Hi, I just installed a Hex S router. I want to separate trusted wifi devices from untrusted ones. All devices are on the same 192.168.10.x subnet. They need to be on the same subnet because they all come in from wifi system on ether 2 of the router. I can’t get these 2 rules to work. 192.168.10.3 can still ping 192.168.10.200 for example. If the firewall rule was working this ping should fail.
You cannot.
You are hamstrung by whatever device is coming in the WIFI.
Stupidly dumb wifi devices internally create a faux guest network.
This network uses the same LANIPs but is isolated from the other wifi users and also are isolated from any LAN users on the same subnet but wired.
They can only go out internet from what I understand.
So the only option is to get a business class AP, TPLINK makes several, and of course MT makes many wifi devices
I configured multiple VLAN’s through (wireless) accesslists. This way, I assign different VLAN’s (trusted/guests/untrusted) and have easy control over authorization. Only requirement is that you use AX devices (not sure if this can be accomplished with legacy wireless driver as well).
I think water broke through the dykes and got into your ears.
The chap doesnt need such fancy stuff.
A. Basic need, two separate VLAN to separate guest users and trusted users each one tied to the approriate WLAN and different security settings.
B. More advanced need, invoke isolation between wifi users on the same vLAN and WLAN – use datapth setting
C. Very advanced need, invoke isolation between wifi users and WIRED users on the same VLAN.
( use bridge port settings to same horizon VALUE - which will prevent their ability to interact )