We will here describe how you configure blocking traffic between guest and employee SSIDs.
The answer is to use L2 isolation. Layer 2 isolation will only allow the traffic of whitelisted destination MAC addresses. In this case, if we configure L2 isolation and limit the traffic of guest SSID, the traffic outgoing from guest SSID will not be able to pass through.
*Note that L2 isolation only applies to SSIDs under the same subnet, if SSIDs have different LAN subnets it is up to the switch or gateway to block traffic with ACL or firewall rules.
AP > Configure > SSID overview
select the guest SSID and enable Guest Network
If your network is VLAN supported proceed with step 2.
Otherwise, you are finished with the configuration.
• Enable L2 isolation in your SSIDs settings via
Access Point > Configure > Authentication
and input the MAC address of the gateway PORT where the uplink is, to allow clients to have internet access.
*If you don't know the MAC address of the gateway Port, you can connect under the network and in your CMD or terminal input "arp -a" to find the gateway MAC.
• If there are other devices in the network that should be allowed to connect, simply press "Add" to create a new entry and enter the MAC of the device.