cancel
Showing results for 
Search instead for 
Did you mean: 

Isolating guest traffic

michael_grant_6
Contributor II
I have enabled a guest SSID on my network and I have selected isolated wireless client traffic from other clients on the same AP and isolated wireless client traffic from all hosts on the same VLAN/subnet. I added my printer to the white list, however guests trying to connect do not get an IP address and cannot connect to internet. So what I tried was adding the IP and MAC addresses of my AP's and router to the whitelist, and traffic is isolated from all other users, except they can see the access points and router. Is this normal behavior? Is full client isolation not possible?

My current software version is 9.7.0.0 build 220

Image_ images_messages_5f91c3ec135b77e2478e5500_0b3f3ac7a0057f1f41a2face54463aa7_ScreenShot20140627at7.22.04AM_-4b64101a-abf9-47e1-8d69-c52cf6b835c6-1137725430.png1403875346
4 REPLIES 4

bas_sanders
New Contributor III
Hi,

In my opinion you shouldn't need to whitelist the addresses of your AP's assuming that your router is also DHCP server or forwarder.

If you want to allow guests to use the WLAN it is strongly advised to put them in a separate VLAN. If your printer supports bonjour, you could then allow your guests to use the printer by configuring a bonjour gateway.

Regards,

Bas

michael_grant_6
Contributor II
Thanks for the reply. I've tried tagging the guest network with a different VLAN tag id, which does not seem to work. I am not well versed on VLAN. Do you have instructions?

Did you ever resolve guest printing? If so, how?

bas_sanders
New Contributor III
If you can provide me more info on your setup i could try to point you in the right direction.

Is your network vlan-aware?
What kind of equipment are you using? (brand and type of switch)

What kind of firewall/router are you using?

Before you want to set up a new VLAN you (at least) need:
- the VLAN to be configured on all switch ports where AP's are connected UNLESS you are tunnelling all traffic to the ZD. The latter is probably easier to configure and maintain as then you only need to configure the VLAN on the ZD interface.
- The VLAN to be terminated on a firewall/router
- A DHCP scope to be active on the VLAN
Labels