I know this has been discussed a lot and I have read many posts. But I’m still confused. This is what I’ve gleamed. “Layer 2 isolation” will separate wifi clients from each other and “guest protect” will keep them from seeing the wired clients. But I also read “guest protect” had to be supported by the router. My AP One AC Minis have a setting for “guest protect” > “block LAN access”. Does this not work unless you’re using a supported Peplink router? Or does it only work when you’re using your APs in “router” mode?
Is there a way to identify wifi clients that should have full access to the LAN vs. guest clients that should only have internet access when using the same SSID? MAC filtering doesn’t seem to be the answer. It simply allows or denies access to the LAN, not a distinction between full access and guest.
Is the best or only way to isolate guest wifi clients to the internet, to give them a separate SSID to connect to and then enable layer 2 isolation along with guest protect block LAN access?