Is it possible in mikrotik to allow clients on the wlan only Internet, and those who are in the access list and still access the local network + DHCP from the domain controller?
Actually, the SUBJECT)
can the same WiFi network (no additional guest) arrange the following pattern: a client connected to it, by default, gets the address from DHCP Mikrotik and the only access to the Internet, but if it is in accesslist, it gets the address from the domain controller and access to local network?
Sheridan_Olson34 answered on September 18th 19 at 23:50
If no "foolproof", then:
1) prohibit the dhcp packets between lan and wlan;
2) hang on wlan separate DHCP server with a separate sub-mesh
3) the rules of Faeroe prohibit communication between different subnets
(you can also use vlan and subnet)
4) I don't need to add static lease in the main draw ( the one that has access to a main)
Elody_Padberg76 answered on September 18th 19 at 23:52
And what's the point?
There is a network of "Guest" with a simple password for the guests and SMARTS employees
And network "Firm" with a complex password, which except admin no one knows the access to the corporate network.
No idea how the subject should work. Client latched on to WiFi - roughly speaking, Ethernet wire in the socket stuck. Network card has sent a request to DHCP, got an address. All. This address from the domain DHCP, or from the guest - who first answered, and the address of the client.
Melissa.O answered on September 18th 19 at 23:54
And if to clean from Mikrotik DHCP server, create bridge WiFi and Ethernet? In a filter bridge for the WiFi interface to ban everything except DHCP. To add the filter rules to allow specific MAC addresses connecting to the internal network.