Template:Networking rutos configuration example guest wifi

From Teltonika Networks Wiki

Introduction

Most of us are aware, that network security is extremely important. If your WiFi network is not properly secured, it makes you and all of your home or office resources vulnerable to a variety of security threats. To stay ahead of the curve, many companies and home users have guest WiFi. Unlike your regular WiFi network that you or your company members use, the guest WiFi network restricts what your guests can do in your network. It gives visitors access to the Internet connection, but nothing else making you or your company a lot more secure. This chapter is a guide on configuring a guest WiFi.

Configuring router (RUTX)

Before you start configuring the router turn on "Advanced WebUI" mode. You can do that by clicking the "Basic" button under "Mode", which is located at the top-right corner of the WebUI.

Networking rutx manual webui basic advanced mode.gif


New Wireless


Networking rutos configuration examples guest wifi 3 v1.png

Login to the router's WebUI, navigate to the Network → Wireless page and do the following:

  1. Click Add.

Networking rutos configuration examples guest wifi 4 v2.png

On General Setup tab do the following:

  1. Enable instance.
  2. Select mode Access Point.
  3. Enter ESSID.
  4. Expand the drop-down menu Network.
  5. Uncheck the lan interface.
  6. Create a new interface, enter name Guest.

Networking rutos configuration examples guest wifi 5 v1.png

Switch to Wireless Security tab and do the following:

  1. Select Encryption type.
  2. Select Cipher type.
  3. Enter Key.
  4. Save&Apply changes.

Networking rutos configuration examples guest wifi 6 v1.png

Wait for configuration to apply. Two Wireless Access Points should be enabled

New LAN


Networking rutos configuration examples guest wifi 1 v2.png

Navigate to the Network → Interfaces page and do the following:

  1. Find new interface called GUEST and click the Edit button.

Networking rutos configuration examples guest wifi 2 v1.png

In the General setup section, do the following:

  1. Select Protocol - Static. Confirm by clicking "SWITCH PROTOCOL".
  2. Enter a IPv4 address.
  3. Enter a IPv4 netmask.
  4. Enable DHCP server.
  5. Press Save&Apply.

Edit Firewall


Networking rutos configuration examples guest wifi 7 v1.png

Navigate to the Network → Firewall → General Settings page and do the following:

  1. Click the Add button.

Networking rutos configuration examples guest wifi 8 v1.png

In the ZONE page, do the following:

  1. Enter a custom name.
  2. Add new created Guest LAN to Covered networks.
  3. Select WAN interfaces for Allow forward to destination zones.
  4. Select WAN interfaces for Allow forward from destination zones.
  5. Save&Apply changes.

Networking rutos configuration examples guest wifi 9 v1.png

To disable Web UI or SSH access to RUTX from Guest's_WiFi network navigate to the Network → Firewall → Traffic Rules page and do the following:

  1. Enter a custom Name.
  2. Select guest_zone for Source zone.
  3. Select lan for Destination zone.
  4. Click the Add button.

Networking rutos configuration examples guest wifi 10 v1.png

In the TRAFFIC RULES page, do the following:

  1. Enable instance.
  2. Change destination zone to Device (input).
  3. Enter Destination port to be rejected. For Web UI and SSH access it is port 22, 80, 443.
  4. Select action Reject.
  5. Save&Apply changes.

Results

If you've followed all the steps presented above, your configuration should be finished. If you are near a RUT, that is, in a wireless zone, turn on WiFi on your device and view the available networks. You should see the available SSID - "RUT_WiFi" and "Guest_WiFi". Select one of them and enter the appropriate WiFi password.

Wireless users connected to SSID: “RUTX_WIFI”, will be assign to “LAN”, and will get IP from main pool 192.168.1.0/24.

Wireless users connected to SSID: “GUEST'S_WIFI”, will be assign to LAN “Guest”, and will get IP from new pool 10.10.10.0/24.

Guest hosts are unable to access any data from pool 192.168.1.0/24.