SCENARIO : Configure Client Isolation 

CATEGORY : Security  

PURPOSE / USE CASE : Prevent peer-to-peer access on same SSID 

STEPS TO TEST : Enable isolation, ping between clients 

 

 

Guest Isolation (sometimes called AP Isolation or Client Isolation) is a network security feature that prevents devices connected to the same Wi-Fi SSID from communicating directly with each other. 

It’s commonly used in guest networks to protect connected clients from snooping, hacking, or spreading malware. 

 

HOW IT WORKS: 

When Guest Isolation is enabled: 

  • A client can still reach the internet. 

  • But it cannot reach Other wireless clients on the same SSID. 

  • The AP/firewall blocks Layer 2 traffic between clients. 

 

TESTING GUEST ISOLATION: 

  1. Connect two devices to the guest Wi-Fi. 

  1. On one device, get the IP address of the other (e.g., ipconfig or ifconfig). 

  1. Try to ping the other device. 

  1. If enabled, pings fail, and connections are blocked. 

  1. Optionally, use a network scanner (like Fing or Angry IP Scanner). 

  1. If enabled, the other client won’t appear. 

 

 

HOW IT WORKS: 

Step 1: 

Onboard RAY Access Point in RAY cloud controller. 

Step 2: 

Configure Desired Network Interface so that we can attach it while configuring SSID. 

 

 

Step 3: 

Create WLAN for broadcasting SSID. As shown in the screen capture, we must give the WLAN name, SSID name and attached network Interface that we have created for the Accesspoint. Configure password that client / user has to enter while connecting to the same SSID if applicable. 

For enabling guest Isolation, we must select Guest Isolation under advanced section.