NWA1123ACv3 Does it support client isoloation?

ASGR
ASGR Posts: 3  Freshman Member
First Comment

Hey Guys (and Gals),

I bought this unit because, according to the tech description, it supported L2 isolation or otherwise known as client isolation (or port isolation on switches). The feature now does not seem to be clear.

Config → AP Profile → SSID → Layer 2 Isolation List ( firmware 6.70(5) )

Askes me to create a list of 'Allowed Devices'… What does that mean!?

Config → AP Profile → SSID → SSID List → 'Profile Name'

I've enabled 'Enable Intra-BSS Traffic blocking' that seems to block different BSSID clients.

I've set this up via VLAN from a Netgate Firewall to accept only allowed devices as per-defined list of MAC addresses that works fine.

Does the NWA1123ACv3 unit isolate clients by default? If not, I feel like I've been mislead as to the capabilties of this unit! I require each client to be completely isolated from other clients on the same SSID/BSSID/Subnet. Can this unit do that?

Thanks.

Accepted Solution

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,020  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @ASGR

    Yes, the NWA1123ACv3 does support client isolation through its Layer 2 isolation feature. The "Allowed Devices" list in the L2 isolation profile is designed to permit traffic to specific MAC addresses that you whitelist. Typically, this is used to allow traffic to the gateway so that clients can access the internet while still being isolated from one another.

    Intra-BSS Traffic blocking, which you’ve already enabled, is intended to prevent communication between wireless clients connected to the same SSID/BSSID.

    For a detailed guide on setting up guest WiFi and isolation in standalone mode, please refer to this article:

    Note: Keep in mind that Layer 2 isolation applies only to clients within the same subnet. If clients are on different subnets, additional configurations on your firewall or switch (such as ACLs or firewall rules) will be necessary to block traffic between them.

    Kay

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,020  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @ASGR

    Yes, the NWA1123ACv3 does support client isolation through its Layer 2 isolation feature. The "Allowed Devices" list in the L2 isolation profile is designed to permit traffic to specific MAC addresses that you whitelist. Typically, this is used to allow traffic to the gateway so that clients can access the internet while still being isolated from one another.

    Intra-BSS Traffic blocking, which you’ve already enabled, is intended to prevent communication between wireless clients connected to the same SSID/BSSID.

    For a detailed guide on setting up guest WiFi and isolation in standalone mode, please refer to this article:

    Note: Keep in mind that Layer 2 isolation applies only to clients within the same subnet. If clients are on different subnets, additional configurations on your firewall or switch (such as ACLs or firewall rules) will be necessary to block traffic between them.

    Kay

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • ASGR
    ASGR Posts: 3  Freshman Member
    First Comment

    Hello Kay,

    Thank you for your reply.

    That's answered all my questions.