Some of the newer routers on the market have a AP Isolation, Wireless isolation, Client Isolation or Station Isolation feature that will let you lock down your Wi-Fi network. This feature is perfect for businesses that have public Wi-Fi networks or if you are one of those individuals that’s just a little paranoid.
This feature both confines and restricts clients that connect to your Wi-Fi network. They will not be able to interact with devices that are connected to your secure wired network, and they won’t be able to communicate with one another. They will only be able to access the Internet.
How to make it work
On standard home routers that utilize standard settings, every device that connects to the router is treated as if it is part of that local network and it can communicate with every other device on that network. It doesn’t matter whether it is a mobile device connected to the Wi-Fi network or a server that is connected to the wired network, all of the devices are able to communicate with each of the other devices on the network. It’s apparent that this might not be an ideal situation.
For example, if your business has public Wi-Fi network, you will want to make sure that those clients who connect to your public Wi-Fi network are not able to access your servers or any of your peripherals that are connected to the wired network. You likely will not want devices that connect to the wired network to talk with each other, because if there is an infected system using the public Wi-Fi network it has the potential to infect any other vulnerable system. In addition malicious users could try to gain access network file shares that are insecure. You want to provide Internet access to only your clients, and no one else.
At home, most of us run a single router and then we connect a variety of devices. You might have a server connected to your wired network or you might just have a wired desktop systems that you want to ensure is secure. You might still prefer to offer Wi-Fi access to your guests on your encrypted network; however, you might not want your guests to have total access to the entire wired network and your devices that are connected to it. They might have computers are infected and you want to minimize any damage that occurs as a result of this.
Wireless isolation vs. guest networks
The Guest Network features on your router can function in the same way. Router can have both features, one of the features, or no features. It is quite common for your home router to not have any Guest Network features or Wireless Isolation.
Usually your Guest Wi-Fi network features provide two separate Wi-Fi access points — a primary access point, which is secure and this is the one you will use and then an isolated access point for your guests to use. Any guests who join your guest Wi-Fi network will be on network with Internet access that is completely separate from yours, and which is blocked from talking to the main wired network. They will also not be able to communicate with your primary wireless network. You may even be able to set ups separate restrictions/rules for those using your Guest Wi-Fi network. For example, you might disable Internet access on the guest network during specific hours, but at the same time have no time restrictions on your internet access for your primary network. If your router doesn’t have this feature, you can install DD-WRT to get it. Just follow the setup procedure.
Wireless Isolation features are not as sophisticated, enabling only the isolation option and the clients that are connected to the Wi-Fi network will have their communication blocked with other devices that are on the local network. Using firewall rules, the clients that connect to the Wi-Fi can communicate only with the Internet, not with other machines on the wired network and not with each other.
Enabling wireless isolation
If you like the features of your router, you will find this option in your router’s web interface but this feature is not offered on all routers, so you may not have it on your current router. You will usually find this option under the advanced wireless settings of your router. For example, on some Linksys routers, you will find these settings under Wireless > Advanced Wireless Settings > AP Isolation.
On other routers such as NETGEAR the option is often found on the main wireless settings page. This feature is referred to differently by various manufacturers but usually the word ‘isolation’ is in the name.
When you enable these features it stops the function of certain wireless features. For example, Google’s Chromecast help notes say that if you enable AP Isolation it will stop the function of Chromecast, which needs to communicate with other devices on your Wi-Fi network – but wireless isolation blocks this communication.