De volgende configuratie kan ingeladen worden om het guest gedeelte te creëren;
- apart netwerk Wi-Fi netwerk
- firewall regels
- gasten netwerk 172.16.0.X
--------
/interface bridge
add name=bridge-guest
/ip pool
add name=pool-guest ranges=172.16.0.10-172.16.0.254
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=profile-guest \
supplicant-identity="" wpa-pre-shared-key=12345678 \
wpa2-pre-shared-key=12345678
/interface wireless
add disabled=no master-interface=wlan1 name=wlan2 security-profile=profile-guest ssid="FIEBER-GAST" wds-cost-range=0 wds-default-cost=0
/ip dhcp-server
add address-pool=pool-guest disabled=no interface=bridge-guest name=\
server-guest
/ip dhcp-server network
add address=172.16.0.0/24 dns-server=192.168.1.1 gateway=172.16.0.1
/interface bridge port
add bridge=bridge-guest interface=wlan2
/ip address
add address=172.16.0.1/24 interface=bridge-guest network=172.16.0.0
/ip firewall filter
add chain=input in-interface=bridge-guest protocol=icmp
add action=drop chain=input in-interface=bridge-guest ipv4-options=any
dd action=drop chain=forward comment=\
"Drop Packet Originating Guest and NOT WAN" in-interface=bridge-guest \
out-interface=!ether1.128
add action=drop chain=forward dst-address=192.168.1.0/24 src-address=\
172.16.0.0/24
add action=drop chain=input dst-address=192.168.1.1 dst-port=\
8291,80,443,23,22,8729 protocol=tcp src-address=172.16.0.0/24
add action=drop chain=input dst-address=172.16.0.1 dst-port=\
8291,80,443,23,22,8729 protocol=tcp src-address=172.16.0.0/24
-------
Opmerkingen
0 opmerkingen
U moet u aanmelden om een opmerking te plaatsen.