Guest network isolation issue

[SouthNorthguy]

Hello

Long-time lurker and new member. I hope I am doing this correctly.

I read numerous threads before posting but am unable to solve my problem.
Just recently (this was working fine ...) I stopped being able to "see" my devices on my guest Wifi network. For example, I have a Raspberry Pi connected via Wifi, and I used to be able to SSH to connect to it. I can't do that anymore. I have a few more examples of the same situation. The guest network mainly hosts IOT stuff like my weather station, the RasPi, temperature sensors, etc.

Setup details:

Router: RT-AX58U on stock firmware
Current firmware: 3.0.0.4.388_23925
Firmware auto-update: Enabled
Wifi Networks: Main + one guest
AIMesh : One AP (An Asus RT-AX55) with ethernet backhaul and "Guest network on AiMesh" set to "Router only" I also disconnected the Mesh AP at one point to see if it was the issue.
Wifi settings:

• 2.4ghz enabled. 5ghz disabled
• Professional: Set AP Isolated -> NO

I know this works fine on the "main" Wifi network since I have a Chromecast (WiFi), a NAS (Wired) and a few other devices and I can connect to them just fine.
I of course rebooted the routers, the switch I have, etc.

Any input appreciated

 

[ColinTaylor]

Make sure "Access Intranet" on the guest network is enabled. If it still doesn't work try using guest network #2 instead of #1.

 

[SouthNorthguy]

Make sure "Access Intranet" on the guest network is enabled. If it still doesn't work try using guest network #2 instead of #1.

Hello.
Would this not allow all the IOT devices to "see" what is on the "main" network where I have my NAS, laptops. etc? I need to have those unable to see each other for security reasons.

 

[ColinTaylor]

Would this not allow all the IOT devices to "see" what is on the "main" network where I have my NAS, laptops. etc?

Yes. It sounded like that was your intention, particularly because your said your node was set to "Router only".

I need to have those unable to see each other for security reasons.

I believe there's a bug/feature whereby disabling a guest network's intranet access also enables AP isolation for that guest network. This has been commented on quite a few times.

 

[drinkingbird]

Yes. It sounded like that was your intention, particularly because your said your node was set to "Router only".


I believe there's a bug/feature whereby disabling a guest network's intranet access also enables AP isolation for that guest network. This has been commented on quite a few times.

It definitely enables AP isolation, at least on every firmware I've run on my router. Only way to override is with a script, or Yazfi.

No idea why it was working for OP before. A bug, or possibly previously used Yazfi and isolation never got re-enabled until now, etc.

 

[SouthNorthguy]

It definitely enables AP isolation, at least on every firmware I've run on my router. Only way to override is with a script, or Yazfi.

No idea why it was working for OP before. A bug, or possibly previously used Yazfi and isolation never got re-enabled until now, etc.

My main router does not support Merlin, unfortunately. What is the script you suggest, please?

 

[John Fitzgerald]

My main router does not support Merlin, unfortunately. What is the script you suggest, please?

Your main router is the AX58U, from the first post? Then it does support RMerlin.
Unless it’s v2. (4 core) vs original 3 core.

 

[SouthNorthguy]

Your main router is the AX58U, from the first post? Then it does support RMerlin.
Unless it’s v2. (4 core) vs original 3 core.

I have a v2 which is why I sadly cant install Merlin.

 

[drinkingbird]

My main router does not support Merlin, unfortunately. What is the script you suggest, please?

If it doesn't support merlin you can't use a script but you can go into the CLI and change the NVRAM variable and reboot, or just run the WL command to shut it off.

My router is totally different architecture than yours so I don't know the specific commands or variables, they may be the same, may not be.

 

[macster2075]

Make sure "Access Intranet" on the guest network is enabled. If it still doesn't work try using guest network #2 instead of #1.

Does disabling Intranet blocks internet altogether?
No matter if I use Guest Network 1-3, if Intranet Access is disabled, there is no internet at all. As soon as I enable it, then internet comes back.

Is that the intended behavior for Intranet Access option?

 

[jksmurf]

I believe there's a bug/feature whereby disabling a guest network's intranet access also enables AP isolation for that guest network. This has been commented on quite a few times.

There was a discussion in the thread below some time ago about possibly adding an AP Isolation option to Guest Networks so you could have Access Intranet off but AP isolation disabled. There was even a custom build made (see pic).

I am in the same position as the OP in that thread wrt to a Chromecast device on a Guest network (and I prefer it to stay there). I would like it to stay on GN1 as that is the only Guest Network that propagates to mesh nodes. As far as I can tell the option is not offered in either stock or Merlin FW.

Are there plans to include it and /or are there other simple solutions to achieve the same goal?

Guest Network on 386 builds doesn't play nice with Chromecast, and a potential workaround

I found where it's being forced!!!! (Well, pretty sure :) ) Will have a new test build for you in about an hour.....

www.snbforums.com