Hello,
I recently noticed a strange behavior in our IAP cluster.
We have two SSDI, one for internal staff, giving a full acces to the LAN (with same setup as a local compture) and another one for visitors, the visitor SSID is setup to put in VLAN 99 connected user, authorising internet acces only (the internet access rule are managed via our firewall).
It works fine for a long time now, but i recently discover that a user connected to visitor SSID (in vlan 99) could ping and connect another user connected via internatl Staff SSID (default VLAN 0).
I checked firewall and switch, there is no inter vlan routing. I did various test and i'm quite sure the "inter vlan connection" is done inside IAP cluster not on LAN side.
I don't understand what is did wrong in my IAP cluster setup but i really need to fix it, Vistor musn't be able to reach internal staff computer connected via Wifi.
Thanks in advance for your help.
Olivier