How to Ensure Wireless Clients are Properly Segregated for Secure the Network?

Options
Zyxel_Bella
Zyxel_Bella Posts: 437  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited January 25 in SSID

In some networking scenarios, it's necessary to ensure clients on a wireless network are unable to communicate with each other for reasons related to security or network performance. To achieve this, AP can be configured to operate in NAT Mode with Guest Network supported by Nebula, segregating client devices.

Topology and Scenario

Configuration

Go to Site-wide > Configure > Access points > SSID advanced settings

Select the NAT mode at Traffic options > Forwarding mode

Go to Site-wide > Configure > Access points > SSID settings

Enable Guest Network on the NAT SSID

Verification

Check the IP address of a connected client.

The default subnet of NAT SSID will be "10.0.0.0/8".

If the network subnet is part of "10.0.0.0/8", the SSID subnet will be "172.16.0.0/12".

Attempt communication between two clients.

Communication should be blocked if both NAT Mode and Guest Network are enabled.

Note

If the Guest Network feature is enabled, remember that clients from different SSIDs can't communicate when both NAT Mode and Guest Network are enabled. Only enabling NAT Mode won't block the traffic inside the network.

For more details and visual guidance, refer to the NAT mode at

Tagged: