EAP610 - Guest Network vs SSID isolation
First off, I just replaced a EAP245 V1 (not V3). I am NOT using any controller, but a single EAP in standalone mode. I configure the device via the EAP web interface.
Setting up the new AP I noticed that the SSID isolation checkbox is missing and replaced with a new Guest Network. From the description, this is a horrible change, but maybe I am misunderstanding it. It says this new feature blocks access to private IP addresses. Isn't that the responsibility of a router? These EAP devices are APs, not routers.
I have outside family that bring their wireless devices onto my network, so I have been using SSID isolation to prevent inter-wireless communication. However, their devices need to be able to access some IP addresses on my local private network..namely a DNS server and an NTP server. Any routing permissions are left to my pfSense firewall. For some devices my firewall allows access to a local web server on my private network too. Same for wireless cameras...they should not be able to access any other device on the same SSID, but need to access/stream their data to a local server on my private network.
With this new feature if I turn guest network on, I have no access to any of my local LAN devices. If I turn it off, I can have virus/malware infected wireless devices communicating with other wireless devices on the same SSID.
I saw some posts about ACL settings, but I am not running a controller, just a single EAP and those settings are not present on the web interface of the EAP!