Skip to main content

90 Messages

 • 

1.6K Points

Fri, Jun 27, 2014 1:23 PM

Isolating guest traffic

I have enabled a guest SSID on my network and I have selected isolated wireless client traffic from other clients on the same AP and isolated wireless client traffic from all hosts on the same VLAN/subnet. I added my printer to the white list, however guests trying to connect do not get an IP address and cannot connect to internet. So what I tried was adding the IP and MAC addresses of my AP's and router to the whitelist, and traffic is isolated from all other users, except they can see the access points and router. Is this normal behavior? Is full client isolation not possible?

My current software version is 9.7.0.0 build 220

Responses

31 Messages

 • 

588 Points

6 years ago

Hi,

In my opinion you shouldn't need to whitelist the addresses of your AP's assuming that your router is also DHCP server or forwarder.

If you want to allow guests to use the WLAN it is strongly advised to put them in a separate VLAN. If your printer supports bonjour, you could then allow your guests to use the printer by configuring a bonjour gateway.

Regards,

Bas

90 Messages

 • 

1.6K Points

6 years ago

Thanks for the reply. I've tried tagging the guest network with a different VLAN tag id, which does not seem to work. I am not well versed on VLAN. Do you have instructions?

129 Messages

 • 

1.6K Points

Did you ever resolve guest printing? If so, how?

31 Messages

 • 

588 Points

6 years ago

If you can provide me more info on your setup i could try to point you in the right direction.

Is your network vlan-aware?
What kind of equipment are you using? (brand and type of switch)

What kind of firewall/router are you using?

Before you want to set up a new VLAN you (at least) need:
- the VLAN to be configured on all switch ports where AP's are connected UNLESS you are tunnelling all traffic to the ZD. The latter is probably easier to configure and maintain as then you only need to configure the VLAN on the ZD interface.
- The VLAN to be terminated on a firewall/router
- A DHCP scope to be active on the VLAN