What's new

Guest Network has no internet access unless I enable access to intranet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yop

Occasional Visitor
Hi.

I am trying to enable guest network for my IOT devices. I do not want to give them access to my intranet.

If I enable a guest network and configure one of my devices to use that network, they can not access to internet. I only be able to make it work I give them access to intranet.

When Guest Network and disable access to intranet:
- device get an IP 192.168.101.x
- device get a DNS Server: 192.168.101.1 ( I guess it is managed by the router)
- device can resolve names-> ping google.com To 216.xxxxx (but request timeout)
- device can not open 192.168.2.1 (router IP)
- device can not ping any of the devices on my intranet.
- device from intranet can ping to IOT device on guest network.

but device can no navigate to internet.

However, if I enable access to intranet, IOT recive an 192.168.2.x ip (my main networkI) and can browse internet without problems.

My router is an ac5300. I've just factory reset it, I try to change of guest networks, play with dns settings.....

Any help please?
 
Try using the second guest network instead of the first. This first guest network works a bit differently than the other two.
 
I agree w/ @ColinTaylor, try one of the other guest networks. However, it doesn't explain why the current guest network isn't working. It shouldn't make a difference which guest network you use, even if implemented differently. Not unless it's known to be broken.
 
Thank you both.

It seems to work using the second guest network. I never thought they were different, It's weird as least
 
Same here, across multiple versions of firmware, on XT8.
First network (2.4GHz) never had actual Internet access. This bug shouldn't even exist especially since the recent releases supposed fixed guest network problems.
 
Encountering the same thing on my XT8 based mesh nnetwork. Guest network 1 will not work unless it is given intranet access. Solution is to use guest network 2. But I don't want to use guest network 2, because only guest network 1 is propagated across all nodes. Ridiculous!
 
Same here, across multiple versions of firmware, on XT8.
First network (2.4GHz) never had actual Internet access. This bug shouldn't even exist especially since the recent releases supposed fixed guest network problems.
Mi guest network in XT8 is the first one in 2'4, and works ok. It's strange.
 
I have an AiMesh network set up specifically for the shared guest WIFI running 9.0.0.4.386.41994 Beta Version. Has been running since early Feb 2021 without a hitch. If you use a LAN subnet other than default 192.168.50.0/24 the guest 1 may not work. This is a guess on my part and not tested.
 
I have an AiMesh network set up specifically for the shared guest WIFI running 9.0.0.4.386.41994 Beta Version. Has been running since early Feb 2021 without a hitch. If you use a LAN subnet other than default 192.168.50.0/24 the guest 1 may not work. This is a guess on my part and not tested.
Not sure what you mean. My lan doesn't start with 192, but guest wifi runs ok.
 
I did more testing with a spare RT-AC68U, confirmed this issue is not unique to AC5300.

1st, FYI, my ISP is Verizon FIOS.

After enabling Guest-1 (2.4GHz), disable access intranet, guest client gets 192.168.101.x IP address, then the internet will get disconnected for both guest and non-guest connections.

If I enable allow access intranet on the Guest-1, guest client gets 192.168.1.x IP address, then there is no problem for both guest and non-guest connections.

Then I did something different, I connected this AC68U (WAN port) to AC5300 (LAN port), AC68U gets 192.168.111.x from AC5300 as WAN IP address. Then test again, success, no internet disconnect issue observed (disabled access intranet on Guest-1, and guest client got 192.168.101.x IP address).

So, what could be the cause? ISP's DHCP config or security feature?
 
Encountering the same thing on my XT8 based mesh nnetwork. Guest network 1 will not work unless it is given intranet access. Solution is to use guest network 2. But I don't want to use guest network 2, because only guest network 1 is propagated across all nodes. Ridiculous!
I have the same system. On mine, both guest network 1 and 2 do the same thing. Did yours stay working on guest network 2?
Mine will work for a short period, then all connections crash unless access to intranet is enabled.
 
I have the same system. On mine, both guest network 1 and 2 do the same thing. Did yours stay working on guest network 2?
Mine will work for a short period, then all connections crash unless access to intranet is enabled.
my Guest-2 works fine, access intranet is disabled.
 
I would like to revive the topic.

Yes, I found the exact same thing.
My Guest-2 does not assign a new ip area but rather assigns an address from the ip area in which the intranet is located.
I don't have access to the intranet with traceroute, but I can ping all addresses.
Is there already a solution with guest-1 and its own IP range 192.168.101.xxx? Isn't there a static route to the WAN or VPN in the router missing?

regards
 
Try using the second guest network instead of the first. This first guest network works a bit differently than the other two.
I was searching back a while ago about the difference in guest network #1 and the others.
What is the difference?
 
I was searching back a while ago about the difference in guest network #1 and the others.
What is the difference?
Asus changed the way the first guest networks work so that they can be propagated to AiMesh nodes. This means that when Access Intranet is set to Disable they have their own separate IP subnets, 192.168.101.x and 192.168.102.x. I think (but I might be wrong) they also use vlan tagging when used in an AiMesh setup.
 
Last edited:
I think it's good that a separate ip area is used. Since the settings made with it do not enable internet access, it is certainly a mistake. What do I have to set where so that internet access is possible.
 
Now a while has passed again. Has someone got the guest network 1 to run without intranet access?
 
Now a while has passed again. Has someone got the guest network 1 to run without intranet access?
Yes. Have never had problems with guest 1.
 
OK. Have you ever tried using the guest network to access the Internet with the VPN client activated and the Intranetaccess disabled setting? Works with me only if either VPN client off or intranetaccess is allowed.
Otherwise traceroute from the guest network 1 with IP 192.168.101.xxx ends at 192.168.101.1.
 
OK. Have you ever tried using the guest network to access the Internet with the VPN client activated and the Intranetaccess disabled setting? Works with me only if either VPN client off or intranetaccess is allowed.
Otherwise traceroute from the guest network 1 with IP 192.168.101.xxx ends at 192.168.101.1.
No. VPN Client belongs on clients not the router. My biased opinion, of course...
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top