Group isolation in wireless networks

What is claimed is: 1. A method for managing a wireless network, comprising: via a controller in communication with a network and an access point (AP), receiving, from the AP, an indication that a wireless access device is requesting to associate to the AP; upon receiving the indication, associating the wireless access device to the AP; assigning the wireless access device to an isolation group; routing local communication through the AP locally, for any wireless access devices which are assigned to the same isolation group; and routing communication through the AP and then the network, for any wireless access devices which are not assigned to the same isolation group. 2. The method of claim 1 wherein the wireless access device is assigned to the isolation group using an access control list. 3. The method of claim 2 wherein the access control list uses at least one of a single service set identification (SSID) and a single virtual local area network (VLAN). 4. The method of claim 2 wherein the access control list uses at least one of a pre-shared key and a dynamic pre-shared key. 5. The method of claim 2 wherein the access control list uses media access control (MAC) information of the wireless access devices. 6. The method of claim 5 wherein the access control list uses MAC addresses of the wireless access devices. 7. The method of claim 2 wherein the access control list uses username and password credentials. 8. The method of claim 2 wherein the access control list uses third-party website credentials. 9. The method of claim 2 wherein the access control list is created at the controller and sent to the AP. 10. The method of claim 1 further comprising: assigning a different permission set of wireless network features of the AP to each isolation group. 11. A non-transitory computer-readable medium having computer-executable instructions thereon for a method for managing a wireless network, the method comprising: via at least one access point (AP) in communication with a network and two wireless access devices, aggregating the two wireless devices into an isolation group; assigning a specific permission set to the isolation group; wherein the at least one AP uses a single service set identification (SSID) and single virtual local area network (VLAN); and allowing direct, local communication between the two wireless devices in the same isolation group via the at least one AP locally; and routing communication through the network, among any wireless devices which are not assigned to the same isolation group. 12. The non-transitory computer-readable medium of claim 11 wherein the isolation group shares a dynamic pre-shared key. 13. The non-transitory computer-readable medium of claim 11 wherein the isolation group is identified in an identifier list stored in a lightweight directory access protocol server (LDAP). 14. The non-transitory computer-readable medium of claim 13 wherein the isolation group identifier includes a group name and password. 15. The non-transitory computer-readable medium of claim 11 further comprising an isolation group identifier that is a list of media access control (MAC) addresses. 16. The non-transitory computer-readable medium of claim 11 further comprising an isolation group identifier that is obtained via a third party website. 17. The non-transitory computer-readable medium of claim 16 wherein the third party website is a social network website. 18. The non-transitory computer-readable medium of claim 11 further comprising a controller in communication with the at least one access point. 19. The non-transitory computer-readable medium of claim 11 further comprising an authentication, authorization and accounting (AAA) server in communication with the network, wherein the isolation group is defined at the AAA server. 20. The non-transitory computer-readable medium of claim 11 further comprising a radius server, in communication with the network, wherein the isolation group is defined at the radius server. 21. The non-transitory computer-readable medium of claim 11 wherein the specific permission set determines accessibility to the network for the devices within the isolation group. 22. The non-transitory computer-readable medium of claim 11 wherein the specific permission set determines billing features of the isolation group. 23. The non-transitory computer-readable medium of claim 11 further comprising, via the at least one access point, aggregating a third and fourth wireless device in a second isolation group; assigning a different specific permission set to the second isolation group; allowing communication between the third and fourth wireless devices via the at least one AP. 24. The non-transitory computer-readable medium of claim 23 further comprising, routing through the network communication between wireless devices in different isolation groups. 25. A system for managing a wireless network, comprising: a controller in communication with a network and at least one access point (AP), the AP in communication with at least two wireless access devices, the controller configured to, aggregate the at least two wireless devices into an isolation group; assign a specific permission set to the isolation group; route local communication locally through the AP, among wireless access devices which are assigned to the same isolation group; and route communication through the network, among wireless access devices which are not assigned to the same isolation group, wherein the wireless network uses a single service set identification (SSID) and single virtual local area network (VLAN).