Difference between revisions of "Template:Networking rutos configuration example guest wifi"

From Teltonika Networks Wiki
 
(44 intermediate revisions by 2 users not shown)
Line 10: Line 10:
  
  
===New Wireless===
+
===New WiFi AP===
 
----
 
----
  
Line 20: Line 20:
 
     <tr>
 
     <tr>
 
         <td style="border-bottom: 1px solid white>
 
         <td style="border-bottom: 1px solid white>
Login to the router's WebUI, navigate to the '''Network → Wireless''' page and do the following:
+
Login to the router's WebUI, navigate to the '''Network → Wireless''' page. Click '''Add'''. You can use either, 2.4GHz or 5GHz WiFi. Then you will be forwarded to the configuration window.
 
<ol>
 
<ol>
     <li>Click '''Add'''.</li>
+
     <li></li>
 
     <li></li>
 
     <li></li>
 
     <li></li>
 
     <li></li>
Line 45: Line 45:
 
     <li>'''Enable''' instance.</li>
 
     <li>'''Enable''' instance.</li>
 
     <li>Select mode '''Access Point'''.</li>
 
     <li>Select mode '''Access Point'''.</li>
     <li>Enter '''ESSID'''.</li>
+
     <li>Enter a custom '''ESSID'''.</li>
 
     <li>Expand the drop-down menu '''Network'''.</li>
 
     <li>Expand the drop-down menu '''Network'''.</li>
 
     <li>Uncheck the '''lan''' interface.</li>
 
     <li>Uncheck the '''lan''' interface.</li>
     <li>Create a new interface, enter name '''Guest'''.</li>
+
     <li>Create a new interface, enter a custom name '''Guest'''.</li>
 
</ol>
 
</ol>
 
         </td>
 
         </td>
Line 95: Line 95:
 
</table>
 
</table>
  
===New LAN===
+
===New LAN interface===
 
----
 
----
  
Line 101: Line 101:
 
     <tr>
 
     <tr>
 
         <th width=395; style="border-bottom: 1px solid white;></th>
 
         <th width=395; style="border-bottom: 1px solid white;></th>
         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration examples guest wifi 1 v2.png|border|class=tlt-border]]</th>
+
         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking rutos configuration example openvpn bridge use case 12 v1.png|border|class=tlt-border]]</th>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
 
         <td style="border-bottom: 1px solid white>
 
         <td style="border-bottom: 1px solid white>
Navigate to the '''Network → Interfaces''' page and do the following:
+
Now go to '''Network → Interfaces''' and press '''Edit''' next to your newly created LAN interface:  
 
<ol>
 
<ol>
     <li>Find new interface called GUEST and click the '''Edit''' button.</li>
+
     <li></li>
  
 
</ol>
 
</ol>
Line 135: Line 135:
 
</table>
 
</table>
  
===Edit Firewall===
+
===Firewall rules===
 
----
 
----
  
Line 142: Line 142:
 
         <th width=395; style="border-bottom: 1px solid white;></th>
 
         <th width=395; style="border-bottom: 1px solid white;></th>
 
         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>  
 
         <th width=700; style="border-bottom: 1px solid white;" rowspan=2>  
[[File:Networking rutos configuration examples guest wifi 7 v1.png|border|class=tlt-border]]</th>
+
[[File:Networking rutos configuration example openvpn bridge use case 15 v1.png|border|class=tlt-border]]</th>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
 
         <td style="border-bottom: 1px solid white;>
 
         <td style="border-bottom: 1px solid white;>
Navigate to the '''Network → Firewall → General Settings''' page and do the following
+
Navigate to '''Network → Firewall → General Settings'''. There create a new '''Zone''' rule by pressing '''Add''' button. Then you will be forwarded to the configuration window.
 
<ol>
 
<ol>
     <li>Click the '''Add''' button.</li>
+
     <li></li>
 
</ol>
 
</ol>
 
         </td>
 
         </td>
Line 166: Line 166:
 
In the '''ZONE''' page, do the following:
 
In the '''ZONE''' page, do the following:
 
<ol>
 
<ol>
     <li>Enter a custom '''name'''.</li>
+
     <li>Enter a custom '''Name'''.</li>
     <li>Add new created Guest LAN to '''Covered networks'''.</li>
+
     <li>Add new created ''"Guest"'' LAN to '''Covered networks'''.</li>
 
     <li>Select WAN interfaces for '''Allow forward to destination zones'''.</li>
 
     <li>Select WAN interfaces for '''Allow forward to destination zones'''.</li>
 
     <li>Select WAN interfaces for '''Allow forward from destination zones'''.</li>
 
     <li>Select WAN interfaces for '''Allow forward from destination zones'''.</li>
Line 187: Line 187:
 
     <tr>
 
     <tr>
 
         <td style="border-bottom: 1px solid white;>
 
         <td style="border-bottom: 1px solid white;>
Navigate to the '''Network → Firewall → Traffic Rules''' page and do the following
+
In order to disable WebUI or SSH access to RUTX from Guest's_WiFi network navigate to the '''Network → Firewall → Traffic Rules''' page and do the following:
 
<ol>
 
<ol>
 
     <li>Enter a custom '''Name'''.</li>
 
     <li>Enter a custom '''Name'''.</li>
     <li>Select '''guest''' for source zone.</li>
+
     <li>Select ''"guest_zone"'' for '''Source zone'''.</li>
     <li>Select '''lan''' for destination zone.</li>
+
     <li>Select ''"lan"'' for '''Destination zone'''.</li>
     <li>Click the '''Add''' button.</li>
+
     <li>Click the '''Add''' button. Then you will be forwarded to the configuration window.</li>
 
</ol>
 
</ol>
 
         </td>
 
         </td>
Line 208: Line 208:
 
     <tr>
 
     <tr>
 
         <td style="border-bottom: 1px solid white;>
 
         <td style="border-bottom: 1px solid white;>
In the '''TRAFFIC RULES''' page, do the following:
+
Do the following in the '''TRAFFIC RULES''' page:
 
<ol>
 
<ol>
 
     <li>'''Enable''' instance.</li>
 
     <li>'''Enable''' instance.</li>
     <li>Select '''Any''' protocol.</li>
+
     <li>Change the '''Destination zone''' to ''"Device (input)"''.</li>
     <li>Select source zone '''guest_zone'''.</li>
+
     <li>Enter the '''Destination port''' to reject. By default ports 22, 80, 443 are used to access the web user interface and SSH.</li>
     <li>Select destination zone '''Device (input)'''.</li>
+
     <li>Change the '''Action''' to ''"Reject"''.</li>
    <li>Select action '''Reject'''.</li>
 
 
     <li>'''Save&Apply''' changes.</li>
 
     <li>'''Save&Apply''' changes.</li>
 
     <li></li>
 
     <li></li>
Line 223: Line 222:
  
 
==Results==
 
==Results==
If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUT_WiFi" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.
+
If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUTX_WiFi_2G" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.
  
 +
-----
 +
 +
<table class="nd-othertables_2">
 +
    <tr>
 +
        <th width=525; style="border-bottom: 1px solid white;"></th>
 +
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
 +
[[File:Networking rutos configuration examples guest wifi 14 v1.jpg|border|class=tlt-border|300px|center]]</th>
 +
    </tr>
 +
    <tr>
 +
        <td style="border-bottom: 1px solid white>
 
Wireless users connected to SSID: “'''RUTX_WIFI'''”, will be assign to “LAN”, and will get IP from main pool '''192.168.1.0/24'''.
 
Wireless users connected to SSID: “'''RUTX_WIFI'''”, will be assign to “LAN”, and will get IP from main pool '''192.168.1.0/24'''.
 +
        </td>
 +
    </tr>
 +
</table>
 +
 +
----
 +
 +
<table class="nd-othertables_2">
 +
    <tr>
 +
        <th width=525; style="border-bottom: 1px solid white;"></th>
 +
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
 +
[[File:Networking rutos configuration examples guest wifi 13 v1.jpg|border|class=tlt-border|300px|center]]</th>
 +
    </tr>
 +
    <tr>
 +
        <td style="border-bottom: 1px solid white>
 +
LAN users are able to access any data from pool 192.168.1.0/24. For example they can access Web UI.
 +
        <ol>
 +
            <li></li>
 +
            <li></li>
 +
            <li></li>
 +
            <li></li>
 +
        </ol>
 +
        </td>
 +
    </tr>
 +
</table>
 +
 +
----
  
 +
<table class="nd-othertables_2">
 +
    <tr>
 +
        <th width=525; style="border-bottom: 1px solid white;"></th>
 +
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
 +
[[File:Networking rutos configuration examples guest wifi 12 v2.jpg|border|class=tlt-border|300px|center]]</th>
 +
    </tr>
 +
    <tr>
 +
        <td style="border-bottom: 1px solid white>
 
Wireless users connected to SSID: “'''GUEST'S_WIFI'''”, will be assign to LAN “Guest”, and will get IP from new pool '''10.10.10.0/24'''.
 
Wireless users connected to SSID: “'''GUEST'S_WIFI'''”, will be assign to LAN “Guest”, and will get IP from new pool '''10.10.10.0/24'''.
 +
        <ol>
 +
            <li></li>
 +
            <li></li>
 +
            <li></li>
 +
        </ol>
 +
        </td>
 +
    </tr>
 +
</table>
 +
 +
----
  
Guest hosts are unable to access any data from pool 192.168.1.0/24.
+
<table class="nd-othertables_2">
 +
    <tr>
 +
        <th width=525; style="border-bottom: 1px solid white;"></th>
 +
        <th width=620; style="border-bottom: 1px solid white;" rowspan=2>
 +
[[File:Networking rutos configuration examples guest wifi 11 v1.jpg|border|class=tlt-border|300px|center]]</th>
 +
    </tr>
 +
    <tr>
 +
        <td style="border-bottom: 1px solid white>
 +
Guest hosts are unable to access any data from pool 192.168.1.0/24. And access to RUTX Web UI or SSH is restricted.
 +
        <ol>
 +
            <li></li>
 +
            <li></li>
 +
            <li></li>
 +
        </ol>
 +
        </td>
 +
    </tr>
 +
</table>

Latest revision as of 11:50, 22 July 2020

Introduction

Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.

Configuring router (RUTX)

Before you start configuring the router turn on "Advanced WebUI" mode. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.

Networking rutx manual webui basic advanced mode.gif


New WiFi AP


Networking rutos configuration examples guest wifi 3 v1.png

Login to the router's WebUI, navigate to the Network → Wireless page. Click Add. You can use either, 2.4GHz or 5GHz WiFi. Then you will be forwarded to the configuration window.


Networking rutos configuration examples guest wifi 4 v2.png

On General Setup tab do the following:

  1. Enable instance.
  2. Select mode Access Point.
  3. Enter a custom ESSID.
  4. Expand the drop-down menu Network.
  5. Uncheck the lan interface.
  6. Create a new interface, enter a custom name Guest.

Networking rutos configuration examples guest wifi 5 v1.png

Switch to Wireless Security tab and do the following:

  1. Select Encryption type.
  2. Select Cipher type.
  3. Enter Key.
  4. Save&Apply changes.

Networking rutos configuration examples guest wifi 6 v1.png

Wait for configuration to apply. Two Wireless Access Points should be enabled

New LAN interface


Networking rutos configuration example openvpn bridge use case 12 v1.png

Now go to Network → Interfaces and press Edit next to your newly created LAN interface:


Networking rutos configuration examples guest wifi 2 v1.png

In the General setup section, do the following:

  1. Select Protocol - Static. Confirm by clicking "SWITCH PROTOCOL".
  2. Enter a IPv4 address.
  3. Enter a IPv4 netmask.
  4. Enable DHCP server.
  5. Press Save&Apply.

Firewall rules


Networking rutos configuration example openvpn bridge use case 15 v1.png

Navigate to Network → Firewall → General Settings. There create a new Zone rule by pressing Add button. Then you will be forwarded to the configuration window.


Networking rutos configuration examples guest wifi 8 v1.png

In the ZONE page, do the following:

  1. Enter a custom Name.
  2. Add new created "Guest" LAN to Covered networks.
  3. Select WAN interfaces for Allow forward to destination zones.
  4. Select WAN interfaces for Allow forward from destination zones.
  5. Save&Apply changes.

Networking rutos configuration examples guest wifi 9 v1.png

In order to disable WebUI or SSH access to RUTX from Guest's_WiFi network navigate to the Network → Firewall → Traffic Rules page and do the following:

  1. Enter a custom Name.
  2. Select "guest_zone" for Source zone.
  3. Select "lan" for Destination zone.
  4. Click the Add button. Then you will be forwarded to the configuration window.

Networking rutos configuration examples guest wifi 10 v1.png

Do the following in the TRAFFIC RULES page:

  1. Enable instance.
  2. Change the Destination zone to "Device (input)".
  3. Enter the Destination port to reject. By default ports 22, 80, 443 are used to access the web user interface and SSH.
  4. Change the Action to "Reject".
  5. Save&Apply changes.

Results

If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUTX_WiFi_2G" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.


Networking rutos configuration examples guest wifi 14 v1.jpg

Wireless users connected to SSID: “RUTX_WIFI”, will be assign to “LAN”, and will get IP from main pool 192.168.1.0/24.


Networking rutos configuration examples guest wifi 13 v1.jpg

LAN users are able to access any data from pool 192.168.1.0/24. For example they can access Web UI.


Networking rutos configuration examples guest wifi 12 v2.jpg

Wireless users connected to SSID: “GUEST'S_WIFI”, will be assign to LAN “Guest”, and will get IP from new pool 10.10.10.0/24.


Networking rutos configuration examples guest wifi 11 v1.jpg

Guest hosts are unable to access any data from pool 192.168.1.0/24. And access to RUTX Web UI or SSH is restricted.