What's new

Guest Network on 386 builds doesn't play nice with Chromecast, and a potential workaround

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ha, why thank you ;) Have you tried using YazFi on 386? I’m waiting for 386 builds to come out of beta before I update to that branch, but I’m using YazFi on Merlin’s 384 branch, and that has an option of choosing whether or not to isolate clients from each other on the Guest SSIDs

don't think it works with aimesh 2.0 though. its nice that asus now has separate subnets for guest 1, but you still need to use yazfi if wanting to specify a dns for them.
 
Setting AP isolate = 0 for the Guest Network variables (keep in mind there are separate AP isolate variables for the main radios) survives restart of the router. If you make any change to the Guest Network via the GUI while Access Intranet is set to Disabled in the GUI, it will write the variable back to 1 and your ChromeCast will be broken again unless you set the variable manually I am using the first 5GHz Guest Network for IoT devices that use ChromeCast, so I set wl1.1_ap_isolate = 0 to allow ChromeCast to work.

interesting, is this only with guest 1, or all guest networks?
 
interesting, is this only with guest 1, or all guest networks?
In my testing, the AP isolate variable appears to work the same way for all Guest Networks.
 
Ha, why thank you ;) Have you tried using YazFi on 386? I’m waiting for 386 builds to come out of beta before I update to that branch, but I’m using YazFi on Merlin’s 384 branch, and that has an option of choosing whether or not to isolate clients from each other on the Guest SSIDs
Nope have not tried the YazFi scripts on 386.
 
@JimbobJay, no YazFi does not use/create VLANs. Subnets, yes.


its sounding like semantics to me at this point. vlan seems to be a very encompassing term. If Its separate networks on the same wire and hardware its virtual, or if its multiple wires and hardware tagged together. Even if its just an ssid. Everything is packet filtered obviously, the difference is with the tagging and the broadcasting size.

The only confusion that happened here is whether he was trying to communicate between devices on the same network group, (whatever you want to label it based on how its grouped), or with devices out of that network group. I assumed the reason guest 2 and 3 don't have the issues is because they have different subnets, even though technically possible with vlans this is a consumer router and I would not assume the router would be routing them to each other because it defeats the purpose without a more advanced firewall. But communicating within the same group is obviously a different story.

Of course a real VLAN is more like an actual AP on the same hardware and is much more secure and stable.. But lets be real here, this technical definition doesn't apply here. Its sort of like correcting someones spelling online when you still know what they meant.
 
Last edited:
In my testing, the AP isolate variable appears to work the same way for all Guest Networks.

hmm interesting. I wonder if thats why I was just having problem setting up a home threater system with two echo for an amazon fire stick, i ended up putting them on main network lol. I'm going to try again but I think the issue turned out i just had to reboot the fire stick. they do specify guest networks is not advised and everything has to be on same network but i'm curious now.
 
Nope have not tried the YazFi scripts on 386.

it works but he himself said he probably won't be coding it for aimesh anytime soon cause he only has one router at the moment. I'm hoping asus puts a way to specify dns for guest 1.
 
Correcting someone online even if you guessed the meaning is still helpful for the rest who don't/cannot guess the correct answer.

A computing device doesn't work on what we mean/intend. It understands only the functions it is programmed for.

Trying to discuss those functions making up your own terms (and even more confusingly, using terms that already means something else within the same topic being discussed) is not ingenious, it is illogical. And less than helpful to the discussion at hand.
 
Correcting someone online even if you guessed the meaning is still helpful for the rest who don't/cannot guess the correct answer.

A computing device doesn't work on what we mean/intend. It understands only the functions it is programmed for.

Trying to discuss those functions making up your own terms (and even more confusingly, using terms that already means something else within the same topic being discussed) is not ingenious, it is illogical. And less than helpful to the discussion at hand.

But when the functions And definitions have nothing to do with the solution its offtopic. bbunge had the real solution and thewan explained why he ops was the wrong approach to begin with. But like them i misunderstood the ops intention. Unlike you though besides Colin educating us on technical definition of a vlan he mentioned AP isolation, which I also mentioned and why he defined That as well. Its.not a guess as much as it is based on personal experience which always trumps textbooks. I think most people come here for Solutions not an education on textbook definitions.
 
Last edited:
Like mixing metaphors much?

I understood the distinction, but wasn't able to answer before others had. Your replies just confused the issue more (not for me).

It's okay to want to learn. But you can't teach when you're still a student. Particularly about topics that are well established already.

The textbook definitions are what guide us to a correct solution. These are technical issues we're dealing with, street smarts in networking don't just happen. Learning the language you want to speak goes a long way towards achieving understanding.
 
Like mixing metaphors much?

I understood the distinction, but wasn't able to answer before others had. Your replies just confused the issue more (not for me).

It's okay to want to learn. But you can't teach when you're still a student. Particularly about topics that are well established already.

The textbook definitions are what guide us to a correct solution. These are technical issues we're dealing with, street smarts in networking don't just happen. Learning the language you want to speak goes a long way towards achieving understanding.

lol my reply led to Colin explaining AP Isolation, which lead to the OP's revelation. Colin did more then just educate people on what a VLAN is. Stop trolling me. The people I respect most in the industry have no certifications. I used to have friends with all sorts of MS certifications and they would still come to me to fix their windows. Its meaningless to me, pieces of paper. The consultants hired by the corporations, those people with all the certifications work for, have none. I'm obviously no expert just a computer tech, but also worked as a mtg underwriter. There is really no school for those worlds, its all about real world experience.

This is the problem with the industry in general, and this goes for every aspect including networking, programming and security. The problem is people with inferiority complexes making things too complicated to feel smarter. Its as if it isn't complicated and elegant solution, then its not acceptable and can't be right. I use to think it was job security but I was wrong. This really has to change. Be more practical and simple especially when trying to help people.
 
To be fair, as someone who is relatively knowledgable in computer networking compared with the general population, but a novice compared to experts and most people on this forum, I think it was very useful to know the difference, and L&LD’s reply to my question about YazFi inspired me to go read this.

The fact that VLANs and subnets are indeed different, and that ASUS (and YazFi) were not using VLANs, helped me understand why YazFi was able to achieve something I always had trouble achieving on my Ubiquiti devices using actual VLANs, so easily.
 
I may (emphasis on may) have found where ASUS is unconditionally setting ap_isolate on the guest networks. If anyone would like to be a guinea pig (errr....tester :) ) I can do a build with a change that should make it respect the wlx.y_ap_isolate nvram settings..
 
I redid my echo home theatre with the fire stick on a guest 2, and then even guest 1 and it worked. My issue was I had to reboot the firestick to detect the echos. I kept intranet disabled. I'm not sure why the OP has problems with chromecast.

edit: sorry realized the thread is also about diversion? in which case OP should be following the advice of bbunge. even if only trying to communicate with guests in the same network I would still try to set up on guest 2 or 3 and see if it works, as he said he had to do himself.
 
Last edited:
To be fair, as someone who is relatively knowledgable in computer networking compared with the general population, but a novice compared to experts and most people on this forum, I think it was very useful to know the difference, and L&LD’s reply to my question about YazFi inspired me to go read this.

The fact that VLANs and subnets are indeed different, and that ASUS (and YazFi) were not using VLANs, helped me understand why YazFi was able to achieve something I always had trouble achieving on my Ubiquiti devices using actual VLANs, so easily.

which is what? What is it exactly you were trying to achieve? I would think the opposite. setting up a vlan on the unifi device would be easier. but I guess it depends on what you are trying to achieve with a guest network, which is usually complete isolation.

IMO you should be paying attention to what thewan said more then anything.
 
Last edited:
which is what? What is it exactly you were trying to achieve? I would think the opposite. setting up a vlan on the unifi device would be easier. but I guess it depends on what you are trying to achieve with a guest network, which is usually complete isolation.

I did mention it in one of my earlier posts, but perhaps you missed it:
When using Ubiquiti SOHO devices, I’ve been able to create different SSIDs and use VLAN tagging to route them accordingly to their different VLANs which use different subnets, but I always had trouble trying to also allow them to use a PiHole as their DNS server, which was on my main LAN and using its subnet. YazFi on Merlin seemed to make enabling this as an option a breeze, but I never quite understood if under the hood it was making a VLAN or not.



IMO you should be paying attention to what thewan said more then anything.

I read through the entire thread before I made my first post, and understand what thewan said on the first page, but that was also when everyone seemed to be under the impression that JWoo was trying to connect to the chromecast on the Guest Network whilst being connected to the the Main LAN wifi. Hence I made my post where I said we seem to be misunderstanding what it is JWoo was trying to achieve.

But I‘m not sure that’s too relevant to the point I was trying to make now. All I’m saying now is that there is indeed a difference between VLANs and subnets - the link I enclosed in my last post is quite informative - and it has helped me to understand this difference. It helped me to understand why it is harder to punch a hole through different VLANs so that they may communicate with other devices (for eg, so that you can use a DNS server located on one VLAN in a different VLAN - what I was trying to do when using ubiquiti in the past), as compared to punching a hole through different subnets via packet routing, which is what YazFi does when you can specify the subnet of a Guest SSID but also tell it to use the DNS server located in a different subnet.

Like I said in my reply to L&LD, I had always assumed YazFi was, under the hood, making a VLAN and doing the steps to achieve the same outcome I had been trying to get to when using ubiquiti. But this thread has helped me to understand that this is not the case, and routing packets between different subnets is different (and seemingly easier) than routing packets between different VLANs.
 
I did mention it in one of my earlier posts, but perhaps you missed it:






I read through the entire thread before I made my first post, and understand what thewan said on the first page, but that was also when everyone seemed to be under the impression that JWoo was trying to connect to the chromecast on the Guest Network whilst being connected to the the Main LAN wifi. Hence I made my post where I said we seem to be misunderstanding what it is JWoo was trying to achieve.

But I‘m not sure that’s too relevant to the point I was trying to make now. All I’m saying now is that there is indeed a difference between VLANs and subnets - the link I enclosed in my last post is quite informative - and it has helped me to understand this difference. It helped me to understand why it is harder to punch a hole through different VLANs so that they may communicate with other devices (for eg, so that you can use a DNS server located on one VLAN in a different VLAN - what I was trying to do when using ubiquiti in the past), as compared to punching a hole through different subnets via packet routing, which is what YazFi does when you can specify the subnet of a Guest SSID but also tell it to use the DNS server located in a different subnet.

Like I said in my reply to L&LD, I had always assumed YazFi was, under the hood, making a VLAN and doing the steps to achieve the same outcome I had been trying to get to when using ubiquiti. But this thread has helped me to understand that this is not the case, and routing packets between different subnets is different (and seemingly easier) than routing packets between different VLANs.

yep i missed it I guess. and ya, what jwoo was trying to do is irrelevant to what you are saying you are trying to achieve with a "vlan". If you don't want to say thats fine. Probably best to make a separate thread. What Yazfi does is referred to as a vlan by most novice users, which is who uses home consumer equipment, even if not technically correct. Thats probably why you referred to it as one yourself. Is Yazfi not accomplishing your goal the same as a technical vlan would? An actual vlan is not even possible on this router with maybe some serious scripting. If you enjoyed the education thats great. But you still didn't even find a solution to your problem which is my point. Even though this is not the thread for it, Wouldn't you like to know how to achieve what you want to do also? Besides just a technical definition of a label, don't you want to be able to achieve your goal? Does this technical definition even help you in any way? The definition alone Does not imo. You are still at square 1.

If you are saying you were trying to route between vlans, as thewan has stated, that kind of defeats the purpose of a guest network. But I hope you figure out how, with whatever you are trying to achieve as you achieve with yazfi, on whatever hardware you are using for peace of mind. I'm going to stop posting in this thread with offtopic comments now.
 
yep i missed it I guess. and ya, what jwoo was trying to do is irrelevant to what you are saying you are trying to achieve with a "vlan". If you don't want to say thats fine. Probably best to make a separate thread.

Oh sorry, I thought it was obvious from context that I was just talking about the ubiquiti equivalent to Guest Networks on ASUS, but perhaps it was not as obvious as I thought. I just meant that when using ubiquiti, I have created Guest SSIDs that use VLANs and VLAN tagging to create Guest Networks so I could isolate guest devices and IOT devices from my main LAN, and those VLANs use different subnets.

I had always assumed that YazFi on ASUS-Merlin was doing the same thing, just without me manually having to do it myself. This thread has helped me understand they weren’t doing the same thing, as subnets and VLANs are indeed different. That’s all. I was just trying to say that L&LD had a point - there is a difference and it is helpful for people like me reading these threads for them to know the difference.

But yes, we are straying off-topic - although I suppose a lot of this thread has been off-topic seeing as no one actually understood the issue and change JWoo was trying to highlight until the second page :oops:
 
Oh sorry, I thought it was obvious from context that I was just talking about the ubiquiti equivalent to Guest Networks on ASUS, but perhaps it was not as obvious as I thought. I just meant that when using ubiquiti, I have created Guest SSIDs that use VLANs and VLAN tagging to create Guest Networks so I could isolate guest devices and IOT devices from my main LAN, and those VLANs use different subnets.

I had always assumed that YazFi on ASUS-Merlin was doing the same thing, just without me manually having to do it myself. This thread has helped me understand they weren’t doing the same thing, as subnets and VLANs are indeed different. That’s all. I was just trying to say that L&LD had a point - there is a difference and it is helpful for people like me reading these threads for them to know the difference.

But yes, we are straying off-topic - although I suppose a lot of this thread has been off-topic seeing as no one actually understood the issue and change JWoo was trying to highlight until the second page :oops:

but it is doing the same thing, isn't it? just the method of how it does it is different. Maybe someone more knowledgable can educate us further lol. As I know it, a vlan is way more secure and stable because there is less chance of conflicts. But if you are achieving your goal with no issues imo, who cares?

I think what makes using a guest network on a wifi router is easier because you don't have to setup different routing rules. But what makes a vlan easier is intervlan isolation is much more secure and stable and you have more advanced routing features. But that can also come with problems as I guess you have run into.

and yes you make a good point about being offtopic, but when focusing on a solution to the guys problem and not just semantics, getting it is inevitable. Throwing the AP Isolation setting into the mix as a "Guess" as L&DL would call it, led to the revelation.
 
Your issue is likely a result of Diversion. I had issues with Guest Network index 1 with Diversion installed. Removed Diversion and clients on Guest Network index 1 work as intended. The work around is to use Guest Network index 2 or 3 or remove Diversion.

I was just looking at those guest networks 1/2/3. What is the difference between the 3?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top