Guest Wi-Fi: Client Isolation vs IoT, Chromecast, Google Home, and Printers

  • 1
  • Question
  • Updated 2 days ago
I manage the Wi-Fi for a nursing home. We have a guest Wi-Fi which uses client isolation (with the gateway in the whitelist). The problem is we have more and more devices that don't work well (or at all) with client isolation. Devices like printers, Chromecast, Google Home, and now some of the smart home devices. I'd like to have a guest Wi-Fi that anyone can, still supports client isolation when possible, but lets these new devices still work without IT involvement for every single new device.

I'd like to know how others are managing this problem. How would you deal with this issue? One idea I have is if I can forward all my guest traffic to the gateway (which is my firewall) I can let it manage network traffic. I can then open certain ports used by these devices. I know I can forward traffic to my ZD, but this won't help me. I use a single ZD to manage APs in three different cities, so the latency would become an issue. I use a ZD3025 on 9.13.13.0 built 164 with R500 and R510 APs.

Photo of IT Admin

IT Admin

  • 1 Post
  • 0 Reply Likes

Posted 6 days ago

  • 1
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 27 Posts
  • 6 Reply Likes
Hi! I have a similar issue. The main problem is that the client isolation will block the multicast-based discovery. Your gateway would have to implement some sort of mdns gateway or some way to reflect the mdns messages back. But then, you have the issue of which chromecast your guest can see (im sure you don't want ALL of them to appear ).. you could use the DPSK feature with "group DPSK" and assign a vlan per DPSK .. so that you have a single SSID but your wifi key becomes your vlan identifier and thus a single tenant can have all of their devices in a single vlan

(not sure if its supported on ZD or only on vSZ)