How to Enable Layer 2 isolation on Access Point?
Zyxel Employee
To enable Layer 2 isolation on your Zyxel Access Point (AP), the specific steps can vary slightly depending on your device model and firmware version. However, the general process involves configuring the SSID settings.
- Navigate to Site-wide > Configure > Access points > SSID advanced settings
- Look for Layer 2 Isolation: Enable layer 2 isolation
3. You may need to create a list of 'Allowed Devices'.
This list is for specific MAC addresses that you want to permit traffic to, typically for the gateway to allow internet access while isolating clients from each other.
4. You can also enable Enable Intra-BSS Traffic blocking within the SSID List under the Profile Name.
This feature is designed to prevent communication between wireless clients connected to the same SSID/BSSID.
Important Considerations:
*Layer 2 isolation is primarily used to prevent communication between clients on the same SSID/BSSID/subnet.
*The "Allowed Devices" list in the Layer 2 isolation profile is used to whitelist specific MAC addresses, often for the gateway, so clients can access the internet.
*If clients are on different subnets, additional configurations like Access Control Lists (ACLs) or firewall rules on your firewall or switch will be necessary to block traffic between them.
*Even with Layer 2 isolation enabled, some network scanning tools might still detect devices on the same subnet.
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 222 Nebula Ideas
- 129 Nebula Status and Incidents
- 6.5K Security
- 619 USG FLEX H Series
- 349 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 53 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 486 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 105 Security Highlight