How to Ensure Wireless Clients are Properly Segregated for Secure the Network?
Zyxel Employee
In some networking scenarios, it's necessary to ensure clients on a wireless network are unable to communicate with each other for reasons related to security or network performance. To achieve this, AP can be configured to operate in NAT Mode with Guest Network supported by Nebula, segregating client devices.
Topology and Scenario
Configuration
Go to Site-wide > Configure > Access points > SSID advanced settings
Select the NAT mode at Traffic options > Forwarding mode
Go to Site-wide > Configure > Access points > SSID settings
Enable Guest Network on the NAT SSID
Verification
Check the IP address of a connected client.
The default subnet of NAT SSID will be "10.0.0.0/8".
If the network subnet is part of "10.0.0.0/8", the SSID subnet will be "172.16.0.0/12".
Attempt communication between two clients.
Communication should be blocked if both NAT Mode and Guest Network are enabled.
Note
If the Guest Network feature is enabled, remember that clients from different SSIDs can't communicate when both NAT Mode and Guest Network are enabled. Only enabling NAT Mode won't block the traffic inside the network.
For more details and visual guidance, refer to the NAT mode at
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 91 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 918 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 926 Nebula FAQ
- 422 Security FAQ
- 238 Switch FAQ
- 210 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight