Wireless Client Isolation

[Steelstar]

I have a 2.4G wireless network setup with no clients isolation.
I have also setup a guest 2.4G network with clients isolation.
As far as I know clients isolation means that connected client cannot communicate with each Others, and above all they can't communicate with my LAN.

I tried to connect my smartphone to the guest network (with clients isolation active) but I still could reach my NAS page and router configuration! This is critical for me! how is it possible?

[billion_fan]

I have a 2.4G wireless network setup with no clients isolation.
I have also setup a guest 2.4G network with clients isolation.
As far as I know clients isolation means that connected client cannot communicate with each Others, and above all they can't communicate with my LAN.

I tried to connect my smartphone to the guest network (with clients isolation active) but I still could reach my NAS page and router configuration! This is critical for me! how is it possible?

No client isolation on the guest network, will only isolate wireless clients from each other that are connected to the guest network.

If you want to isolate this network from the LAN ports, follow the attached steps.

Example

1. Click on Interface Grouping (once logged into the router under 'Configuration >> LAN')
2. Click on 'Add'
3. Enter a 'Group Name' eg guest
4. Under 'Available LAN Interfaces' select your 'Guest Network' and click on the arrow pointing left, so the guest wifi network should now be added to 'Grouped LAN Interfaces'
5. Click on 'Apply'
6. Under 'Group Isolation' tick the box and click on 'Apply'
7. Click on 'LAN >> Ethernet'
8. VERY IMPORTANT Under 'Group Name' select your guest wifi group for this example I used 'guest'
9. Tick 'LAN Side Firewall' and click on 'Apply'

That should be it, the guest wifi network should be totally isolated.

I hope this helps

[Steelstar]

Now it seems to work correctly, thanks!
I didn't bother to read what interface grouping is, now it is more clear to me.

Just a few more questions/doubts:
- now, when I click "DHCP" under Status/DHCP, list takes several seconds to appear. Is it normal?
- IGMP enabled makes any notable difference?
- in the manual, on the voice "LAN side firewall" something about IP filtering incoming is explained: this shouln't interest me, since this second "guest" group is wireless only, right?
- if I have understood, client isolation is only about wireless clients, this does not apply to LAN interfaces in the same Group
- I can't have a day-only schedule for the main SSID and an Always-on on a Guest/Virtual AP (no energy saving since the phisical AP is the same)

[billion_fan]

Now it seems to work correctly, thanks!
I didn't bother to read what interface grouping is, now it is more clear to me.

Just a few more questions/doubts:
- now, when I click "DHCP" under Status/DHCP, list takes several seconds to appear. Is it normal?
- IGMP enabled makes any notable difference?
- in the manual, on the voice "LAN side firewall" something about IP filtering incoming is explained: this shouln't interest me, since this second "guest" group is wireless only, right?
- if I have understood, client isolation is only about wireless clients, this does not apply to LAN interfaces in the same Group
- I can't have a day-only schedule for the main SSID and an Always-on on a Guest/Virtual AP (no energy saving since the phisical AP is the same)

1. It might take some time to generate a DHCP list now, as the another DHCP range has been added
2. IGMP snooping is more for IPTV eg BT vision, you view etc
3. You shouldn't need to worry about the incoming IP filter its not needed
4. That's right if you want to isolate the lan ports from each other, setup up another Group Isolation
5. Check the 'Schedule Control' function under 'Wireless 2.4G (wl0)/Wireless 5G (wl1)'

I hope this helps