Hotspot via l2 tunnel only without client Isolation?

Hi together, I am a little bit confused… I use E510, E600 AP’s via L2 Tunnel to connect to a Mikrotik Hotspot.
I also choose Client Isolation = “Network Wide”.
I was not able to connect to the Mikrotik Hotspot. I didn`t get an IP. After hours of testing I found out, that with disabled “Client Isolation” I had no problems with connecting to the hotspot via L2 Tunnel.
I use firmware 4.2.2-r5 on the AP’s.
I dont understand, why I can not connect via L2 tunnel to the mikrotik hotspot with enabled Client Isolation?

Do you have to whitelist the hotspot?

No, I didnt whitelist the hotspot… but I also use AP`s (E500) without L2 tunnel in the same location. Here I have also enabled “Client Isolation = Network Wide” without any trouble…
For me, it seems, that the E510 and also E600 handles Client Isolation in a different way or perherps it is the tunnel mode…
Will it work with a whitelist hotspot? Which mac I have to use? The mac from the tunnel or from the microtik?

Using Ruckus, I have to whitelist the MAC address of the interface where the DHCP-Server and Gateway sit.

So usually I have to select the MAC of the VLAN 69 interface. Which sits on my bridge.

@Oliver_Behrens
For “Client isolation-Network-Wide” feature no need to add any MAC entries.
If it is “Client isolation-Network-Wide-Static” then need to add the MAC entries of the different gateway to which clients wants to communicate.

With E500 without L2tunnel you are not facing any issue. Can you please enable L2tunnel and see are you facing any issue or not ? I feel some settings need to be changed in L2 tunnel

Mean while can you please share me the microtek and AP techsupport files to my email id
ashok.kumar@cambiumnetworks.com

Techsupport file will be available in following location

  1. Login to AP
  2. Navigate to Operations
  3. Under System you can download the techsupport files using “Download Tech Support” option

Thanks @Oliver_Behrens I have received the techsupport files. I will go through the logs and update you.

Client isolation set to “network wide static” on my XV2-2, on current firmware, is allowing communication with non whitelisted hosts.

@Ashok
Perhaps you and Gary can compare notes?