Template:Networking rutos configuration example guest wifi

From Teltonika Networks Wiki

Introduction

Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.


If you're having trouble finding some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.

New LAN

File:Networking rutx configuration examples guest wifi 2 v1.png

Login to the router's WebUI, switch to ADVANCED mode and navigate to the Network → INTERFACES page and do the following:

  1. Enter a custom name.
  2. Click the Add button.
  3. Select protocol Static address.
  4. Enter a IPv4 address.
  5. Enter a IPv4 netmask.
  6. Enable DHCP server.
  7. Don't forget to Save&Apply the changes.

New Wireless

File:Networking rutx configuration examples guest wifi 4 v1.png

Navigate to the Network → Wireless page and do the following:

  1. Click Add.
  2. Enable instance.
  3. Select mode Access Point.
  4. Enter ESSID.
  5. Assign it to new Guest LAN network.
  6. Enter Wireless security key and Save&Apply changes.

File:Networking rutx configuration examples guest wifi 5 v1.png

Wait for configuration to apply. Two Wireless Access Points should be enabled

Edit Firewall zone

File:Networking rutx configuration examples guest wifi 6 v1.png

Navigate to the Network → Firewall → General Settings page and do the following

  1. Click the Add button.
  2. Enter a custom name.
  3. Add new created Guest LAN to Covered networks.
  4. Select WAN interfaces for Allow forward to destination zones.
  5. Select WAN interfaces for Allow forward from destination zones.
  6. Save&Apply changes.

Results

Wireless users connected to SSID: “RUTX_WIFI”, will be assign to “LAN”, and will get IP from main pool 192.168.1.0/24.

Wireless users connected to SSID: “GUEST'S_WIFI”, will be assign to LAN “Guest”, and will get IP from new pool 10.10.10.0/24.

Guest hosts are unable to access any data from pool 192.168.1.0/24.