A topology is a layer2 (bridge@AP/bridge@EWC) or layer3 (routed/bridge@EWC) interface into your network.
The best thing to isolate the guest traffic from your internal traffic is to create a new one.
Sure you'd use the current one but that would make it more complicated as you'd need to make sure that you deny all traffic from the guest network to the internal resources (in the role configuration) so the guest can't "attack" your infrastructure.
So most of my installations use a dedicated bridge@EWC topology (=VLAN) with only the firewall in this VLAN so the guest has only one option and that is to get out in the internet and don't access internal infrastructure.
I don't understand what the different topologies mean.The controller already has 3 topologies. I will try using one of them. Can i just copy the settings of our other SSIDs to the guest ssid, and make it work that way?
