What's new

Guest Network on 386 builds doesn't play nice with Chromecast, and a potential workaround

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I'll bite! RT-AX86U for me please, and thank you!

Yes, I have the RT-AX58U too!
 
Thanks @john9527 ! A quick question. Not sure if it is what Asus intended or not but in the 386.1 builds, the wlx.y_ap_isolate setting seems to survive restart in my testing. What is the change in the patch so I test it correctly?
 
@JWoo @L&LD

There's an AX58 build in my development folder
https://1drv.ms/f/s!Ainhp1nBLzMJiF2l3WjM46lSmxrH

Hoping this will respect the wlx.y_ap_isolate settings for the guest network.....you still need to set them manually.
Good luck!
Hi @john9527 , I do not see a change in behavior with the patch.

Even with the patch applied, if I set Guest Network Access Intranet = Disable and apply the Guest Network settings, the Guest Network function will set wlx.y_ap_isolate = 1 which is what also kills ChromeCast.

1608149258228.png


With or without the patch, I can manually turn off AP isolation by setting wlx.y_ap_isolate = 0. With or without the patch, the wlx.y_ap_isolate value survives a restart of the router.
 
Last edited:
@JWoo did you do a full reset to factory defaults after flashing the test firmware? And, not use a saved backup config file afterward?
 
@JWoo did you do a full reset to factory defaults after flashing the test firmware? And, not use a saved backup config file afterward?
I did a dirty flash from 386.1 Beta 2. The aim is to check the behavior of these variables.

After dirty flash, I checked that wl0.1_ap_isolate = 1 and all 5 others = 0. That is my baseline.

I then made changes to the Guest Networks, and I found that any Guest Network that I saved with Access Intranet = Disabled changed the wlx.y_ap_isolate variable to 1, meaning that AP isolation is now on and ChromeCast will not work.

I also found that the wlx.y_ap_isolate variables survive restart with the patch, which is the same as before the patch.

I did not see a change in behavior on the router with patch applied as to how the variables are handled.

What has your own testing uncovered?
 
Still with customers at the moment, no testing yet.

With a dirty flash, you're not testing properly, IMO.
 
@JWoo @L&LD
Oh well.....I'll keep looking. I was guessing about a what a closed source function is doing based on it's name and use. It may be that they are doing more there than the name would imply....
Thanks for taking the time to check it out.

With a dirty flash, you're not testing properly, IMO.
Shouldn't make a difference if you are loading over beta2. It was a small, targeted change.
 
@JWoo @L&LD
Oh well.....I'll keep looking. I was guessing about a what a closed source function is doing based on it's name and use. It may be that they are doing more there than the name would imply....
Thanks for taking the time to check it out.


Shouldn't make a difference if you are loading over beta2. It was a small, targeted change.
Maybe @ASUSWRT_2020 could change the Guest Network setting to allow 3 choices instead of just Access Intranet = Enabled or Disabled. The settings called be called Enabled, Disabled and AP Isolation.

Option 1) Access intranet enabled (same as current setting ENABLED)
Option 2) Access intranet disabled but enable Guests to communicate with other Guests on same SSID (a new setting that does not exist today, basically DISABLED plus wlx.y_ap_isolate =0)
Option 3) Access intranet disabled and isolate all devices on Guest SSID (same as current setting of DISABLED)
 
@john9527 thanks for writing the patch even though it did not solve this problem. It is hard with closed source elements that is for sure. BTW, I used your fork for a long time on my RT-AC68U before it finally died. You were an extremely early adopter of DNS over TLS and converted me too!
 
Last edited:
Not much to add except me too. The difference is that I don't use chromecast, only iot's and I'm having a hard time using them (was fine with 384). I've upgraded the firmaware on the iot's at the same time and made the developers check for a non existing bug. JWoo did you test setting the ap isolate=0 with aimesh 2? with guest network on the node? if not , I will try it.
 
Not much to add except me too. The difference is that I don't use chromecast, only iot's and I'm having a hard time using them (was fine with 384). I've upgraded the firmaware on the iot's at the same time and made the developers check for a non existing bug. JWoo did you test setting the ap isolate=0 with aimesh 2? with guest network on the node? if not , I will try it.
I am not using AIMesh, so you'd be a better choice to test that out. I have only tested setting ap_isolate = 0 on guest networks with ChromeCast as a fix for ChromeCast.
 
Well, i could't use my implementation of mqtt and now I can, on my main router at least. Tomorrow will try on my node. The other problem was frequent disconnects, time will tell.

using nvram show | grep isolate

router:

wl0.1_ap_isolate=0
wl0.2_ap_isolate=1
wl0.3_ap_isolate=0
wl0_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0
wl1_ap_isolate=0
wl_ap_isolate=0

node:

wl0.1_ap_isolate=0
wl0.2_ap_isolate=0
wl0.3_ap_isolate=0
wl0_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0
wl1_ap_isolate=0
wl_ap_isolate=0

didn't check before... I'm using guest 1, mostly in the 2.4ghz band
 
the problem here is protocols though. This first statement in this article might be easier to understand Are Layer 2 or Layer 3 Protocols Better? Yes. - Component (biamp.com) I was asking which category you assume chromecast falls into. As an above poster stated google implies it won't work with a guest network, which is assumed to be isolated. So the question is, is your chromecast routing outside the subnet/lan? I'm assuming it stays within the lan. I use chromecast to my tv but specifically made sure not to put my phone and tv on different vlans. Aka ssid with diff Subnet(which latest firmware does for guest 1) or with intranet disabled. Also make sure ap isolate is not on.

As a different example, i put my echo, ring, blink and nest devices on isolated guest networks because those are accessed through the wan side.
ChromeCast uses the DIAL protocol (not to be confused with the soap) which me thinks is like Layer 7. ChromeCast works great with guest networks but will not work when the AP isolation function is turned on. That is the crux.
 
Last edited:
ChromeCast uses the DIAL protocol (not to be confused with the soap) which me thinks is like Layer 7. ChromeCast works great with guest networks but will not work when the AP isolation function is turned on. That is the crux.

I notice most companies say a guest network is not recommended but I guess thats because they assume you will try to connect between different networks or because as we have learned depending on what platform its implemented they behave differently. I'm just glad ap isolation actually works now and guest networks are more isolated with separated subnets. lol because before this firmware it was all pointless in many respects. So it does show Asus listens to their customers at least.

So the real crux as I understand it is that when you turn off ap isolation the setting doesn't survive a reboot? What I don't understand is why this also wouldn't affect non guest networks since its per wifi band and not network. or am I missing something? If it only affects guess networks that have intranet disabled, then double bravo to asus and with guest 1 now ethernet will be isolated from them which wasn't always the case before.
 
We may all need AP isolation in an
I notice most companies say a guest network is not recommended but I guess thats because they assume you will try to connect between different networks or because as we have learned depending on what platform its implemented they behave differently. I'm just glad ap isolation actually works now and guest networks are more isolated with separated subnets. lol because before this firmware it was all pointless in many respects. So it does show Asus listens to their customers at least.

So the real crux as I understand it is that when you turn off ap isolation the setting doesn't survive a reboot? What I don't understand is why this also wouldn't affect non guest networks since its per wifi band and not network. or am I missing something? If it only affects guess networks that have intranet disabled, then double bravo to asus and with guest 1 now ethernet will be isolated from them which wasn't always the case before.

There are separate AP isolation parameters for the Guest Networks than for the main radios.

GUEST NETWORK
wl0.1_ap_isolate=1
wl0.2_ap_isolate=0
wl0.3_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0

MAIN RADIOS
wl0_ap_isolate=0
wl1_ap_isolate=0

The Guest Network AP isolation works when the parameter is set = 1. The settings do survive reboot, but are changed anytime you save the Guest Network settings in the GUI. I am using my 2.4GHz guest network with AP isolation as I have a doorbell and some Wyze cameras on that network and the isolation keeps all the devices from communicating with any other devices. On my 5GHz guest network, I am using devices that cast so I have the AP isolation parameter set to 0 so these devices can find each other.
 
We may all need AP isolation in an


There are separate AP isolation parameters for the Guest Networks than for the main radios.

GUEST NETWORK
wl0.1_ap_isolate=1
wl0.2_ap_isolate=0
wl0.3_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0

MAIN RADIOS
wl0_ap_isolate=0
wl1_ap_isolate=0

The Guest Network AP isolation works when the parameter is set = 1. The settings do survive reboot, but are changed anytime you save the Guest Network settings in the GUI. I am using my 2.4GHz guest network with AP isolation as I have a doorbell and some Wyze cameras on that network and the isolation keeps all the devices from communicating with any other devices. On my 5GHz guest network, I am using devices that cast so I have the AP isolation parameter set to 0 so these devices can find each other.

what about the gui settings? And so i guess a minor issues then.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top