I want to set up internet guest access with my WAP371. No matter what I do the guest can see my whole network. They should be able to use internet (guests) but not connect to LAN devices (server shares & other computers etc.).
I have Captive Portal enable on the WAP371, then everything works perfectly but after login to the guests wifi I can ping/browse other LAN devices. Any idea how to accomplish this with this WAP371?
RADIO1: SSID: INTERNALAP - clients can access all network and internet.
RADIO2: SSID: GUESTS - Captive Portal, internet access but no production network access.
Devies: x4 WAP371-E-K9 V01
Active Firmware Version: 18.104.22.168
Unmanaged switch / no VLANs
Not sure if it's still of interest for you, but the solution is to use a VLAN capable managed switch. Something like the SG200, SF200 or SG300 SF300 series.
The whole idea of isolation is based on mapping SSIDs to VLANs for exapmple SSID INTERNALAP is mapped to VLAN 1 (default VLAN) while SSID GUESTS is mapped to some other VLAN which of course needs to exist on your switch and depedning on your setup even on your router.
If you take a look at the Admin Guide of the AP and says a Cisco Small Business SG / SF switch you'll find in-depth explanation of SSIDs and VLANs and their configuration and operation.
I have the same AP connecting to an SG300-10MP switch with VLANs configured and an RV325 router also with the same VLANs configured and everything works fine: when connected to my Guest Wi-Fi only internet is accessible the whole LAN is hidden.
Hope this helps