This is continuation of my earlier topic:
I have four AP's and one router. All of them run OpenWRT. They work fine for trusted clients, which roam freely.
I have also created additional "Guest WLAN" across my four AP's. Guest WiFi traffic is tagged as VLAN 5 which is then handled in router by specific "APGUEST" interface and routed according its own firewall rules. It too works fine except one thing: devices can ping each other as soon as they are connected to different AP's. I would like to "isolate" WiFi clients so they can only surf the Internet but not talk to each other. But they should still be able to "roam" between AP's (which have same SSID's and passwords. Preferrably with 802.11r enabled, if possible).
How do I isolate clients coming from different AP's? (ebabling "client isolation" in WiFi seems to take care of isolation within the same IP).
Should I create four different VLAN's for each AP and four Interfaces take care of it's traffic? That would probably work but I do I make sure client retains its IP across all four interfaces?
With other words, I would like client to receive IP 192.168.5.130 from DHCP when connected to AP1, be able to "roam" to AP2 or AP3 while retaining that IP, all while being "isolated" from other clients, which might be connected to same or different.
Is this doable? Thanks!