What's new

How to let Devices see each other in Guest network?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

If you look at my posts, I have previously written about this. You can set variable ap_isolate = 0 and then your IoT devices can communicate to each other. You don't need scripts. Just keep in mind that each time you save your guest network settings, it will set this variable back to 1 (a value of 1 means isolation is turned on).

To check AP Isolation use command:

nvram show | grep isolate

This will show all your wireless networks:

size: 66432 bytes (64640 left)
wl0.1_ap_isolate=0
wl0.2_ap_isolate=1
wl0.3_ap_isolate=0
wl0_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0
wl1_ap_isolate=0
wl_ap_isolate=0

wl0.x are the 2.4 Ghz guest networks and wl1.x are the 5 Ghz guest networks.

To change, as an example the 1st wireless network 5 Ghz:

nvram set wl1.1_ap_isolate=0

nvram commit

reboot

This was immensely helpful, thank you!

I, however, managed to mess up the first time with a typo. (app instead of ap). So now there's an entry "wl0.1_app_isolate=0". Does anyone know how would I go about removing it? TIA
 
Hi, posting a topic related sub-question here since it is indeed a relevant one. I have a 3 site-to-site VPN setup according to this description including a detailed diagram here https://www.snbforums.com/threads/3-way-site-to-site-openvpn.82046/#post-805377

You see on the right-hand-side of the diagram there is a site called "Site-Jö". There I have Guest networks GN1 (2.4Ghz) and GN2 (5Ghz) activated, as I earlier asked here in this post.

My isolation looks like this since I need devices on the guest net be able to communicate with each other.

nvram show|grep isolate
wl0.1_ap_isolate=0
wl0.2_ap_isolate=0
wl0.3_ap_isolate=0
wl0.4_ap_isolate=0
wl0_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0
wl1_ap_isolate=0
wl_ap_isolate=0

Client on GN1 ( 192.168.101.0/24) GN2 (192.168.102.0/24) cannot access primary network (192.168.2.0/24) precisely as it should be. So all is good up until now. But the story goes on like this.

The problem arises where clients on GN1 and GN2 are able to actually access the hosts located behind the VPNs at both Site-KL and Site-JS. And this is really bad. So I need in some way to isolate the traffic from GN1/GN2 over to nets behind the VPNs. How do I do it? Any iptable rules, and to what tables?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top