Layer-2 isolation and subnet problem

Y_L

Hello,

I'm trying to setup a guest wifi with layer-2 isolation on a WAC6103D-I but i can't get it working properly.

I have added mac adresses of "VPN GW" and "Internet GW" in my Layer-2 Isolation profile but it still allows users to browse web servers on the main site and internet sites.

If i remove VPN GW from my list, i can't connect to anything.

I have successfully configured another AP with a guest wifi and Layer2-Isolation on my main site without trouble.

What can i do to really isolate users on my guest Wifi?

Thanks!?

livealive

Hi @Y_L

What's your guest Wifi scenario? Do you mean you don't wanna the guest to access your main site or the guests cannot communicate with each other or else?

Zyxel_Joslyn

Hi @Y_L

Welcome to ZYXEL community.

Layer-2-isolation is used to block same subnet client can’t communicate with each other. If a device’s MAC addresses is NOT listed in a layer-2 isolation profile, it is blocked from communicating with other devices in an SSID on which layer-2 isolation is enabled.

Since you added the  mac addresses of "VPN GW" and "Internet GW" in Layer-2 Isolation profile, it means that these two devices are allowed to be accessed by other devices in the SSID to which the layer-2 isolation profile is applied. So, the Guest Wifi clients can access the internet and intranet.

If you want to isolate Guest Wifi in the office, just create a Layer-2-isolation profile without any whitelists.

Hope it helps.

Joslyn.

Y_L

I think that the answer is here: "same subnet".

It's not my case, so in this configuration i can't use Layer-2 Isolation.

The goal is to isolate my "guest wifi" users from everything. I just want them to access internet through the "Internet GW" located in my main site.

I'll have a look to my firewall config.

Thank your very much for your help! ?️

Yann