I would like to revisit this feature request, which was discussed previously here:
The original discussion took place over a year ago, and as far as I can tell there have been no updates or changes regarding this functionality since then.
It would be highly beneficial to support separate ACL (Access Control List) policies for the Primary, Guest, and IoT networks.
Currently, ACL whitelist mode is applied globally. As a result, any device that is not on the whitelist is unable to connect not only to the primary network, but also to the Guest network. This significantly reduces the usefulness of the Guest network, since guests must be manually whitelisted before they can access the network.
Ideally, each network should have its own ACL policy. For example:
-
Primary network: Whitelist enabled
-
Guest network: Open access or blacklist mode
-
IoT network: Separate whitelist or custom policy
This would allow administrators to maintain strict access control on their primary LAN while still providing convenient Guest and IoT network access.
Another usability improvement would be to allow non-whitelisted devices to associate with the Wi-Fi network while blocking their traffic until they are approved. At a minimum, newly connected devices should appear in the client list and be clearly marked as blocked or pending authorization. Currently, devices that are not on the whitelist never appear in the controller, which makes onboarding and approving new devices unnecessarily difficult.
These enhancements would improve both security and usability, particularly in environments with a large number of IoT devices and occasional guest access requirements.