guys please can you help the noob
i am new to OpenWRT
is there a way to by default, quarantine new devices when they connect to openwrt via dhcp?
so in otherwords any new device that connects to openwrt goes to a quarantine pool with no internet access
then after connecting i will give them access to the internet etc. by moving them out of the quarantine state
any help greatly appreciated
You could set up IEEE802.1X, in combination with managed switches(-only), not trivial, but the enterprise solution to this question.
The easiet would probably be to use static leases based on the device mac address and pre-define where it goes in the DHCP server.
Or have a closed/isolated VLAN/Fw zone/interface on one or more ports where you connect a device for inspection before moving it to a port where it will be used.
This works the same for WiFi SSID also.
Method of use is very much dependent on why you want to isolate the client?
thank you very much for your support
flygarn12 - the main reason is that i have clients whom require WiFi access and they have customers that connect to their wifi system(s) and they want me to allow their clients / users to connect but not utilize the internet until they have been given authorization to have internet access.
maybe there is a better way to do this?
any help greatly appreciated
Maybe you could setup a captive portal and authenticate users with user/pass.
thank you for your support, much appreciated
trendy - sometimes the client(s) have iot devices that they connect
The easiet would probably be to use static leases based on the device mac address and pre-define where it goes in the DHCP server. - the clients have different devices, iot, printers et al that connect at random if and when required.
Or have a closed/isolated VLAN/Fw zone/interface on one or more ports where you connect a device for inspection before moving it to a port where it will be used. - some sites have a single switch [ NOT MANAGED ] with a single Ubiquity AP. How would i do this?
This works the same for WiFi SSID also- i am using Ubiquiti AP Devices . How would i go about doing that?
thank you again
To my understanding you have too high expectations and not adequate equipment, therefore you'll need to either lower your expectations or be more realistic in what you can do with what you have.
The best you can do given these limitations is
but pretty easy to bypass.
Yepp! But as you said, to quarantine something but only for a short while in a home network ain’t easy.
just a question
would it not be possible to create rule to block all devices having access to the internet and lan by placing them in a group then i can move them to another groups(s) as needed?
A network client is connected with wifi radio or hardwire RJ45 to a FW zone through a interface.
In OpenWRT the FW zone is the “group” you are talking about.
But the kind of group you are thinking about where the client are gathered in pools and you can move them from pool to pool has no logic support in OpenWRT.
You have no easy way to change a physical connection inside the OpenWRT logic.
Unless you change the ports VLAN or SSID interface connection so they get paired with another FW zone by another interface.