How to let Devices see each other in Guest network?

[TyantA]

If you look at my posts, I have previously written about this. You can set variable ap_isolate = 0 and then your IoT devices can communicate to each other. You don't need scripts. Just keep in mind that each time you save your guest network settings, it will set this variable back to 1 (a value of 1 means isolation is turned on).

To check AP Isolation use command:

nvram show | grep isolate

This will show all your wireless networks:

size: 66432 bytes (64640 left)
wl0.1_ap_isolate=0
wl0.2_ap_isolate=1
wl0.3_ap_isolate=0
wl0_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0
wl1_ap_isolate=0
wl_ap_isolate=0

wl0.x are the 2.4 Ghz guest networks and wl1.x are the 5 Ghz guest networks.

To change, as an example the 1st wireless network 5 Ghz:

nvram set wl1.1_ap_isolate=0

nvram commit

reboot

This was immensely helpful, thank you!

I, however, managed to mess up the first time with a typo. (app instead of ap). So now there's an entry "wl0.1_app_isolate=0". Does anyone know how would I go about removing it? TIA

 

[ColinTaylor]

So now there's an entry "wl0.1_app_isolate=0". Does anyone know how would I go about removing it? TIA

nvram unset wl0.1_app_isolate
nvram commit

 

[TyantA]

nvram unset wl0.1_app_isolate
nvram commit

What a prompt reply, thank you!

Edit: After 2 attempts (one without =0 and one with) after a reboot the entry is persisting.

 

[bortek]

Hi, posting a topic related sub-question here since it is indeed a relevant one. I have a 3 site-to-site VPN setup according to this description including a detailed diagram here https://www.snbforums.com/threads/3-way-site-to-site-openvpn.82046/#post-805377

You see on the right-hand-side of the diagram there is a site called "Site-Jö". There I have Guest networks GN1 (2.4Ghz) and GN2 (5Ghz) activated, as I earlier asked here in this post.

My isolation looks like this since I need devices on the guest net be able to communicate with each other.

nvram show|grep isolate
wl0.1_ap_isolate=0
wl0.2_ap_isolate=0
wl0.3_ap_isolate=0
wl0.4_ap_isolate=0
wl0_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0
wl1_ap_isolate=0
wl_ap_isolate=0

Client on GN1 ( 192.168.101.0/24) GN2 (192.168.102.0/24) cannot access primary network (192.168.2.0/24) precisely as it should be. So all is good up until now. But the story goes on like this.

The problem arises where clients on GN1 and GN2 are able to actually access the hosts located behind the VPNs at both Site-KL and Site-JS. And this is really bad. So I need in some way to isolate the traffic from GN1/GN2 over to nets behind the VPNs. How do I do it? Any iptable rules, and to what tables?