Network discovery typically relies on multicast traffic which scope is limited.
However, according to your current settings, accessing LAN hosts by IP should be possible.
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/extras#isolating_clients
Maybe I was unclear. Of course guest devices shall not see my LAN devices. It is a guest network 
.
When connected to my guest wifi, Fing does see only other guests, no hosts on the LAN. Will confirm by explicitly pinging one.
Indeed, knowing the address, it is possible to access a host on my LAN. So I guesst what I said above is true, that I need to define firewall rules to block guest access to hosts on 192.168.234.*.
uci set firewall.@forwarding[0].enabled="0"
uci -q delete firewall.guest_fwd
uci set firewall.guest_fwd="rule"
uci set firewall.guest_fwd.name="Allow-Guest-Forward"
uci set firewall.guest_fwd.src="guest"
uci set firewall.guest_fwd.dest="lan"
uci set firewall.guest_fwd.dest_ip="!192.168.234.0/24"
uci set firewall.guest_fwd.proto="all"
uci set firewall.guest_fwd.target="ACCEPT"
uci commit firewall
/etc/init.d/firewall restart
Thanks @vgaetera ! Guest wifi is working as expected. Will check the client-isolation on the weekend.
Isolating clients was trivial using the 3 lines Vladislav had referred to. For interested folks with the same issue, look at all posts above I marked as solution. All of these combined did the trick.
Big thanks a lot to @vgaetera and @mk24 , guest wifi is how I wanted now.
You can only mark one post as solution, it just changes which one is marked when you click a different post
Thanks for the info
I have now just marked the first in the series of additions by Vladislav.
Interested readers need to start looking there and follow the advice from there.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.