That isn’t necessary because the ap itself really isn’t a security threat. But if you want to do that, you’d add a rule.
config rule
option name 'block-ap-to-router'
option src 'lan'
option proto 'all'
option src_ip '192.168.10.2'
option target 'REJECT'
Meanwhile:
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! 