Client Isolation override

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Is there a way to override client isolation to make specific exceptions, say for a small group or a printer? Can you configure custom filters for MAC forwarding table?
Photo of William Fowler

William Fowler

  • 18 Posts
  • 0 Reply Likes

Posted 6 years ago

  • 1
Photo of Bittu

Bittu, Employee

  • 43 Posts
  • 13 Reply Likes
Official Response
Hello William,

If you have enabled Full Client Isolation on a WLAN, the Restricted Subnet (ACL) gets automatically applied on this WLAN and blocks access to all internal network devices, if you would like to allow access to certain devices like printer's you have to configure the Restricted Subnet available under Configure > Guest Access > Restricted Subnet. Here you will have to enter the IP address of the device you want user's to have access with a subnet of /32. For example if the IP address of the printer is 192.168.15.65, to give access you will have to enter 192.168.15.65/32 , this implies that all host bits need to match to allow access .

All the best.
Photo of JJ Buckingham

JJ Buckingham

  • 3 Posts
  • 0 Reply Likes
My question is similar to Wililiam's and has to do with client isolation. I have created a handful of VLANs for our guests and I would like to isolate them from the rest of the network. DHCP is setup on our AD server, and that is where all of the staff VLANs get their IP addresses. If I don't isolate the guest network(s), everything works fine. If I do full isolation, I get a correct IP and gateway, but I can't reach the internet at all. I'm assuming it is because I can't reach the AD server which is the DHCP/DNS server. Would creating an ACL allowing traffic to/from the AD server fix the issue?

Thanks in advance for any help you can offer.