How to Ensure Wireless Clients are Properly Segregated for Secure the Network?
Zyxel Employee
In some networking scenarios, it's necessary to ensure clients on a wireless network are unable to communicate with each other for reasons related to security or network performance. To achieve this, AP can be configured to operate in NAT Mode with Guest Network supported by Nebula, segregating client devices.
Topology and Scenario
Configuration
Go to Site-wide > Configure > Access points > SSID advanced settings
Select the NAT mode at Traffic options > Forwarding mode
Go to Site-wide > Configure > Access points > SSID settings
Enable Guest Network on the NAT SSID
Verification
Check the IP address of a connected client.
The default subnet of NAT SSID will be "10.0.0.0/8".
If the network subnet is part of "10.0.0.0/8", the SSID subnet will be "172.16.0.0/12".
Attempt communication between two clients.
Communication should be blocked if both NAT Mode and Guest Network are enabled.
Note
If the Guest Network feature is enabled, remember that clients from different SSIDs can't communicate when both NAT Mode and Guest Network are enabled. Only enabling NAT Mode won't block the traffic inside the network.
For more details and visual guidance, refer to the NAT mode at
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight