Disabling "Access Intranet" on RT-AX86U guest network causes IoT devices on primary network to repeatedly disconnect

[mmseng]

Hmm, The changelog certainly sounds enticing, but that is for the Pro model while mine is non-Pro. The latest non-Pro model official firmware doesn't not have anything similar in its changelog. I can only hope that ASUS releases a similar update for the non-Pro model. Edit: I just realized that I missed where bennor's said "Hopefully they'll filter out that update to other models soon".

That being said I am running Merlin. Was running 388.4, but am now running 388.5, which did not solve the issue. From what I can tell, the official fix for the Pro version hasn't been included in Merlin yet, even in 388.6 beta1. I found a related thread over here and asked a few questions in order to try to better understand my options in this situation.

In the meantime my further testing has confirmed (so far) that both the Shelly and ZENGGE devices continue to have the same issue, though this manifests in slightly different symptoms for each type of device. On the bright side I've further narrowed it down to specifically the guest net intranet vs no intranet setting on _either_ the 2.4 _or_ 5GHz bands. Previously I was always just turning on the guest net for both bands, each with intranet access disabled and seeing the issue, then turning them both off and seeing the issue disappear for all devices. Now, I've confirmed that I can leave one or both guest net bands enabled with intranet access enabled and the issue doesn't happen. Then disabling intranet access on any single band causes the issue to return. That's not unexpected; I just hadn't fully tested and confirmed it before. I do find it a little strange that even disabling intranet access on just the 5GHz band will reintroduce the issue for these 2.4GHz devices... but that's over my head.

So, I'm hopeful that somehow installing a compatible firmware version that includes the fixes from the official RT-AX86U Pro 3.0.0.4.388_24199 release may solve the issue. Now I'm just trying to figure out how and when that might be feasible, ideally without losing the Merlin functionality.

 

[mmseng]

I did end up trying out 388.6 beta1 but unfortunately that didn't solve the issue. I'll have to wait and hope that an official firmware release will address the issue for the non-Pro model and hope that makes its way into a Merlin release. Of course there's no guarantee that that changelog line in the official Pro model release will even address my issue, but I can hope and dream.

 

[L&LD]

RT-AX86U Guest Wifi Issue

In general, is there a definitive way to know which official ASUS firmware releases each Merlin release is based on? Asuswrt-Merlin is built on Asus provided GPL code. It may or may not match an official Asuswrt release. Check the changelog for details.

www.snbforums.com

 

[mmseng]

I do plan on doing a proper reset... whenever I can spare a free weekend to re-document all my current settings and flash, reset, and re-configure and test all my devices (many have to be factory reset to change SSIDs). In the meantime I've just been exhausting the potential, easy/dirty options.

 

[camn]

I've also got gremlins with Asus Zenwifi infrastructure and iot devices.
I'm interested in your experience.

 

[mmseng]

I actually just finally got around to doing a proper reset on my RT-AX86U. I dirty updated to 3004.388.6, then factory reset, configured minimal settings and factory reset again. Then reconfigured all of my usual settings and MAC filtering, etc. There were a handful of settings that were different after the reset/reconfigure that I probably tweaked at one time or another in the past, or which have different defaults nowadays. I left as many things default as I could.

That was Sunday evening. So far, I've not had a single problem from any of my LED controllers (ZENGGE or Shelly). However I also haven't enabled my guest network yet. I plan to wait a full week to see if the LED controllers have any issues, and then turn on my guest net (guest net #1, both 2.4 and 5ghz), and give it another week to see what happens... and then disable intranet access on the guest net and give it another week.

One new behavior I've noticed: Since resetting, the Shelly devices no longer blink off their status LEDs every 4 seconds; instead they stay on continuously now

I'm going to guess that my problems were related either to something that had broken since the last time I factory reset (probably a LONG time ago), or one of the miscellaneous settings that got reset back to default. But I'm still holding my breath until I've seen a few weeks without problems, as noted above.

Another weird thing I just noticed: the system log shows lines going back to the firmware reset on Sunday, but immediately before that it shows entries from May 5th... and that could be May 5th years ago, since there's no year recorded. Makes me think something was definitely wrong if the system log hadn't been recording anything for so long. Although I'm also wondering why the system log shows anything at all before the reset. I don't know enough about how these things work to comment.

 

[ColinTaylor]

Another weird thing I just noticed: the system log shows lines going back to the firmware reset on Sunday, but immediately before that it shows entries from May 5th

That is normal. Every time the router boots up it has its initial date set at May 5th 2018. It's only after it's connected to the internet that it's able to set the correct date and time.

 

[mmseng]

That is normal. Every time the router boots up it has its initial date set at May 5th 2018. It's only after it's connected to the internet that it's able to set the correct date and time.

I thought it might be something like that. Thanks for clearing it up.

 

[mmseng]

P.S. The other thing I did, before any resetting, was split my primary LAN wireless network out into two separate SSIDs for 2.4 and 5 Ghz. That didn't help before the reset, and I have no motivation to try re-combining them after the reset.

 

[Homebrew]

Glad I found this thread and thanks to mmseng for documenting the problems and all of the contributions from subject matter experts - fascinating reading.

I have an asus rt-ac86u and 3 additional ac86u aimesh nodes. All on latest firmware (3.0.0.4.386_51915-g43629d2).

Except for the occasional router and node hard boots maybe once every couple of months, all stable with about 65 devices typically. Been stable a long time, but there have been many times in the past that I have considered piling the 4 asus rt-ac86u's in the driveway and recording a nice plastic and silicone bonfire, then dousing the smoldering mass with urine. Suffice it to say I haven't always been a happy asus customer.

Yesterday I enjoyed reliving past miseries by trying to use the guest feature, with much of the same frustrations documented by mmseng.

I configured and enabled the guest network (#1) for both 2.4 and 5 ghz. Separate SSIDs and wep2 passwords for each. None of my existing devices had ever been configured to use the new guest network SSIDs. I also had intranet disabled (else what's the point of a guest network). My regular intranet devices began to lose their internet connection after a few minutes and would not reconnect. Devices like firetv sticks, Amazon echo, iphones, samsung phones and tablets - anything connecting through the regular intanet wifi (that had been working fine before turning on guest network) now failed to connect to the internet. I could sometimes manage to get a router connection, but no internet access. Frankly I've never found the log useful and it didn't show anything that looked meaningful to me.

So, after a few minutes of choice but vain verbiage aimed at the good people at asus, I disabled the guest network altogether, then powered off the router and 3 nodes. Powered them up, all stable again as if nothing happened.

Unlike the admirable actions and determination of mmseng, my immediate conclusion was that the "guest" feature of my rt-ac86u is just another half-baked clusterf*ck from the geniuses working for asus, and thus immediately abandoned any notion of the network isolation I desired for certain devices now happily residing on my intranet (along with the congo line of hackers exploiting them).

It would be nice to see an update addressing the problem, but I'm not holding my breath.

Cheers

 

[alan6854321]

I might be able to add some interesting info to this discussion...

My experience is just the same as yours, tried adding my IoT devices to a guest network, but as soon as I disabled Intranet access all hell breaks loose and clients on both guest and main networks start losing connectivity. I'm using guest #1 which is extended to my AiMesh node.

But here's a strange thing - I have a Eufy doorbell. It has a hub which connects to my router and also puts up its own WiFi access point with a hidden SSID. The doorbell itself connects to that hidden SSID. Any videos it captures are stored on the hub, not uploaded to the cloud.

The doorbell can function without any internet access - if the router WiFi is down, the doorbell still rings (at the hub) and stores video locally as normal.

But when I disabled Intranet access on the guest network, the connection from doorbell to hub was also disrupted - the doorbell refused to connect to the hub until I re-enabled Intranet access again.

I can't really imagine how that is happening - the guest network seems to be disrupting a different WiFi network.

 

[bennor]

Folks, the issue of disabling Guest Network's Access Intranet causing internet to be cut off on Guest Network clients is a well discussed issue among numerous posts/threads:

Solved - IoT's and Intranet

Hello, I would like some help regarding Guest Network and IoT devices. I have smart plugs/switches and would like to keep them separate from main network. I see this Asus Router has the Guest Network option and I see the option to enable/disable Intranet which works as intended. If I connect my...

www.snbforums.com

Guest wifi last fw ax86u pro

Hi . I have. Problem with latest updte ax86u pro- 3.0.0.4.388_24198 After this update guest wifi 2.4ghz no internet access. When i enable intranet access internet work. In old fw: 3.0.0.4.388_23565 worked normal. And in new fw not work. Any1 same problem? Its a bug or new features? Or how...

www.snbforums.com

Guest Network has no internet access unless I enable access to intranet

Hi. I am trying to enable guest network for my IOT devices. I do not want to give them access to my intranet. If I enable a guest network and configure one of my devices to use that network, they can not access to internet. I only be able to make it work I give them access to intranet. When...

www.snbforums.com

Guest network isolation issue

Hello Long-time lurker and new member. I hope I am doing this correctly. I read numerous threads before posting but am unable to solve my problem. Just recently (this was working fine ...) I stopped being able to "see" my devices on my guest Wifi network. For example, I have a Raspberry Pi...

www.snbforums.com

RT-AX86U Guest Wifi Issue

Hello, I have the RT-AX86U and have noticed an issue when setting up Guest WIFI. ''Access Intranet'' - ''disable'' is blocking some websites but not all. Very strange. My initial thoughts are that the blocked sites require some sort of interaction/resource that Guest Wifi mode is blocking...

www.snbforums.com

Guest Network Causes 2.4 Ghz Conflict

Hi, Every year i am forced to turn on a 2.4 Ghz guest network because my “smart” Christmas lights cant connect to a network that automatically switches between a 5Ghz network and a 2.4 Ghz network, depending on the client and the distance. Setting up the 2.4 Ghz guest network, in addition to my...

www.snbforums.com

Asus has a potential fix for the issue that may eventually be rolled out to other router models. Currently for the RT-AX86U Pro:

RT-AX86U Pro｜WiFi Routers｜ASUS Global

AX5700 Dual Band WiFi 6 Gaming Router, Mobile Game Mode, AiProtection Pro, WPA3, Parental Control, Mesh WiFi support, 2.5G Port, Gaming Port, Adaptive QoS, Port Forwarding

www.asus.com

ASUS RT-AX86U Pro Firmware version 3.0.0.4.388_24199
Version 3.0.0.4.388_24199 52.74 MB 2024/01/04
Bug Fixes and Enhancements：
- Resolved guest network connectivity issues on AiMesh nodes by disabling guest network internal access.

The workaround if not in one's Asus updated firmware yet is to roll back to an earlier firmware where the issue isn't present. Or try using YazFi, which is a Guest WiFi addon. Note: YazFi doesn't work on AiMesh nodes or AP nodes. And YazFi requires using Asus-Merlin firmware.

YazFi - YazFi v4.x - continued

v4.4.4 Updated 2023-11-26 Feature expansion of guest WiFi networks on AsusWRT-Merlin, including, but not limited to: * Dedicated VPN WiFi networks * Separate subnets for organisation of devices * Restrict guests to only contact router for ICMP, DHCP, DNS, NTP and NetBIOS * Allow guest networks...

www.snbforums.com

GitHub - jackyaz/YazFi: Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more!

Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more! - jackyaz/YazFi

github.com

 

[mmseng]

Just to close this out so I can finally close some browser tabs, ever since I factory reset on 3004.388.6 things have been working fine (as noted in my previous post). After several weeks I finally re-enabled my guest nets (2.4GHz and 5GHz guest net #1) with "Access Intranet" disabled, and things have still been working fine, for over a month now.

So clearly, the factory reset (and subsequent re-configuration of settings) solved my issue. Whether that would have worked on a pre-3004.388.6 patch I don't know. Probably, but who knows.

My Zengge devices did eventually factory reset themselves again, but that's just something they've done on rare occasions, regardless of any networking issues, so I finally ditched them and am only using my Shelly devices now.

Anyway, I'm about to move on to 3004.388.7 since that's available.