This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why Is Bridge Mode An Option For Guest Network?

Hello,

I'm trying to figure out why "Bridge Mode" is even an option under guest network. The documentation says it can be enabled to pass guest VLAN's to the bridge. Which really doesn't make any sense because the same can be achieved by simply VLAN'ng an SSID and setting up the appropriate firewall rules. If anything, having the Bridge option under Guest will give people a false impression as to it's functionality, seeing how if enabled, with no VLAN specified for the SSID, it simply passes traffic to and from the main network with no Guest isolation.



This thread was automatically locked due to age.
Parents
  • Hi,

     

    Guest NW with bridge mode differs from VLAN in the way that you don't need a VLAN for a separation: it will filter all traffic and will only allow communication to the gateway, the DNS server and external network. Thereby you can add a guest NW to an environment without VLAN and still have an isolation. 

    The difference to NAT mode is that the DHCP server is still in the customer network. By this, roaming between APs works flawlessly. With NAT mode, every guest NW on each AP is isolated and roaming cannot work flawlessly.

     

    As you already pointed out, based on the documentation, this behaviour isn't described correctly. We will extend the documentation.

     

    Kind regards, 

     

    Dirk Bolte

Reply
  • Hi,

     

    Guest NW with bridge mode differs from VLAN in the way that you don't need a VLAN for a separation: it will filter all traffic and will only allow communication to the gateway, the DNS server and external network. Thereby you can add a guest NW to an environment without VLAN and still have an isolation. 

    The difference to NAT mode is that the DHCP server is still in the customer network. By this, roaming between APs works flawlessly. With NAT mode, every guest NW on each AP is isolated and roaming cannot work flawlessly.

     

    As you already pointed out, based on the documentation, this behaviour isn't described correctly. We will extend the documentation.

     

    Kind regards, 

     

    Dirk Bolte

Children