Is that possible to attack devices with MIMT or arp poisoning in a client isolated network ?

[jacobrogerstone]

Hi,

I have my internet connection to share with random person in my shop, so I have secured my network by enabling client-isolation so no devices sniff or attack other devices in the network such as LAN or WLAN network. (LAN device to LAN devices or LAN device to WIFI devices or WIFI device to WIFI devices).

By enabling client isolation can be blocking attacks on my network devices, right or do I have to do anything than this ? 

[Aaron Outhier]

Client isolation puts up a firewall between the various devices in that network. It doesn't prevent sniffing. It really can't prevent sniffing. Although you could use a captive portal of some kind to limit access to only customers with a code/voucher, that is an advanced topic, would be difficult to implement, and is beyond my time & patience thresholds right now to assist, but still possible. That still won't prevent sniffing, but would help prevent session stealing and duplicate logins. Might also help you track down and shut down misbehaving clients. That would be quite a bit of work if you are a small shop.

Note that client isolation will also prevent you, say, from using a network printer or a NAS drive. Bottom line: Use a guest network with client isolation for your guests. Use a WPA2 (or 3) secured network for yourself. If you can manage: Use wpa2 security for your guest network, and write the code on a whiteboard inside your shop, and change the code every day. Use a random code generator for the daily WPA2 password. Set it to about 12 characters, Alphanumeric. Very few special characters are allowed in a WiFi passcode. Better to avoid them.