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | |||
+ | ---- | ||
+ | |||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 2 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="border-bottom: 1px solid white> | <td style="border-bottom: 1px solid white> | ||
− | + | In the '''General setup''' section, do the following: | |
<ol> | <ol> | ||
<li>Select '''Protocol''' - Static. Confirm by clicking "SWITCH PROTOCOL".</li> | <li>Select '''Protocol''' - Static. Confirm by clicking "SWITCH PROTOCOL".</li> | ||
Line 82: | Line 129: | ||
<li>Enter a '''IPv4 netmask'''.</li> | <li>Enter a '''IPv4 netmask'''.</li> | ||
<li>Enable '''DHCP server'''.</li> | <li>Enable '''DHCP server'''.</li> | ||
+ | <li>Press '''Save&Apply'''.</li> | ||
</ol> | </ol> | ||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
Line 93: | Line 140: | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration example openvpn bridge use case 15 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 108: | Line 155: | ||
---- | ---- | ||
+ | |||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration examples guest wifi 8 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 122: | Line 170: | ||
<li>Select WAN interfaces for '''Allow forward to destination zones'''.</li> | <li>Select WAN interfaces for '''Allow forward to destination zones'''.</li> | ||
<li>Select WAN interfaces for '''Allow forward from destination zones'''.</li> | <li>Select WAN interfaces for '''Allow forward from destination zones'''.</li> | ||
+ | <li>'''Save&Apply''' changes.</li> | ||
+ | <li></li> | ||
</ol> | </ol> | ||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
Line 132: | Line 181: | ||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration examples guest wifi 9 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 140: | Line 189: | ||
In order to disable WebUI or SSH access to the router from Guest's_WiFi network navigate to the '''Network → Firewall → Traffic Rules''' page and do the following: | In order to disable WebUI or SSH access to the router from Guest's_WiFi network navigate to the '''Network → Firewall → Traffic Rules''' page and do the following: | ||
<ol> | <ol> | ||
− | |||
<li>Enter a custom '''Name'''.</li> | <li>Enter a custom '''Name'''.</li> | ||
<li>Select ''"guest_zone"'' for '''Source zone'''.</li> | <li>Select ''"guest_zone"'' for '''Source zone'''.</li> | ||
Line 151: | Line 199: | ||
---- | ---- | ||
+ | |||
<table class="nd-othertables_2"> | <table class="nd-othertables_2"> | ||
<tr> | <tr> | ||
− | <th width= | + | <th width=395; style="border-bottom: 1px solid white;></th> |
− | <th width= | + | <th width=700; style="border-bottom: 1px solid white;" rowspan=2> |
− | [[File: | + | [[File:Networking rutos configuration examples guest wifi 10 v1.png|border|class=tlt-border]]</th> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 165: | Line 214: | ||
<li>Enter the '''Destination port''' to reject. By default ports 22, 80, 443 are used to access the web user interface and SSH.</li> | <li>Enter the '''Destination port''' to reject. By default ports 22, 80, 443 are used to access the web user interface and SSH.</li> | ||
<li>Change the '''Action''' to ''"Reject"''.</li> | <li>Change the '''Action''' to ''"Reject"''.</li> | ||
+ | <li>'''Save&Apply''' changes.</li> | ||
+ | <li></li> | ||
</ol> | </ol> | ||
− | |||
</td> | </td> | ||
</tr> | </tr> | ||
Line 249: | Line 299: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− |
Revision as of 13:36, 20 October 2022
Main Page > General Information > Configuration Examples > Use cases > How to set up a guest WiFi networkIntroduction
Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.
Configuring the router
Before you start configuring the router turn on "Advanced WebUI" mode. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.
New WiFi AP
![]() |
|
---|---|
Login to the router's WebUI, navigate to the Network → Wireless page. Click Add. You can use either, 2.4GHz or 5GHz WiFi. Then you will be forwarded to the configuration window. |
![]() |
|
---|---|
Switch to Wireless Security tab and do the following:
|
![]() |
|
---|---|
Wait for configuration to apply. Two Wireless Access Points should be enabled |
New LAN interface
![]() |
|
---|---|
Now go to Network → Interfaces and press Edit next to your newly created LAN interface: |
![]() |
|
---|---|
In the General setup section, do the following:
|
Firewall rules
![]() |
|
---|---|
Navigate to Network → Firewall → General Settings. There create a new Zone rule by pressing Add button. Then you will be forwarded to the configuration window. |
Results
If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUTX_WiFi_2G" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.
Wireless users connected to SSID: “RUTX_WIFI”, will be assign to “LAN”, and will get IP from main pool 192.168.1.0/24. |
LAN users are able to access any data from pool 192.168.1.0/24. For example they can access Web UI. |
Wireless users connected to SSID: “GUEST'S_WIFI”, will be assign to LAN “Guest”, and will get IP from new pool 10.10.10.0/24. |
Guest hosts are unable to access any data from pool 192.168.1.0/24. And access to the routers Web UI or SSH is restricted. |