WAC510 Wireless Client Isolation does not isolate client from LAN

Question

Hi,&nbsp;How can I create a guess network where clients are isoated from my machines on the LAN?&nbsp;We have few WAC510's installled and tried to create a guess network by configuring SSID2 as "Guess" and having "Wireless Client Isolation" enabled, with the expectation that clients connected to SSID2 would not be able to connect to devices on the same SSID or any other machine on the LAN. However, my clients connected to SSID2 were able to connect to any other machine on the LAN.&nbsp;If you click on the blue information icon however next to "Wireless Client Isolation" it says: "It wil prevent the clients connected to the SSID to communicate with other clients connected to the same SSID or any other machine on the LAN except Gateway, DNS server.".&nbsp;But this doesn't seem to be true in my case.&nbsp;I have also tried chaning the VLAN ID from 1 to 2. But that resulted that my clients couldn't even connect to SSID2 anymore. After succesful password validation clients disconnects.&nbsp;We are running WAC510 with firmware V9.6.0.12&nbsp;

schumaku · Answer

FriesLover22&nbsp;wrote:
schumaku&nbsp;: Besides, according to the documentation the VLAN ID for a WiFi network is not the same as the 802.1Q VLAN ID that is used for the wired network and only usable with the WAC510 set to Router mode. In our case, the WAC510's are set to function in AP mode.

Well, this is not the full truth - confusing at last. This documentation section dates back from some router history, and does refer to the router or AP "host" VLAN, which initially was referred as the 802.1Q VLAN ID.
&nbsp;
To keep it simple, the VLAN ID we can associate to an SSID - being on the WAX5xx or WAC6xx local admin, or on the Insight and Insight Pro management does indeed map an SSID to a tagged VLAN ID, which is indeed again industry standard 802.1Q technology.

schumaku · Answer

FriesLover22&nbsp;wrote:
I have also tried chaning the VLAN ID from 1 to 2. But that resulted that my clients couldn't even connect to SSID2 anymore. After succesful password validation clients disconnects.

Does this VLAN 2 and the associated IP subnet with the required router, DHCP server, switch configuration to carry the tagged VLAN 2 exist after all?

FriesLover22 · Answer

schumaku&nbsp;: no. Setting the VLAN was actually a desperate move to see whether it would matters. The WAC510 is not connected to a VLAN capable router. Besides, according to the documentation the VLAN ID for a WiFi network is not the same as the 802.1Q VLAN ID that is used for the wired network and only usable with the WAC510 set to Router mode. In our case, the WAC510's are set to function in AP mode.&nbsp;So, any advice to get Client Isolation working as described so connected clients can't access servers on the LAN anymore? (Other than DHCP and gateway)

FriesLover22 · Answer

schumaku&nbsp;: thanks for the clarification!&nbsp;Now... is Wifi client Isolation (preventing wifi clients connecting to LAN devices) possible without VLAN capable routers using the WAC510?

FriesLover22 · Answer

To clarify: below is the option I want it to work,&nbsp; but after enabling clients still can connect to clients on LAN&nbsp;

Forum Discussion

WAC510 Wireless Client Isolation does not isolate client from LAN

5 Replies

Related Content

guest WLAN isolation

Disable AP isolation

Orbi Pro 6 - IOT Client Isolation

MR60 Guest Network isolation

[WNDR3400v3] Wireless Isolation enabled prevents devices access to Internet

NETGEAR Academy

ProSupport for Business