Guest Network Isolation

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Guest Network Isolation

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Guest Network Isolation
Guest Network Isolation
2018-12-15 19:32:10 - last edited 2018-12-29 07:00:55

Hello!

 

I have setup TWO EAP 225 v3 access points using a Standard Router w/o any VLANS.

 

However, I would like the WiFi connected guest to not communicate with each other and WiFi guests to not access any resouces on the wired LAN devices.

 

Any idea on how it can be done.  Attached is a screenshot I thought I need to play around.

 

 

Any help is appreciated.

 


Thanks!


Sam

File:
wifi_client_isolation.jpgDownload
  0      
  0      
#1
Options
1 Accepted Solution
Re:Re:Re:Re: Guest Network Isolation-Solution
2018-12-29 06:55:13 - last edited 2018-12-29 07:00:55

Hi,

 

According to your access control rule, it will forbid the communication between wireless clients which connect with this SSID and the wired/wireless devices in 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 subnet, except the 192.168.1.1 (gateway). You can refer to FAQ1060 for more information.

 

The different between Users and Guests:

1. When you are using portal function, and the wireless clients pass the portal authentication, then it will show up in Guest list.

2. If you just use WPA-PSK authentication, the wireless clients will show up in User list.

So the Guest means the wireless clients who pass the portal authentication.

Recommended Solution
  1  
  1  
#6
Options
5 Reply
Re:Guest Network Isolation
2018-12-16 08:16:24

@sp9239 What you attached can be used to block communication with wire LAN network and remember to enable the Wireless Control Rule in the SSID configuration. In order to block wireless guest to communicate, you should enable SSID Isolation in the SSID configuration. Then it's done. 

TP-Link Employee
  0  
  0  
#2
Options
Re: Guest Network Isolation
2018-12-16 22:48:32 - last edited 2018-12-16 22:53:36

As Gary wrote, your ACL rules are well-suited to block access to your LAN for guests. But you will need to exclude 1) the router's IP (for DNS, DHCP and forwarding) from the Block rule and 2) the IP of the system running the Omada Controller if your guests should be able to use the Controller's portal. You can do so with the Exclude Subnet setting by specifying a /32 IP address.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#3
Options
Re:Re: Guest Network Isolation
2018-12-17 19:21:47

I will try out your suggestions from both responses above and will let you

know if works or not.

 

Thanks!

 

 

  0  
  0  
#4
Options
Re:Re:Re: Guest Network Isolation
2018-12-28 14:31:29

OK Here's the screenshot of the Access Control screen.
I applied the router ip in the Excluded section.  Let me know if it's not correct.

Currtently, I am not utilizing the portal so the controller's IP is not included.

 

Also, another concern is that I don't see any connections listed udner Guest.  All connections show

up under the Users section.  

What is the difference between Guests and Users?

 

 

Thanks!

 

 

 

  0  
  0  
#5
Options
Re:Re:Re:Re: Guest Network Isolation-Solution
2018-12-29 06:55:13 - last edited 2018-12-29 07:00:55

Hi,

 

According to your access control rule, it will forbid the communication between wireless clients which connect with this SSID and the wired/wireless devices in 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 subnet, except the 192.168.1.1 (gateway). You can refer to FAQ1060 for more information.

 

The different between Users and Guests:

1. When you are using portal function, and the wireless clients pass the portal authentication, then it will show up in Guest list.

2. If you just use WPA-PSK authentication, the wireless clients will show up in User list.

So the Guest means the wireless clients who pass the portal authentication.

Recommended Solution
  1  
  1  
#6
Options