Hello! I am testing out a Pepwave AP One Mini, hoping to deploy these APs for a number of my clients. I do NOT have a Peplink router in place in this test scenario, just a single Pepwave AP One Mini connected to a simple non-Peplink router.
I trying to create a guest SSID that allows guests to access the internet but not access anything else on my LAN. I created a SSID via incontrol2 and selected both “Layer 2 Isolation” and “Block LAN Access”, but I can still ping other devices on my LAN when connected to that SSID. Perhaps I need to have a Peplink router in place for this feature to work? It doesn’t seem to mention anything about such a requirement in the Pepwave AP manual.
The router is handing out the IP addresses via DHCP, the Pepwave is just set as an AP. The router is just handing out 192.168.1.0/24 range IP addresses regardless of what SSID you connect to, I don’t have any VLANs set up.
Thanks Don_Ferrario that’s what I had been trying but it didn’t seem to be working. I have come back to it now and it does seem to indeed block access to other devices on the local network!
So I’ve done some further testing and this is what I found.
SITUATION 1: Peplink Balance Router acting as DHCP (no VLANS set up) with AP One managed through AP Controller in the Balance Router
In this situation when I clicked “Block LAN Access” on the AP it worked even when I did no special setup on the Balance and it had no VLANS and a single IP range
SITUATION 2: ISP Provided Router acting as DHCP with AP managed through InControl
In this situation when I clicked “Block LAN Access” on the AP it didn’t seem to have any effect and I was able to access LAN ips
Any thoughts on this? Seems that maybe a Peplink router is required even though there is no special setup needed on the router? Is there no way to get block LAN access to work if the AP isn’t behind / being managed by a Peplink router?
but I suspect what will happen is that the packet will still flow up to the isp router see that it’s on the same subnet and then direct access it.
Other options would be if the ISP router has a firewall to prevent traffic flowing between lan ip’s
Other option would be to put your AP in router mode instead of bridge mode, having the AP hand out a different ip range, then you may have more control on blocking.
I had the Block All Private IP working when I had the AP configured for local or AP controller management, it just wasn’t working for InControl management. I submitted a ticket to Peplink support and they applied a patch, so it is now working when AP is being managed by InControl as well!