Dumb AP with guest network w/o password

I have set up a dumb AP with guest wifi, incl all the firewall rules, own guest DHCP-pool etc., according to the official guide. So it should be quite secure, subnets are separated from each other.

Would you advise to still set a password for the guest network? I would like to make connections for guests as easy as possible.

Depends on your intention when speaking about security. Just to give an example: You have configured encrypted wifi with password for you clients at DA (dump access point). If your DA uses wifi to connect to gateway router you might want to encrypt that line as well.
On the other hand multiple subnets and firewall zones do a pretty good job but do you intend to configure them at DA as well? Maybe you want vlans to ensure routing within one logical network on layer 2 already.

If that's not helping please specify your setup and your intentions and concerns

Main router connected LAN-LAN to DA with fixed IP. 2.4 and 5.0 secured wifi and 2.4 and 5.0 guest wifi. Other subnet for guest-wifi with DHCP (of course) in other range. Ping to other subnets is blocked.

Firewall looks like this:

Extra firewall-rules:

I think this is quite sufficient security w/o password. But it is a public environment (gas station with shop) and I would like to prevent a clever person accessing e.g. the main computer.

1 Like

This should be secure. Have you tested it by connecting a laptop as a guest and trying to reach your main router or LAN computers?

The problem with a completely open network that reaches outside the building or even beyond the property line is that complete strangers may use your ISP connection for unlawful purposes and the investigation will come back to you.

Yes, I have tested this, main router or LAN computers can't be reached.