Forums

Stories

Knowledge Base

Business Community > WiFi > Guest Network Isolation

< WiFi

Guest Network Isolation

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Guest Network Isolation

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

sp9239

LV1

2018-12-15 19:32:10 - last edited 2018-12-29 07:00:55

Posts: 16

Helpful: 1

Solutions: 1

Stories: 0

Registered: 2018-11-28

Guest Network Isolation

2018-12-15 19:32:10 - last edited 2018-12-29 07:00:55

Hello!

I have setup TWO EAP 225 v3 access points using a Standard Router w/o any VLANS.

However, I would like the WiFi connected guest to not communicate with each other and WiFi guests to not access any resouces on the wired LAN devices.

Any idea on how it can be done. Attached is a screenshot I thought I need to play around.

Any help is appreciated.

Thanks!

Sam

File:

wifi_client_isolation.jpgDownload

1 Accepted Solution

jonas

2018-12-29 06:55:13 - last edited 2018-12-29 07:00:55

Posts: 205

Helpful: 103

Solutions: 4

Stories: 0

Registered: 2018-07-24

Re:Re:Re:Re: Guest Network Isolation-Solution

2018-12-29 06:55:13 - last edited 2018-12-29 07:00:55

Hi，

According to your access control rule, it will forbid the communication between wireless clients which connect with this SSID and the wired/wireless devices in 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 subnet, except the 192.168.1.1 (gateway). You can refer to FAQ1060 for more information.

The different between Users and Guests:

1. When you are using portal function, and the wireless clients pass the portal authentication, then it will show up in Guest list.

2. If you just use WPA-PSK authentication, the wireless clients will show up in User list.

So the Guest means the wireless clients who pass the portal authentication.

Recommended Solution

5 Reply

Gary.Wen

2018-12-16 08:16:24

Posts: 16

Helpful: 3

Solutions: 0

Stories: 0

Registered: 2018-10-26

Re:Guest Network Isolation

2018-12-16 08:16:24

@sp9239 What you attached can be used to block communication with wire LAN network and remember to enable the Wireless Control Rule in the SSID configuration. In order to block wireless guest to communicate, you should enable SSID Isolation in the SSID configuration. Then it's done.

TP-Link Employee

R1D2

LV6

2018-12-16 22:48:32 - last edited 2018-12-16 22:53:36

Posts: 4334

Helpful: 987

Solutions: 173

Stories: 3

Registered: 2015-12-05

Re: Guest Network Isolation

2018-12-16 22:48:32 - last edited 2018-12-16 22:53:36

As Gary wrote, your ACL rules are well-suited to block access to your LAN for guests. But you will need to exclude 1) the router's IP (for DNS, DHCP and forwarding) from the Block rule and 2) the IP of the system running the Omada Controller if your guests should be able to use the Controller's portal. You can do so with the Exclude Subnet setting by specifying a /32 IP address.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻

sp9239

LV1

2018-12-17 19:21:47

Posts: 16

Helpful: 1

Solutions: 1

Stories: 0

Registered: 2018-11-28

Re:Re: Guest Network Isolation

2018-12-17 19:21:47

I will try out your suggestions from both responses above and will let you

know if works or not.

Thanks!

sp9239

LV1

2018-12-28 14:31:29

Posts: 16

Helpful: 1

Solutions: 1

Stories: 0

Registered: 2018-11-28

Re:Re:Re: Guest Network Isolation

2018-12-28 14:31:29

OK Here's the screenshot of the Access Control screen.
I applied the router ip in the Excluded section. Let me know if it's not correct.

Currtently, I am not utilizing the portal so the controller's IP is not included.

Also, another concern is that I don't see any connections listed udner Guest. All connections show

up under the Users section.

What is the difference between Guests and Users?

Thanks!

jonas

2018-12-29 06:55:13 - last edited 2018-12-29 07:00:55

Posts: 205

Helpful: 103

Solutions: 4

Stories: 0

Registered: 2018-07-24

Re:Re:Re:Re: Guest Network Isolation-Solution

2018-12-29 06:55:13 - last edited 2018-12-29 07:00:55

Hi，

The different between Users and Guests:

1. When you are using portal function, and the wireless clients pass the portal authentication, then it will show up in Guest list.

2. If you just use WPA-PSK authentication, the wireless clients will show up in User list.

So the Guest means the wireless clients who pass the portal authentication.

Information

Helpful: 0

Replies: 5

Guest Network Isolation

Guest Network Isolation

Information

Voters 0

Tags