I have a Netgear SXK80 setup, which consists of an SXR80 router device and two SXS80 satellite devices (dumb APs).
Following the instructions of the documentation page "B.A.T.M.A.N. / batman-adv", I have been able to configure a batman-adv mesh network between the 3 devices successfully.
I have set up several VLANs. On a Guest VLAN, enabling AP Isolation is common practice. For the other VLANs, I do not want AP Isolation.
I have been testing AP Isolation on a Guest VLAN 'bat0.40'.
By adding "option ap_isolation 1" to the wireless interfaces for the Guest VLAN on all devices, clients connected to the Guest VLAN via the same AP (e.g. SXS80-1) can't detect eachother and can't communicate with eachother. So far so good.
However, if client A is connected to the Guest VLAN on SXS80-1 and client B is connected to the Guest VLAN on SXS80-2, they by default can detect and communicate with eachother, because the batman-adv mesh network comes into play.
Apparently, it is possible to tell batman-adv to isolate clients on a single VLAN. In this case, the command to execute is:
batctl vlan bat0.40 ap_isolation 1
After executing that command on all AP devices, clients connected to the Guest network via different APs can no longer detect eachother or communicate with eachother.
It has taken me considerable time to find out that this could be done, and I'm still not clear on how to configure this via LuCI, 'uci' or in "/etc/config/network".
This information is certainly useful and possibly important to everyone that sets up a Guest VLAN with batman-adv, and wants AP Isolation on their Guest VLAN but not on other VLANs.
I'm new to OpenWrt and to batman-adv and don't feel like I know enough about it to document this myself.
Could someone document this?