Guest Network Isolation
Hello!
I have setup TWO EAP 225 v3 access points using a Standard Router w/o any VLANS.
However, I would like the WiFi connected guest to not communicate with each other and WiFi guests to not access any resouces on the wired LAN devices.
Any idea on how it can be done. Attached is a screenshot I thought I need to play around.
Any help is appreciated.
Thanks!
Sam
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi,
According to your access control rule, it will forbid the communication between wireless clients which connect with this SSID and the wired/wireless devices in 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 subnet, except the 192.168.1.1 (gateway). You can refer to FAQ1060 for more information.
The different between Users and Guests:
1. When you are using portal function, and the wireless clients pass the portal authentication, then it will show up in Guest list.
2. If you just use WPA-PSK authentication, the wireless clients will show up in User list.
So the Guest means the wireless clients who pass the portal authentication.
- Copy Link
- Report Inappropriate Content
@sp9239 What you attached can be used to block communication with wire LAN network and remember to enable the Wireless Control Rule in the SSID configuration. In order to block wireless guest to communicate, you should enable SSID Isolation in the SSID configuration. Then it's done.
- Copy Link
- Report Inappropriate Content
As Gary wrote, your ACL rules are well-suited to block access to your LAN for guests. But you will need to exclude 1) the router's IP (for DNS, DHCP and forwarding) from the Block rule and 2) the IP of the system running the Omada Controller if your guests should be able to use the Controller's portal. You can do so with the Exclude Subnet setting by specifying a /32 IP address.
- Copy Link
- Report Inappropriate Content
I will try out your suggestions from both responses above and will let you
know if works or not.
Thanks!
- Copy Link
- Report Inappropriate Content
OK Here's the screenshot of the Access Control screen.
I applied the router ip in the Excluded section. Let me know if it's not correct.
Currtently, I am not utilizing the portal so the controller's IP is not included.
Also, another concern is that I don't see any connections listed udner Guest. All connections show
up under the Users section.
What is the difference between Guests and Users?
Thanks!
- Copy Link
- Report Inappropriate Content
Hi,
According to your access control rule, it will forbid the communication between wireless clients which connect with this SSID and the wired/wireless devices in 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 subnet, except the 192.168.1.1 (gateway). You can refer to FAQ1060 for more information.
The different between Users and Guests:
1. When you are using portal function, and the wireless clients pass the portal authentication, then it will show up in Guest list.
2. If you just use WPA-PSK authentication, the wireless clients will show up in User list.
So the Guest means the wireless clients who pass the portal authentication.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 9253
Replies: 5
Voters 0
No one has voted for it yet.