vSZ-H Client Isolation Whitelist badly needed

  • 2
  • Question
  • Updated 1 month ago
We're running vSZ-H 3.4.1.0.208 with 116 APs connected in one Zone. When we try to setup Client WLANs with ClientIsolation turned on, there is no way of providing a "Whitelist" for MACs/IPs which should be excluded from that isolation (Basically Devices connected into the same VLAN per cable). When assigning an L2-Access Control Service rule to that WLAN with the MACs of Gateway/DHCP and MACs of Devices which should be reachable as allowed, it's not even possible to grab an IP from DHCP for the clients. Neither works the connection anyhow (Can't connect to the WLAN).

So what is the "Real" way to do a setup like this? Is there maybe a way to disable isolation but use User Traffic Profiles to block traffic in same VLAN but allow traffic from UE to designated IPs (Server IPs, Gateway, DHCP) in the same VLAN? Didn't try - just a guess.

Scenario is:
- WLAN with Client Isolation enabled
- Access-VLAN: One VLAN, no Pooling
- Server connected through cable in same VLAN as Access-VLAN - Can't be reached from UE (ping etc)!

What we need to achieve:
- WLAN with Client Isolation enabled
- Access-VLAN: One VLAN, no Pooling
- Server connected through cable in same VLAN as Access-VLAN - Server/s reachable from UE!

Any Ideas?
Photo of Elmar GRUBER

Elmar GRUBER

  • 3 Posts
  • 0 Reply Likes
  • frustrated

Posted 9 months ago

  • 2
Photo of Yogesh Ranade

Yogesh Ranade

  • 7 Posts
  • 0 Reply Likes
This will be addressed in our upcoming 3.5 release which is slated for release by end of March. To clarify: We will support manual whitelist entries that can be configured via the vSZ UI.
(Edited)
Photo of Elmar GRUBER

Elmar GRUBER

  • 3 Posts
  • 0 Reply Likes
Upgrade to 3.5! That was our solution. Works like a charm!