I have a ZoneDirector with the following settings: type Standard Usage, Open Authentication and WPA2/AES encriytion options.
How I can make clients connected to this WLAN can not access the configuration ZoneDirector and APs?
When you initially configured the ZoneDirector, one of the first things it requires is that you set a login password for the admin account. Unless you've given that password to your users, they will not have any access to the ZD administrative functions. The connected AP's inherit the same login credentials and so are similarly protected.
I meant how to make customers can not access the entry screen APs and ZoneDirector so they can not prove passwords. Ie access to the ips of the access points and the zone are refused or manage the configuration part is on another network.