How to use smart isolation to limit client access to your network

How to use smart isolation to limit client access to your network

What is "Smart Isolation"?

Smart isolation is a proprietary feature available on IgniteNet APs that allows you to restrict access to local resources for ephemeral Wi-Fi clients, such as Wi-Fi clients connected to a hotspot, a guest network, etc...

There are different levels of restriction, as explained below:
  • Disabled (default):
    Smart isolation is disabled.  Clients are not restricted from accessing local resources, such as print servers.  This is the correct option to choose if you trust the clients that will be connecting to your network.

  • Internet access only:
    Clients are only allowed to pass traffic to the network upstream from the AP's gateway. (This is generally "the internet").  This is the correct option to choose for hotspot users or users connecting to a guest network.

  • LAN access only:
    Clients can only reach other devices on the local network, but not beyond it. Note: This is not a commonly used option and used mainly in educational settings where you only want clients to access local resources. 

  • Internet-only (strict)
    This is the same as "Internet access only", but with the additional restriction that users can not access resources or devices on any private network (192.168.0.0, 172.16.0.0, 10.0.0.0, etc...)This is useful if your AP is double NAT'ed and the network upstream from your AP's gateway is another private network. 

How can I enable Smart Isolation?

You can enable Smart Isolation from the IgniteNet Cloud site-level or device-level configuration pages.  

If you want to enable it on one of your local subnets, go to the Local Networks tab:



If you want to enable it on your captive portal/hotspot, go to the Hotspot tab:








    • Related Articles

    • Configuring Network Behavior

      What is 'Network Behavior'? You'll see a network behavior setting for each wired (ethernet) or wireless interface (virtual AP or STA) on your IgniteNet APs.  This setting tells the device how to treat the specified interface from a networking ...
    • What is the default IP address of my access point?

      WAN/PoE port: The WAN port by default will receive a DHCP client address if it is connected to a network with a DHCP server. If no DHCP server is present, the AP will revert to a fallback IP address of 192.168.1.20 and a subnet mask of 255.255.255.0. ...
    • How do I access the web management GUI from my access point's WAN port?

      The WAN port by default will receive a DHCP client address if it is connected to a DHCP server. If no DHCP server is present, the AP will revert to a fallback IP address of 192.168.1.20 and a subnet mask of 255.255.255.0. To access the AP's web ...
    • Can I reset my access point to factory defaults from the shell?

      Yes, here's how you can reset your access point to factory defaults: SSH into the device with your administrator username and password (default pair is "root", "admin123" respectively). Use the command "reset_to_defaults.sh -y" to reset your device.
    • Firmware Downloads (HeliOS-W2R: Spark W2 Mini)

      Supported models The firmware on this page applies to the following Wi-Fi product models:     SP-W2M-AC1200-XXX (Spark Wave 2 Mini AC1200) SP-W2M-AC1200-PoE-XXX (Spark Wave 2 Mini AC1200 w/PoE)  Service Releases v2.3.0 (Beta) Downloads Download Spark ...
      Didn't find what you were looking for?
    Or
    Email Us: support@ignitenet.com
    (Please remember to submit TS file)
    (Please note, by clicking 'Create Support Ticket' you will be redirected  to our new Edgecore System Portal, please register your ticket via our Edgecore System as IgniteNet is now part of Edgecore.)