I have this router: RT-AC66U_B1 (base model: RT-AC68U)
BCM470x - Cortex A7 ARMv7 revision 0 - Rev. c0 (Cores: 2)
Currently running: Merlin firmware 386.10
in AP mode, all SSID's seem to share my default LAN subnet as doled out by my pfSense router's DHCP server, 192.168.3.100+ and there seems to be no way to isolate the guest SSID's from my trusted WiFi SSID. Simply, I want cell phones, tablets, TV's, and other IoT devices to have no access to my network but still have internet access.
Right now in AP mode, when they are on the Guest SSID's they can still access the network resources (SMB shares, etc) and there doesn't seem to be any to change this. I read that if I change the Asus router back to Router mode, there are more functions available, and that is true. In guest SSID's in Router mode there is a selection to "Allow Intranet Access" with enable and disable as the options. Great! If I "enable" then devices on the Guest SSID continue to share the "192.168.3.x" domain as DHCP assigned buy my pfSense box. Works as expected.
But if I set "Allow Intranet access" to disable, the guest SSID's start assigning devices as follows:
Now, I haven't set that anywhere, and the DHCP server on the Asus Router is off, and I have no record of these IP's or settings on my pfSense router to accomplish this numbering currently. Is this some internal coding in the Asus Merlin firmware? How is it accomplished, and is it already VLAN tagged? It is half-way to accomplishing what I want, sort of. Currently these "Intranet disabled" Guest SSID's can't access the rest of my network, but they also can't see the Internet via my pfSense gateway at 192.168.3.1. That's the problem, currently they are black-holed to nowhere.
Hopefully someone can help, I'd really appreciate it, and hopefully I don't have to buy a higher priced device. I'd love to re-use my existing hardware as its more than what I really need for wireless connections at the moment.
Let me know if you need any more details. Thanks in advance.
BCM470x - Cortex A7 ARMv7 revision 0 - Rev. c0 (Cores: 2)
Currently running: Merlin firmware 386.10
in AP mode, all SSID's seem to share my default LAN subnet as doled out by my pfSense router's DHCP server, 192.168.3.100+ and there seems to be no way to isolate the guest SSID's from my trusted WiFi SSID. Simply, I want cell phones, tablets, TV's, and other IoT devices to have no access to my network but still have internet access.
Right now in AP mode, when they are on the Guest SSID's they can still access the network resources (SMB shares, etc) and there doesn't seem to be any to change this. I read that if I change the Asus router back to Router mode, there are more functions available, and that is true. In guest SSID's in Router mode there is a selection to "Allow Intranet Access" with enable and disable as the options. Great! If I "enable" then devices on the Guest SSID continue to share the "192.168.3.x" domain as DHCP assigned buy my pfSense box. Works as expected.
But if I set "Allow Intranet access" to disable, the guest SSID's start assigning devices as follows:
- First guest SSID: 192.168.101.x
- Second guest SSID: 192.168.102.x
- etc.
Now, I haven't set that anywhere, and the DHCP server on the Asus Router is off, and I have no record of these IP's or settings on my pfSense router to accomplish this numbering currently. Is this some internal coding in the Asus Merlin firmware? How is it accomplished, and is it already VLAN tagged? It is half-way to accomplishing what I want, sort of. Currently these "Intranet disabled" Guest SSID's can't access the rest of my network, but they also can't see the Internet via my pfSense gateway at 192.168.3.1. That's the problem, currently they are black-holed to nowhere.
Hopefully someone can help, I'd really appreciate it, and hopefully I don't have to buy a higher priced device. I'd love to re-use my existing hardware as its more than what I really need for wireless connections at the moment.
Let me know if you need any more details. Thanks in advance.