06-10-2022 02:44 PM
I am using the Group PPSK to enable each to connect multiple devices to the network.
How can I make sure that each user would see only its own devices?
Products such as Extreme and Mist have this feature built-in without any required configuration. Is there a way to achieve the same result on Ruckus? Is the only way configuring a different VLAN per PPSK (potentially hundreds)?
06-14-2022 09:27 PM
Hi @imuccini
Hi @imuccini
You can enable wireless CI, when Wireless Client Isolation is enabled on a WLAN, all communication between clients and other local devices is blocked at the Access Point. To prevent clients from communicating with other nodes, the Access Point drops all ARP packets from stations on the WLAN where client isolation is enabled and which are destined to IP addresses that are not part of a per-WLAN white list.
Kindly let me know if that helps or you need further assistance.
Best Regards
Vineet
06-15-2022 09:09 PM
Hi @Vineet_nejwala, thanks for your explanation.
You mentioned that the isolation happens at the AP level, right?
The scenario I am facing is an MDU with managed WiFi with multiple APs across a campus. Residents should be able to connect with their DPSK to any AP and still be in their "Personal Area Network"; for example, if they connect for the gym, they should see their own smart home devices, but nobody else should see them in the network.
In other words the isolation, ideally, should be base don the PSK and not base don the AP. Is this something possible?
For reference, a similar function is what Extreme calls "Private Client Groups", where the PAN is created based on the PSK.
07-15-2022 04:25 AM
Hi imuccini,
You can achieve this by assigning different VLAN to your DPSK. You will need to tag the VLAN on the switch ports connected to the access points. No need to enable Client Isolation on the SSID.
VXLAN might also be an addition to this topic too, but you'll have to look into that (requires vSZ-D too).