LEDE/OpenWRT — How to enable Client Isolation
Client Isolation is a feature that will, as the name suggests, isolate each client on the network from each other. This will prevent them from communicating and accessing each other, providing a layer of security to your network.
SSH to your LEDE/OpenWRT device
If you are using Windows then start PuTTY and click Session on the left side, select SSH from the options, and then enter in the IP Address of your LEDE/OpenWRT box into the Host Name field.
Once you’ve done this just click on Open to start up the SSH connection.
If you are connecting via terminal, then just SSH to your LEDE/OpenWRT device using the following command, where 192.168.1.1 is your LEDE/OpenWRT device’s IP address.
ssh root@192.168.1.1Enabling Client Isolation
Once you are logged into your LEDE/OpenWRT device, run the following command to edit your wireless config file by running the following command:
vi /etc/config/wirelessYou will want to add the following option to your wireless config:
option isolate 1For the wireless config that you want to enable isolation on, add that option in. It should look something like the following:
config 'wifi-iface'
option 'device' 'wl0'
option 'network' 'lan'
option 'mode' 'ap'
option 'ssid' 'MyWifiAP'
option 'encryption' 'psk2'
option 'key' 'secret passphrase'
option 'isolate' '1'After saving your change, run the following command to restart your wireless interfaces and apply the change:
wifi(Optional) Using the web GUI
This can all be done using the web GUI by navigating through Network > Wifi > and ticking the AP-Isolation box
If you found this post helpful please let us know by clicking the ♥ below.
This blog was brought to you by Cucumber Wi-Fi. Cucumber helps you run a more efficient Wi-Fi network. Check it out here.
Cucumber Wi-Fi — control any (Wi-Fi) device from the cloud.
