How to separate guest network traffic in bridge mode


  • I have an Amplifi HD and two mesh routers. Recently bought a Netgate firewall that I want to use as my primary router. I also have several wired clients connected to an HP ProCurve switch. Currently the Amplifi is the router and is connected to the switch via LAN port.

    My plan was to connect the Amplifi's WAN port to the switch and connect the switch to the firewall's LAN port, and put the Amplifi in bridge mode.

    My question is about the Guest wifi network on the Amplifi. Is it possible fro me to segregate guest network traffic from my wired LAN clients? Are they on a separate VLAN? I would like to prevent guest network clients from accessing my LAN.

    I'm not clear on if/how this would work with the Amplifi in bridge mode. Any pointers appreciated.


  • @Mark-Russell Hi, even in bridge mode the Guest network is using client isolation and a user on the guest network will not be able to access the LAN.


  • I have basically the same setup, with a pfSense firewall set as my router and an Amplifi HD in bridge mode behind it. I just tested putting my phone in the guest network and it can't see wired devices in the main network, so the guest network is working as expected. I only have a dumb switch between the pfSense and the HD so it can't be using VLANs for the separation. It must just have a rule on the HD only allowing guests to see and talk to the default gateway.


Log in to reply