Some routers have a Wireless isolation, AP Isolation, Station Isolation, or Client Isolation feature that allows you to lock down your Wi-Fi network. This feature is ideal for businesses with public Wi-Fi networks or anyone who’s just a bit paranoid.

This feature confines and restricts clients connected to the Wi-Fi network. They can’t interact with devices connected to the more secure wired network, nor can they communicate with each other. They can only access the Internet.

What This Feature Does

On standard home routers with standard settings, every device connected to the router is considered part of the same local network and can communicate with each other device on that network. Whether it’s a server connected to the wired network or a mobile device connected to the Wi-Fi network, each device can communicate with each of the other devices. For obvious reasons, this is often not ideal.

RELATED: Why Using a Public Wi-Fi Network Can Be Dangerous, Even When Accessing Encrypted Websites

For example, if you’re a business with a public Wi-Fi network, you don’t want clients connected to the public Wi-Fi network to have access to your servers and other systems connected to the wired network. You probably also don’t want devices connected to the wired network to be able to communicate with each other, as this means infected systems could potentially infect other vulnerable systems or malicious users may attempt to gain access to insecure network file shares. You only want to provide Internet access to your clients, and that’s it.

At home, you likely have a single router with a variety of devices connected to it. You may have a server connected to the wired network or just wired desktop systems that you want to be secure. You may still want to provide Wi-Fi access to your guests with an encrypted network, but you may not want your guests to have complete access to your entire wired network and all your wireless devices. Perhaps their computers are infected — it’s a good idea to limit the damage.

Guest Networks vs. Wireless Isolation

A router’s Guest Network feature can also function similarly. Your router may have both of these features, one of them, or none at all. Many home routers do not have Wireless Isolation or Guest Network features.

RELATED: How to Enable a Guest Access Point on Your Wireless Network

A router’s Guest Wi-Fi network feature will generally give you two separate Wi-Fi access points — a primary, secure one for yourself and an isolated one for your guests. Guests who join the guest Wi-Fi network are confined to an entirely separate network and given Internet access, but they can’t communicate with the main wired network or the primary wireless network. You may also have the ability to set separate rules and restrictions on the Guest Wi-Fi network. For example, you could disable Internet access on the guest network between certain hours but leave Internet access enabled for devices on the primary network all of the time. If your router doesn’t have this feature, you can get it by installing DD-WRT and following our setup process.

Wireless Isolation features are less fancy. Simply enable the isolation option and all clients connected to the Wi-Fi network will be blocked from communicating with other devices on the local network. Through a system of firewall rules, clients connected to the Wi-Fi will only be able to communicate with the Internet, not each other or any machines on the wired network.

Enabling Wireless Isolation

RELATED: 10 Useful Options You Can Configure In Your Router's Web Interface

Like your router’s other features, this option will be available in your router’s web interface if your router offers it. Note that this feature isn’t available on every router, so there’s a good chance you don’t have it on your current router.

You’ll generally find this option under advanced wireless settings. For example, on certain Linksys routers, you’ll find it under Wireless > Advanced Wireless Settings > AP Isolation.

One some routers, including NETGEAR routers, the option may be found on the main wireless settings page. On this NETGEAR router, it’s found under Wireless Settings > Wireless Isolation.

Different router manufacturers refer to this feature in a wide variety of different ways, but it generally has “isolation” in its name.

Note that enabling these features will prevent certain types of wireless features from functioning. For example, the help pages for Google’s Chromecast notes that enabling AP Isolation will prevent the Chromecast from functioning. The Chromecast needs to communicate with other devices on the Wi-Fi network and wireless isolation will block this communication.

Profile Photo for Chris Hoffman Chris Hoffman
Chris Hoffman is Editor-in-Chief of How-To Geek. He's written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader's Digest, been interviewed as a technology expert on TV stations like Miami's NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read more than one billion times---and that's just here at How-To Geek.
Read Full Bio »