Wed Sep 14, 2022 9:47 pm
At least for the Zyxel APs I used so far, intra-bss blocking blocks communication between clients (STAs) on the same AP using the same SSID, independent of 2.4/5GHz band.
Other brands calls the same feature client isolation. This is often used for public APs in Hotels, Bars, Shops etc. for security reasons.
As long as there is no FW bug, this is safe. Because of how WiFi works, clients (STAs) cannot talk to each other without going through the AP. So it is easy to block on the AP.
For different SSIDs on the same AP, as others suggested it is recommended to configure a different VLAN for each SSID on the Zyxel AP. This allows you full flexibility on the RB5009: Bridge SSIDs to same L2 domain, run different IP subnets with routing and FW forwarding rules between SSIDs, or complete isolation.