NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WAC510 Wireless Client Isolation does not isolate client from LAN
Hi, How can I create a guess network where clients are isoated from my machines on the LAN? We have few WAC510's installled and tried to create a guess network by configuring SSID2 as "Guess"...
FriesLover22 wrote:
I have also tried chaning the VLAN ID from 1 to 2. But that resulted that my clients couldn't even connect to SSID2 anymore. After succesful password validation clients disconnects.
Does this VLAN 2 and the associated IP subnet with the required router, DHCP server, switch configuration to carry the tagged VLAN 2 exist after all?
schumaku : no. Setting the VLAN was actually a desperate move to see whether it would matters. The WAC510 is not connected to a VLAN capable router. Besides, according to the documentation the VLAN ID for a WiFi network is not the same as the 802.1Q VLAN ID that is used for the wired network and only usable with the WAC510 set to Router mode. In our case, the WAC510's are set to function in AP mode.
So, any advice to get Client Isolation working as described so connected clients can't access servers on the LAN anymore? (Other than DHCP and gateway)
FriesLover22 wrote:
schumaku : Besides, according to the documentation the VLAN ID for a WiFi network is not the same as the 802.1Q VLAN ID that is used for the wired network and only usable with the WAC510 set to Router mode. In our case, the WAC510's are set to function in AP mode.
Well, this is not the full truth - confusing at last. This documentation section dates back from some router history, and does refer to the router or AP "host" VLAN, which initially was referred as the 802.1Q VLAN ID.
To keep it simple, the VLAN ID we can associate to an SSID - being on the WAX5xx or WAC6xx local admin, or on the Insight and Insight Pro management does indeed map an SSID to a tagged VLAN ID, which is indeed again industry standard 802.1Q technology.
schumaku : thanks for the clarification!
Now... is Wifi client Isolation (preventing wifi clients connecting to LAN devices) possible without VLAN capable routers using the WAC510?
To clarify: below is the option I want it to work, but after enabling clients still can connect to clients on LAN
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
