This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Ruckus Wireless
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

R510 Unleashed: Isolate some clients (Wireless client isolation vs ACL?)

PeterPan
New Contributor

‎01-15-2026 03:54 PM - edited ‎01-16-2026 12:26 PM

Hello everyone,

after searching the web and this forum for quiet some time I could not find a clear answer or explanation to my question.
I have a wifi where I want to isolate all devices except 2, that need to be able to communicate with each other. The "Wireless Client Isolation" options in the "Others" tab of a WLAN will not work since they isolate everything or they permit every device to access the two devices that should only talk to each other.
Therefore i hoped that I could make use of an Layer 3/4 ACL in the "Access Control" tab.

in addition to the two predefined rules (DNS and DHCP) I added

Allow 192.168.90.10/32 to 192.168.90.11/32 with every option set to "Any"
Allow 192.168.90.11/32 to 192.168.90.10/32 with every option set to "Any"
Deny 192.168.90.1/24 to 192.168.90.1/24 with every option set to "Any"

ecd86861-aef9-414a-a81f-bee070c9cfb6.png

 

 

 

 

With this setting in place I can still ping every device from every other device on the WLAN.
If I enable "Wireless Client Isolation" in addition to the ACL, even the two allowed devices stop communicating, to this option seems to have a higher priority that the ACL.

All the testing I have done seem to show that Layer 3/4 ACLs are not working. So my questions are:

  1. How do ACL and Wireless client isolation interact with each other?
  2. How are ACLs supposed to work?
  3. How can i isolate all clients except specific ones?

Ruckus R510 with Unleashed 200.15.6.212.27

0 Kudos
3 REPLIES 3

PeterPan
New Contributor

‎01-16-2026 12:12 PM - edited ‎01-16-2026 12:20 PM

After some more research it seems that specific IP addresses or subnets in the Source and Destination field will make a rule getting ignored. In this case, the choosen default action (allow or deny) will be applied. The only way to have an ACL rule getting applied is when Source and Destination are set to ANY.

For testing I created the following example:
Default = deny
Rule 3 = allow ANY
--> traffic is allowed

b77dc491-0197-4e35-ae19-8d6a95ba5a1e.png

 

 

 


When i enter an IP adress or subnet in either Source or Destination Field or both, all traffic is denied even though all devices should be able to contact 192.168.90.10.
Default = deny
Rule 3 = allow Source 192.168.90.1/24 to Destination 192.168.90.10/32
--> All traffic is denied.

e65f3981-ddca-47d7-9a25-0d4e3782c2ee.png

 

 

Can someone confirm this?
Is there someting obvious I am missing?

0 Kudos

PeterPan
New Contributor

‎01-20-2026 01:55 PM - edited ‎01-20-2026 02:30 PM

Bump.

is annyone able to test and confirm this behaviour or to point out the mistake i made while creating the rules?
Any help is appreciated.

0 Kudos

Rohit_W
RUCKUS Team Member

‎04-17-2026 09:55 AM

Hi Peter,

I would recommend you to create a ticket with us to troubleshoot this issue.

Please use the below link to create a new ticket:
https://support.ruckuswireless.com/contact-us

Regards,
Rohit Walawalkar
Technical Support Engineer -EMEA
Work Hours: Monday-Friday, 9 AM to 5 PM GMT
Location: India

0 Kudos
Copyright © 2026 Khoros, LLC