Hi Everyone,

I would like to ask for advice on isolating the guest network for Deco X60 in AP mode.

I am currently experiencing an issue where devices on my Main network are discoverable (Printers, Chromecast, etc.) by devices connected to the Guest network, though connections to them would fail (even pings). I do not want these devices to be discoverable, its confusing and would be one less indicator of network isolation failing (if ever it happens).

My network is presently constructed as follows:

ISP Modem -> Router -> Main Deco -> Switch -> Multiple Decos/Wired Devices.

I currently run an EdgeRouter-4 as my router (for failover WAN and SQM functionality).

My main intent is:
1. For all wired devices + main wifi network devices to be discoverable and accessible to each other.

2. For all guest network devices to be isolated from the main network devices and be unable to discover them

BONUS: 

1. Be unable to access router's configuration page from guest network (currently able to)

2. Use a separate DHCP server and firewall for guest network

Something I was looking into was using different VLANs to have separate DHCP servers and firewalls at the router for the main and guest network, but I'm not sure if the Deco in AP Mode fully supports this functionality. I believe Deco uses VLAN 1 for main network and VLAN 591 for guest network, but im not sure if this is visible to the Router and something it can take advantage of.

If anyone could advise me further on the solution I was looking into, or if a network topology change would help, or if its's not possible at all with the Deco on AP mode, or provide any other proposal, I would greatly appreciate it. Thank you very much.