Hi – we have one of our WLANs configured for Full Client Isolation. WLAN clients are on 172.16.0.0 subnet. Wired network, where the DHCP/DNS server is 192.168.0.0 subnet. This works great. What doesnt work, is the WLAN client’s ability to get to internal websites on the 192 subnet. How can clients get to dns/dhcp but not port 80, etc?

Thoughts?

How do you have your DHCP set up across the subnets? Are you using IP Helper?

Full Client Isolation enforces the restricted subnet access, is your 192. added as allowable with port 80 if your using the advanced settings?

Hi thanks for your reply – our router has ip helper set, yes. As I mentioned DNS/DHCP work great. After cleaning up my subnet restriction, all is well. I wonder why setting Full Isloation negates using ACLs?

Thanks again.

The restrictions and policies are enforced at the AP level before the traffic hits the rest of your network.