i searched the forum for similar topic and i didn’t find a solution yet for this
i made the following :
bridge - use ip firewall
wireless AP- uncheck default forward for all AP
firewall - make add list from ip pool for each DHCP on which needed to apply rule
firewall - filter rule - add chain - Forward -advanced src add list -dst add list -action reject
the problem is when i ran an ip scanner like FING i can still see all connected devices on same subset . its like that client isolation is not effective and its not preventing scanner apps from seeing other connected devices..
@anav
forgive my lack of explanation . and thankyou for your reply .
i am not an expert at this and i will try my best to meet your points ..
1- my network is simply an internet guest network .i am using RB951Ui as internet gateway and same device as wifi AP connected to each LAN port with different bridge and DHCP pool for each .
i am using simple queue to control traffic added manually . each DHCP client is made static .
2- how to exclude all sensitive data when exporting config file ? like public ip , serial , isp details …
3- all users are wireless mobiles. there is no servers or NAS on this network. so i just need to give them bandwidth controlled internet .
i mean i have some noosy employees who might use spoofing tools like wifikill and i want to identify or at least prevent them from doing so ..
so i made some search and found that wifi client isolation is a good way to do it .
but its not working for some reason . i explained the steps i made in my first post ..
my firewall rules is also simple i just added a rule to detect and block WAN port scanning , drop invalid connections and accept good ones ..