I have a gateway router which connects to a Ruckus ICX switch (running the Router image), which in turn has two Ruckus Unleashed APs connected to it.
I would like to configure a wireless network which cannot access devices on my LAN, but which CAN be reached and managed by a device on my LAN. These would be untrusted IoT devices that run services which need to be accessible, but which do not need to initiate connections to other systems.
I'm thinking the Unleashed AP ACLs aren't granular enough for this type of configuration, and I'd instead need to configure a VLAN and implement a Firewall somewhere along the path.
Is there a way to achieve this configuration with the equipment that's already in place?
When Wireless Client Isolation is enabled on a WLAN, all communication between clients and other local devices is blocked at the Access Point.
To prevent clients from communicating with other nodes, the Access Point drops all ARP packets from stations on the WLAN where client isolation is enabled and which are destined to IP addresses that are not part of a per-WLAN white list.
You can create exceptions to client isolation (such as allowing access to a local printer, for example) by creating Client Isolation Whitelists.
To configure a Client Isolation Whitelist:
Go to WiFi Networks > Advanced Options > Others.
Select both check boxes under Wireless Client Isolation. (Isolate wireless clients from other clients on the same AP, and from all hosts on the same VLAN/subnet).
Click Create Whitelist.
Enter a Name and optionally a Description for the access policy.
In Rules, you can create multiple device-specific rules for each device to be white listed.
Description: Description of the device.
MAC Address: Enter the MAC address of the device.
IPv4 Address: Enter the IP address of the device.
Click Save to save the rule you created.
To change the order in which rules are implemented, select the order from the drop-down menu in the Order column. You can also Edit or Clone rules from the Action column. To delete a rule, select the box next to the rule and click Delete.