Hello everyone,

after searching the web and this forum for quiet some time I could not find a clear answer or explanation to my question.
I have a wifi where I want to isolate all devices except 2, that need to be able to communicate with each other. The "Wireless Client Isolation" options in the "Others" tab of a WLAN will not work since they isolate everything or they permit every device to access the two devices that should only talk to each other.
Therefore i hoped that I could make use of an Layer 3/4 ACL in the "Access Control" tab.

in addition to the two predefined rules (DNS and DHCP) I added

Allow 192.168.1.10/32 to 192.168.1.11/32 with every option set to "Any"
Allow 192.168.1.11/32 to 192.168.1.10/32 with every option set to "Any"
Deny 192.168.1.1/24 to 192.168.1.1/24 with every option set to "Any"

With this setting in place I can still ping every device from every other device on the WLAN.
If I enable "Wireless Client Isolation" in addition to the ACL, even the two allowed devices stop communicating, to this option seems to have a higher priority that the ACL.

All the testing I have done seem to show that Layer 3/4 ACLs are not working. So my questions are:

1. How do ACL and Wireless client isolation interact with each other?
2. How are ACLs supposed to work?
3. How can i isolate all clients except specific ones?

Ruckus R510 with Unleashed 200.15.6.212.27