Give access to internet but not local devices on 1 device

What is the recommended way without having to create a guest wifi network.
(It is not possible to change the wifi credentials on this device)

Indeed, create guest wifi network, if necessary relocate your own network.

Cant the same be achieved with a few rules on the current router?

I have no idea why would you ever fix your net creds to something dictated by 3rd party.

Hi. You cant change credentials on that WiFI device, not router? Am i right?

You could add firewall rule to block all traffic from that device to all IP addressed in the subnet. That only works if that device do not change its own MAC address every time it connects. << wrong

Best regards!

No, this will not work. The firewall is only involved when traffic is routed (L3). Devices on the same subnet communicate via switching (L2), so the firewall is never engaged.

You can enable wifi client isolation, but that’s all-or-nothing, so if you use this option, no wifi devices will be able to talk to each other. And it doesn’t prevent wifi devices from accessing wired hosts.

The only way to achieve the stated goal is to create a second network (i.e. a guest network as previously described) and then to make sure that the device in question is on a different network relative to the hosts that should not be accessible to it.

3 Likes

No, this will not work. The firewall is only involved when traffic is routed (L3). Devices on the same subnet communicate via switching (L2), so the firewall is never engaged.

Oh yeah. That's right. My mistake :smiley:

1 Like

Thanks for the clarification

1 Like

I've decided to add a guest network on 2.4 only , i have an an ax53.
I found several sites but i'm even more clueless now.
Can someone assist ? I have the basic config running on my asus ax53

The only requirements are that :

  • guest clients only have access to internet not my main network
  • guest clients cannot see each other
  • Lan clients can see guests

Or should i make a new topic for this?

See: https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration_webinterface
If you have questions about it open a new topic

The screenshot dont seem to align with the current webui.
Like when editing the created guest interface i must change it to "static address" but there is also a devices field not in the screenshot , how do i need to set this?