Business Community > Controllers > Enable guest like isolation on APs etc. without categorizing users as guests
< Controllers

Enable guest like isolation on APs etc. without categorizing users as guests

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Enable guest like isolation on APs etc. without categorizing users as guests

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Enable guest like isolation on APs etc. without categorizing users as guests
Enable guest like isolation on APs etc. without categorizing users as guests
2021-11-25 12:26:31

Hey,

 

Currently with APs you either enable guest network for isolation including tagging them as a guest or you don't reducing the isolation available.

We run a deny all AP ACL and switch ACL policy with separate VLANs, but not sure what other isolation mechanics might be included in the guest network option. Any specifics to either recreate those without enabling guest network?
Any way to split them being tagged as a guest from isolation rules in the future?

Maybe similar to port isolation options on ports it could be a general isolate option and a tag vlan or network as guest.

  1      
 
  1      
 
#1
Options
4 Reply
Re:Enable guest like isolation on APs etc. without categorizing users as guests
2021-11-26 06:35:17

@s42p 

 

In my experience, EAP does not use the tag method to tag the guests.
When the guest network is enabled, ACL entries are automatically created to isolate it from the main network.
You can look at this: https://www.tp-link.com/en/support/faq/1060/

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Enable guest like isolation on APs etc. without categorizing users as guests
2021-11-26 13:47:01

@Virgo 

 

It does use something special to mark them as guests instead of users in the stats pages etc.

That's the part I meant with tagging.

 

The isolation on the network is possible without the guest network feature being enabled, but it lacks the AP based isolation.
As mentioned I personally have a full deny list and guest network enabled as well, but would be great to not have them count as guests in any stats.

 

Basically have a vlan guest option, that anyone in that vlan is counted as a guest within any stats.

Secondly have a isolation feature, that fully isolates clients on the AP as well as switch layer, but without counting/showing them as guests.

  0  
  0  
#3
Options
Re:Enable guest like isolation on APs etc. without categorizing users as guests
2021-11-29 08:35:51

@s42p 

Based on their FAQ https://www.tp-link.com/us/support/faq/3091/

ACL is required.

  0  
  0  
#4
Options
Re:Enable guest like isolation on APs etc. without categorizing users as guests
2022-03-10 08:02:13 - last edited 2022-03-10 08:05:52

  @s42p 
Any update on the likelihood of guests being an opt-in declaration. Basically decoupling the guest isolation from the guest category in the interface.
I would love to have the option to have guest like ACLs active with a click of a button, while not having them designated as a guest.

 

The other way is also useful. I want to decide what AP, VLAN etc. is designated as a guest with or without guest ACLs.

Split this request into its own thread so: https://community.tp-link.com/en/business/forum/topic/510228

 

Maybe make "guest" a simple label with the future option of having multiple labels to search for in the interface as well.

  0  
  0  
#5
Options

Information

Helpful: 1

Views: 848

Replies: 4

Related Articles
 Client isolation or L2 isolation without other guest policy? across APs ?
3978 0
Guest Network Isolation
9216 0
 Which AP for guest isolation
463 0
Guest isolation disabled, clients acting isolated
1562 0
AC1350 Ceiling AP not behaving like other APs connected to controller
413 0
Disable only Guest SSID and enable with schedule
2664 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.