Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 13238 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Isolation

CClasen
Is it the case that client isolation only works when using Separate Zone?  It doesn't seem to do anything for Bridge to LAN or Bridge to VLAN.


This thread was automatically locked due to age.
Parents
  • 0
    Ah, thanks, I think I see now.  You put these L3 rules only on the ports connected to APs.  The wireless clients can use the MACs of the wired devices and so use L2 to reach them, unaffected by the L3 limitations in the switch port connected to the AP.

    So, Client Isolation for bridge-to-LAN/VLAN SSID's would be possible by adding the MACs of the other APs to the "blacklist" in each AP (assuming that's the technique in use)?  I think you have a Feature suggestion there!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Ah, thanks, I think I see now.  You put these L3 rules only on the ports connected to APs.  The wireless clients can use the MACs of the wired devices and so use L2 to reach them, unaffected by the L3 limitations in the switch port connected to the AP.

    So, Client Isolation for bridge-to-LAN/VLAN SSID's would be possible by adding the MACs of the other APs to the "blacklist" in each AP (assuming that's the technique in use)?  I think you have a Feature suggestion there!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML