Business Community > WiFi > Where is AP isolation for clients on a given SSID?
< WiFi

Where is AP isolation for clients on a given SSID?

Where is AP isolation for clients on a given SSID?

Where is AP isolation for clients on a given SSID?
Where is AP isolation for clients on a given SSID?
a week ago - last edited a week ago
Tags: #Network Connectivity #VLAN & Multi-Networks

I have deployed an Omada hardware based wifi into a development environment that does a lot of IoT development. I have an OC200, and a handful of EAP670s. Since this is replacing and older Ubiquiti network, I am recreating existing SSID's and network configurations. We have 6 wifi SSID's, each pinned to a VLAN on our Juniper switches. The gateway for each subnet is a leg on our Palo Alto firewall (a PA220 that is short for this world). Where I can not achieve parity seems to be with AP isolation. I need 2 of these networks to do AP isolation for the clients attached to them but they still have to be able to hit resources on the other side of the firewall interface such as our internal DNS servers, NTP servers, MQTT server, etc. There is the "Guest" option which kind of achieves this but then also seems to block the clients from reaching ANY rfc1918 address. And it seems to block a system reaching to a client (like ssh) on those networks. That won't work for us. Is the correct AP isolation option hidden somewhere and I'm just not seeing it? Or a command via CLI? 

 

Thanks for the help.

  0      
 
  0      
 
#1
Options
2 Reply
Re:Where is AP isolation for clients on a given SSID?
a week ago - last edited a week ago

Hi  @TheGorf 

 

Please refer to the following guide to acheive your requirements:

How to allow guest network to access specific device on the main network by configuring EAP ACL?

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#2
Options
Re:Where is AP isolation for clients on a given SSID?
a week ago - last edited a week ago

  @Vincent-TP That is not sufficient. That doesn't seem to allow systems to reach into the wifi with the "Guest" status turned on. I can no reach clients on that wifi network. 

 

This is a pretty trivial feature that has been in wifi AP systems since nearly the dawn of RF based network communications. Why aren't you just creating a standard AP isolation feature? This "guest" mode is ridiciulous and for something I would expect from a cheap residential router. If your aim is to be taken seriously in the business space, then I need serious features. Guest is not it. 

 

I also removed your self appointed "solution" check since it clearly is not a solution.

  0  
  0  
#3
Options

Information

Helpful: 0

Views: 66

Replies: 2

Tags

Network Connectivity VLAN & Multi-Networks
Related Articles
How to increase number of clients per ssid
667 0
 Guest SSID vs AP Isolation
4222 0
 SSID (AP) Isolation feature separated from "Guest network"
439 2
Clients on Second Access Point don't get an IP adress with tagged SSID
809 0
How to disable AP isolation in Omada system
1695 0
 Which AP for guest isolation
555 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.