I've been trying running my hAP ax2 is an AP + gateway (the typical home router setup), but now I'm looking to change it to serve as an access point with a remote gateway (a pfSense firewall I got from work that was gonna be tossed).
I have a simple setup:In addition to my hAP ax2, I'm planning to buy another one to hardwire to a more remote location on my property that is out of range for my single AP.
- VLAN 1: the management network, only available via a physical ethernet connection
- VLAN 100: the main wifi VLAN
- VLAN 101: IoT wifi VLAN
What I'm looking to do with this is the following: ensure that the IoT wifi clients cannot talk to each other, only the gateway (at 192.168.101.1).
My question: is it possible to enforce client isolation across a wider network, i.e. so that each member of the IoT VLAN can only communicate with the gateway?
I know how to do this for a single AP (with client isolation and/or bridge filter rules), but these techniques don't isolate clients between the APs -> while two isolated clients on the IoT network on the same AP can easily be blocked, a client on the remote AP would still be able to communicate (because it would have to go out the same ether1 that it would for the firewall / gateway).
I understand the basics of how I can turn on "Use IP Firewall" and "User IP Firewall For VLAN" for the bridge (to send all packets, even those that would be bridged and not routed, through the firewall rules), but I don't know how to express the following rule in the firewall: for the IoT VLAN, the only valid destination for packets going out the uplink (ether1) is the MAC address of the gateway (IP: 192.168.101.1).
My current hacky plan is to just create another VLAN (102) and use the single-AP isolation techniques, and isolate them at the firewall, but I'm wondering if there's a better way than creating a single VLAN per AP for this.
Hopefully the question I'm asking is clear, but I'm still new to networking [https://apkoyo.com/remini-mod-apk/][/url]Remini Premium Unlocked All MOD APK so I may have used the wrong terminology!
Statistics: Posted by daryalmitchell — Fri Jan 26, 2024 4:51 pm