Prevent devices from being discovered in network

Hi guys.., I hope someone will understand my explaination. Here's my setup, both my OpenwrtAP(TPLink CPE220) and my other AP(Unifi AC-M) is connected to a modem where the modem is the one who gives them IP address. Now, I want to isolate all the devices connected from them so that they won't be discovered when using a network scanner like Fing. In AP(Unifi AC-M), I managed to isolate the client by using L2 isolation and Guest Policy enabled. The problem here is my OpenWrt AP, I already set the wifi isolation, it works when I'm connected to the OpenWrt AP but when I connect to AP(Unifi AC-M) and begin to scan using Fing, I can see all the devices that is connected to OpenWrt AP. All the devices that is connected to AP (Unifi AC-M) are no longer discovered which is Good. So anyone know how to isolate all the devices connected in my OpenWrt AP? so that it won't be discovered even if I'm connected in another AP? I hope someone gets my point. Thank you.

Use a seperate vlan for the AP


A dumb AP can't do any firewalling so it is necessary to route your users instead-- which is what Unifi's "Guest Policy" does.

The simplest way to set this up would be to use the TP-Link as a WAN/LAN router connecting the untrusted modem LAN and internet to the WAN side and the users to the LAN side. This is covered by the default configuration. Access from the WAN (which includes the Unifi AP) to anything in the local LAN is blocked. A more sophisticated setup would be a guest network routing the users separately so they can also be blocked from trying to hack into the OpenWrt OS.

Note that the UAP-AC-Mesh is supported by OpenWrt and works well with it.

1 Like

1 Like

I tried this option but sad to say I can't connect to internet anymore once I apply it. I need the modem to supply for the IP, that's why I need to set this AP as dumbAP. Was hoping that a firewall can do it but I guess VLAN is the option when it comes to this scenario? Anyway, thank you very much.