Guest isolation: how is it achieved?
MakaanPL last edited by
I am considering AmpliFi as wireless platform to achieve good coverage and seamless roaming, but also perfect isolation of guest WiFi. Network owner would like the UI/UX of AmpliFi as he's not really tech-savvy. Other AmpliFi capabilities aren't enough, so I'd use bridge mode with a more advanced device as a router, with Teleport for remote management
How exactly does guest isolation work under the hood, especially when main AmpliFi device is in bridge mode?
So far I have collected the following information – is it true?:
- (support chat) even in bridge mode guests are in separate subnet and the main AmpliFi device has a DHCP and PAT for them,
- (quote from chat on other forum) mesh points, wired or wireless, do not rely on additional VLAN to connect guest WiFi to main device, but use GRE tunnel instead,
- are all guests isolated from each other regardless of the AP and 2.4/5 band used?
- is AmpliFi device dropping connections to LAN subnet before applying PAT?
- (if yes to above) does it block access to other private subnets as well?
- is PAT IP (the one visible to the router) different than main Amplifi's LAN IP?
- (if no to above) what outbound ports/services must be allowed on router to let AmpliFi main device use all features, while still filtering guest access from PAT IP?