Layer-2 isolation prevents direct communication between devices on the same Layer-2 network (e.g., Ethernet LAN or VLAN) while allowing communication with higher network layers.
- Blocking Rule: If a device’s MAC address is not in the Layer-2 isolation profile, it cannot communicate with other devices in the SSID where Layer-2 isolation is enabled.
- Functionality: Devices within the same Layer-2 domain (e.g., a switch) are isolated, but communication with different Layer-2 domains is allowed.
- Whitelist Effect: Since "VPN GW" and "Internet GW" MAC addresses are in the Layer-2 isolation profile, devices in the SSID can access them, enabling Guest Wi-Fi clients to reach the internet and intranet.
- Full Isolation: To isolate Guest Wi-Fi entirely, create a Layer-2 isolation profile without any whitelisted MAC addresses.
You can select a layer-2 isolation profile from the list to associate with this SSID. If none exist, you can use the Create new Object menu to create one. Layer-2 isolation prevents wireless clients associated with your Zyxel Device from communicating with other wireless clients, APs, computers or routers in a network. The disable setting means no layer-2 isolation is used
Nebula device Layer2 Isolation
Go to Site-wide > Configure > Access Point >SSID Advanced Settings
Standalone device Layer2 Isolation
This screen allows you to specify devices that your WiFi network users can access. To access it, click Configuration > Object > AP Profile > SSID > Layer-2 Isolation List.
More information can be found in the user manual for your specific device. Please download the user manual from our download library: Download Library