Posted: Mon Aug 29, 2016 11:56 Post subject: AP isolation not working properly
I'm using DD-WRT on 2 TP-Link Archer C7s. Both running 30082 and installed as dumb wifi ap. DHCP/DNS etc is done by my pfSense firewall.
On both I have created 6 SSID's:
3 on 2.4GHz and 3 on 5GHz.
On both bands I have a guest SSID. I want the guest SSID to be isolated.
So on all guest SSIDs I have ticked the box Ap Isolation.
When connected to the guest SSID, I can still ping other clients and do a network scan and find them.
Also I can access services (web server) running on a wireless guest client. But some other devices cannot be found at all.
Why are some isolated and some are not?
Am I missing the point here or does it not work correctly?
I already use different VLANs for normal and guest network.
I just want the wireless clients connected to the guest SSID to NOT communicate with each other.
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Tue Aug 30, 2016 7:31 Post subject:
u probably have the vaps bridged, u have to select unbridged, give them whatever subnet u want, and enable net isolation for the vap. u will then need to add dhcp service to each of those vaps' subnets.
ap isolation just stops wifi clients from communicating with other wifi devices. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
ap isolation just stops wifi clients from communicating with other wifi devices.
That's the "feature" I want .
Is it possible to do without DHCP?
I have a firewall/router (pfSense machine) already in my network.
The DD-WRT devices are dumb ap, and need to stay that way.
Can't I just use unbridged only, and still use DHCP on my firewall/router?
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Tue Aug 30, 2016 8:16 Post subject:
when i try it it works fine but thats when the ddwrt router is in command of the network, try inputting the main routers dhcp ip and see what happens. having the vaps on another subnet with dhcp shouldnt interfere with the host router dhcp, its only local at the ddwrt device per vap, beyond that host router is still giving ddwrt a dhcp (which it sees as wan ip). _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Basic Wireless Settings
Use a web browser to connect to your router's web GUI. Navigate to the Wireless -> Basic Settings page and under the Virtual Interfaces section press the "Add" button to add a new virtual interface. Leave the Network Configuration set to "Bridged" for all interfaces regardless of whether you want to bridge them or not because "Unbridged" has unresolved bugs at the time this was written (svn 13312). To get a working unbridged interface we will actually assign it to its own bridge later on. You may change any of the other settings to your liking..
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Tue Aug 30, 2016 9:15 Post subject:
thats old, years ago it was the way it is now, then went to needing to have it on a separate bridge, now back to the way it is now. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers