NWA1123ACv3 Does it support client isoloation?
Freshman Member
Hey Guys (and Gals),
I bought this unit because, according to the tech description, it supported L2 isolation or otherwise known as client isolation (or port isolation on switches). The feature now does not seem to be clear.
Config → AP Profile → SSID → Layer 2 Isolation List ( firmware 6.70(5) )
Askes me to create a list of 'Allowed Devices'… What does that mean!?
Config → AP Profile → SSID → SSID List → 'Profile Name'
I've enabled 'Enable Intra-BSS Traffic blocking' that seems to block different BSSID clients.
I've set this up via VLAN from a Netgate Firewall to accept only allowed devices as per-defined list of MAC addresses that works fine.
Does the NWA1123ACv3 unit isolate clients by default? If not, I feel like I've been mislead as to the capabilties of this unit! I require each client to be completely isolated from other clients on the same SSID/BSSID/Subnet. Can this unit do that?
Thanks.
Accepted Solution
-
Hi @ASGR
Yes, the NWA1123ACv3 does support client isolation through its Layer 2 isolation feature. The "Allowed Devices" list in the L2 isolation profile is designed to permit traffic to specific MAC addresses that you whitelist. Typically, this is used to allow traffic to the gateway so that clients can access the internet while still being isolated from one another.
Intra-BSS Traffic blocking, which you’ve already enabled, is intended to prevent communication between wireless clients connected to the same SSID/BSSID.
For a detailed guide on setting up guest WiFi and isolation in standalone mode, please refer to this article:
Note: Keep in mind that Layer 2 isolation applies only to clients within the same subnet. If clients are on different subnets, additional configurations on your firewall or switch (such as ACLs or firewall rules) will be necessary to block traffic between them.
Kay
See how you've made an impact in Zyxel Community this year!
1
Zyxel Employee
All Replies
-
Hi @ASGR
Yes, the NWA1123ACv3 does support client isolation through its Layer 2 isolation feature. The "Allowed Devices" list in the L2 isolation profile is designed to permit traffic to specific MAC addresses that you whitelist. Typically, this is used to allow traffic to the gateway so that clients can access the internet while still being isolated from one another.
Intra-BSS Traffic blocking, which you’ve already enabled, is intended to prevent communication between wireless clients connected to the same SSID/BSSID.
For a detailed guide on setting up guest WiFi and isolation in standalone mode, please refer to this article:
Note: Keep in mind that Layer 2 isolation applies only to clients within the same subnet. If clients are on different subnets, additional configurations on your firewall or switch (such as ACLs or firewall rules) will be necessary to block traffic between them.
Kay
See how you've made an impact in Zyxel Community this year!
1 -
Hello Kay,
Thank you for your reply.
That's answered all my questions.
2
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
