ACL , Client Isolation with Guest Wi-Fi and Token Access

When we use cnMaestro to set any ACL, the token access stops working or the SSID stops working. Setting client isolation works for the local network but similar to many other organisations, we are multi-site and use an MPLS.

Using client isolation, all our servers in Azure are accessible via Guest Wi-Fi as they are on the MPLS and a different IP range. To us, ACL should be usable with Guest Wi-Fi token access. It seems to be a bug in the cnMaestro system.

Even if we could prevent access to a list of IPs or MAC addresses on guest Wi-Fi, that would still achieve what we want to do.

Has anyone resolved this challenge as Cambium support’s current solution is to use an ACL on our firewall instead? Unfortunately, this would mean we would need to create a new guest Wi-Fi network and have separate units handling guest Wi-Fi. A lot of work and cost!

Simple way is to use firewall on the SSID :slight_smile:
Block broadcast, access to azure :slight_smile: