Unleashed network - client IP isolation

  • 1
  • Question
  • Updated 2 years ago
The unleashed wireless network I'm working on has 3 AP's and four wifi networks. "Acme Studios", "Studio A", "Studio B", and "Studio C". The Acme Studios network is the corporate wifi network and has access to everything. Studio A, Studio B, and Studio C have client isolation turned on and I've created an internet & printer whitelist with 3 IP's on it. 10.0.1.1 (router; for internet), 10.0.1.61 (printer, located in Studio A), and 10.0.1.60 (printer, located in Studio B).

Currently I'm sitting in Studio A and probably connected to the same AP as the printer in Studio A. If I connect to the Studio A network I can ping the printer in Studio B, but not the printer sitting in Studio A.


Basically, if client IP isolation is turned on and a whitelist is added, I'm unable to ping devices connected to the same IP, but can ping devices on the wired network, and devices on other AP's.  Is that the expected behavior?  It seems like IP whitelisting should apply to all devices on the network; regardless of whether or not they're on the same AP.

Photo of Daniel Kuhlman

Daniel Kuhlman

  • 2 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 137 Reply Likes
The behavior you describe sounds like only per-AP client isolation was enabled, not isolation from the subnet. In the Unleashed help, two checkboxes are described for isolation:

http://docs.ruckuswireless.com/unleashed/200.0.9.9/index.html#c-ConfigOtherWLANSettings.html

"
  • Isolate wireless client traffic from other clients on the same AP: Enable client isolation on the same Access Point (clients on the same subnet but connected to other APs will still be able to communicate).
  • Isolate wireless client traffic from all hosts on the same VLAN/subnet: Prevent clients from communicating with any host on the same subnet or VLAN other than those listed on the Client Isolation Whitelist. If this option is chosen, you must select a Whitelist from the drop-down list. (See Configuring Client Isolation Whitelists
"

Did you select both? I think just selecting the second one is what you want, as the first option unconditionally isolates clients from each other on the same AP, regardless of whitelist.