I’m not sure I believe that no devices use IPv6. All IPv4-only still, even in these days? Perhaps so.
Looking at the Firebrick’s session records, I can track the IPs be they IPv4 and IPv6. I can see the associated MAC addresses via the ARP/NDP records too. And I can capture traffic using AA’s Firebricks (as opposed to my own), which is a handy little feature.
I was asking about the internal configuration of WAPs.
When I said guest, that was an extremely poor choice of words as it’s highly misleading. I didn’t necessarily mean a human, but rather a host in the guests SSID. My apologies for the confusion.
Therefore I’ve confused Alex completely.
To reply to what Alex said, I’ve no intention of delivering wifi to Janet’s commercial guests, only to personal friends staying with us and to IoT things that I’m not allowing to access the rest of my LAN.
As I think I mentioned, each guest-SSID host is L2-isolated from the rest of the LAN, from all wired and wireless devices and such hosts are mutually isolated at L2 as well. An exception is made for access to the gateway, so they can access the internet and nothing else. It’s all done by the WAPs, the Firebrick used to handle some of it but now it’s easier to do it a different way which is letting the WAPs alone do what they do best. There are two WAPs currently, and a third on standby as a spare.