Hello. I walked into a situation that has 4 Ruckus R500 access points. There are 2 SSID's being broadcast, both on VLAN1. One is a private network that has no restrictions other than WPA2 password, the other one has the additional 2 checkboxes set to enable guest isolation (under advanced settings, then on the other tab) and also has a guest isolation whitelist enabled.
The whitelist initially had 1 entry which was the mac address and IP of the gateway. This works, and allows internet access. Removing this makes internet access/dhcp/dns stop working on the guest network (which is not an issue, leaving this enabled)
I have a google chromecast on the normal SSID that has no restrictions. People on that same network can use it just fine. I added it to the same client isolation whitelist though, and cannot ping it / see it / cast to it consistently. The odd thing is that I could very sporadically see/ping it, which I believe to be just a fluke as it only lasted around 30 seconds.
I have updated to the most current firmware as they were 2 years out of date.
Any ideas on what I can try to make it so that this isolated network has a consistently working mac/ip based whitelist? This is also setup as a a Ruckus Unleashed network where one of the APs at any given time is the Master/Controller. I have tried rebooting APs to make a new Master take over, and nothing has changed. I have also tried joining the chromecast to the client-isolated SSID, and that makes it so that neither private network or isolated network can see it consistently.
These SSIDs are on the same VLAN / subnet / dhcp server. As a temporary bandaid, I have made a L3 ACL list that allows all by default but had 2 deny rules where guests cannot hit our server or hit our phone system. I need to find a way to make it so guests cannot hit anything though, except for this chromecast, and the whitelist seems to be failing me. Is this a limitation due to the chromecast also being on the wireless, and in order to turn on the option "Isolate wireless client traffic from all hosts on the same VLAN/subnet", I have to first turn on the option "Isolate wireless client traffic from other clients on the same AP", and maybe the whitelist isn't applying to devices on the same AP and is only applying against the subnet/vlan? If that's the case, I'll just buy a $15 ethernet adapter for the chromecast and be done with this weird problem.