If you have a home Wi-Fi network – Who doesn’t? No the Amish don’t count. It’s a good idea to make a Guest Wi-Fi, so you don’t have all your friends and family, knowing your Wi-Fi password or reaching your resources in the local network. With Mikrotik the setup is pretty simple. So let’s do this.
What will we do here:
- Create Separate SSID with name wirelessinfo_guest
- Create separate IP and DHCP pool for that interface
- Create a masquerade rule for internet access
- Block traffic coming from guest to lan and vice versa
First of all, you need to create a Virtual interface under your Wi-Fi interface and give it a name:
Name the new Interface ap-Guest
Under the Wireless Tab create your SSID and apply the default profile.
NOTE: The default profile is probably the profile that you are using so we will keep it here for now and create separate profile for the guests latter.
Now create new Address for the new interface in our case that will be 192.168.11.1/24 but you can set this up as you wish but you must adjust the firewall rules accordingly. And apply that IP on the ap-guest interface.
Create DHCP server for the new network 192.168.11.0/24 and apply it to the interface ap-guest
Now we need to create a masquerade rule for the 192.168.11.0 subnet so it gets translated to external IP under Firewall\NAT tab.
Now we need to block the traffic going from 192.168.88.0 to 192.168.11.0 and vice versa. Just create these 2 simple rules in forward chain and move them to the top of the Firewall list.
First rule :
And the second rule with action DROP.
Apply and OK
Now, if you try to connect to your Guest SSID, you should have working internet, but the password will still be the same as your private Wi-Fi . To change that go to :
Wireless\security profiles and press +. Choose your Profile name, encryption and password for the guests.
Apply that policy under security profile, on the new wireless interface ap-guest:
Now if you connect to your guest network, you should use your password, specified under the new security profile.
I hope this has been clear, and may the force be with you :)