|
Maybe a Mikrotik guru would be kind enough to help me out. I just bought one of the Mikrotik RB751 boards with the 1 watt 802.11 a/b/g/n card. My intention was to replace the three dinky access points in our warehouse with one centrally managed one. The RB751 will be plugged into a pfSense box on an auxiliary port, and bridged to the LAN. I've got this working, and the signal is decent. In case you're curious about the new board, the range is great, but the rate is much lower than I expected at about 24Mb/sec most of the time, with bursting to 90Mb/sec here and there. Can someone help me out with creating a Virtual AP that will allow guests to use the wifi without having any access to the LAN? My goal is a WPA-protected wifi AP for employees, and an open, Internet-only one for guests.
|
#
¿
Oct 8, 2011 16:33
|
|
|
|
| # ¿ May 4, 2024 03:47 |
|
|
Weird Uncle Dave posted:I've got something similar in my office. The way I did it, was to create two DHCP pools, one for the encrypted AP, a second one for the "open" AP, then did the firewalling based on the source IP address (i.e. if you're coming from the open AP, you're not allowed to access the office billing system). Thanks, Weird Uncle Dave. I'm feeling confused over the Virtual AP stuff in RouterOS. I understand your technique, but I'm unsure of how to go about that with pfSense as the bridge and sole DHCP server (trying to avoid double-NAT). I don't have any idea how to get pfSense to serve out a particular range for one of Mikrotik's SSIDs and another for the Virtual AP SSID. Are there any good tutorials on this sort of thing? The Mikrotik wiki hasn't been much help, and I can't find much on the web. Most of what I've found have been unresolved questions on their forums, or people that solve it and don't post what they did. insularis fucked around with this message at 18:43 on Oct 8, 2011 |
|
#
¿
Oct 8, 2011 18:39
|
|
|
Thanks, guys, I think this will get me there. I would normally agree with you on the "loud card" thing. My original plan was to go with Ubiquiti Unifi gear, but for $60, I thought I'd give this a try first. The warehouse/manufacturing floor is about 12,000 sq/ft (not huge) and fairly wide open. My network room in this particular building is nearly centrally located, and I've been easily able to maintain signal with a Thinkpad T410 with a standard Intel card. My grumblings about the 751's speeds were from short to medium distance tests (10-80ft, LOS, various connecting equipment). It didn't seem any worse in the far corners of the building as of yet. Thanks again for the help, I'll post back with my results next week.
|
|
#
¿
Oct 8, 2011 20:12
|
|
|
feld posted:Multiple bridges which bridge a vlan and the virtual AP. Routing does the rest. You serve the DHCP on separate VLANs. Feeling kind of dumb now ... I got this set up and working in about 20 minutes with a couple of false starts. It was all easier than I thought. VLANs and separate DHCP servers did the trick, and writing the rules was painless. Thanks to everyone for the great information and help. The RB751 is working better now that I've changed the antenna profiles, physical location, and set the timing to "Indoor" ... getting good solid connections everywhere except for one room at 60Mb+/90Mb+.
|
|
#
¿
Oct 10, 2011 17:24
|
|