YazFi Using 2 Guest Networks with Yazfi and Disabling Intranet for Access Points

[poolbeetse7en]

I wonder if someone can point me in the right direction here. I am trying to set up the following SSIDs on my AX56U router. I have YazFi installed, and the requirements are:

- 2.4Ghz Guest Network for IOT Devices (Disable local access/intranet access) 192.168.3.x
- 5Ghz Guest Network for Other (Disable local access/intranet access) 192.168.5.x

After some testing, it seems that these devices are still able to communicat with my main 192.168.1.x network devices which I would like to isolate. Am I missing something plainly obvious? The intranet setting is disabled for both and I have tried Guest Network #2 for both 2.4 abd 5Ghz with the same result. I may be missing something in YazFi as this is my first time using. Really appreciate the help. Thank you!

 

[bennor]

YazFi works only on the main router. It does not work on, or flow down to, AiMesh or Access Point nodes connected to the main router. Per the developer:

YazFi doesn't work on Aimesh nodes. The guest network on the node will be unrestricted

When installing YazFi it will enable the Access Intranet option on the Guest Network page. Do not disable or change that option on the Guest Network page. YazFi adds it owns rules to block intranet access. One controls YazFi intranet access by enabling the One-Way and Two-Way to Guest option on the YazFi GUI (or in the YazFi CLI). Or by using the YazFi custom firewall rules scripting.

 

[poolbeetse7en]

YazFi works only on the main router. It does not work on, or flow down to, AiMesh or Access Point nodes connected to the main router. Per the developer:

When installing YazFi it will enable the Access Intranet option on the Guest Network page. Do not disable or change that option on the Guest Network page. YazFi adds it owns rules to block intranet access. One controls YazFi intranet access by enabling the One-Way and Two-Way to Guest option on the YazFi GUI (or in the YazFi CLI). Or by using the YazFi custom firewall rules scripting.

Thank you for the reply and sorry for the delay in replying. I've been trying various things to get this resolved.

It looks as though something was a-miss with my YazFi as it was still applying 192.168.1.x (Main) addresses to my guest netwoks. Reinstalling fixed this problem , so now both my guest networks are getting isolated and working fine on the Asus router, but....

My access points (Linksys AX5400) don't. I know this has nothing to do with Merlin/YazFi, but i was hopping that if I used the same SSID as my guest networks on the router, then the same DCHP addresses would be provided to them from the access points. That's not the case. It wouldn't be such a big deal if my Guest Network option on the access points actually did what it is supposed to. Block local LAN access. It does not.

OpenWRT firmware has recently just been made available for these Linksys AX5400 units, so perhaps I should just try that ast the stock firmware is honestly terrible!

Thanks again for the reply

 

[bennor]

My access points (Linksys AX5400) don't.

If the access point is connected by Ethernet to the main router then that would explain it. YazFi does not extend to wired clients connected to the main LAN router. YazFi is WiFi only.

Guest Network Pro supported Asus routers (3006.102.x firmware) allows for VLAN's which can be used to segment wired clients on the main router to the same Guest Network IP address pool as Guest Network WiFi clients.

 

[poolbeetse7en]

If the access point is connected by Ethernet to the main router then that would explain it. YazFi does not extend to wired clients connected to the main LAN router. YazFi is WiFi only.

Guest Network Pro supported Asus routers (3006.102.x firmware) allows for VLAN's which can be used to segment wired clients on the main router to the same Guest Network IP address pool as Guest Network WiFi clients.

Thank you! It's obviously something I don't know much about. I think what I'll do now is disable the WiFi on my AX56U router and use the 3 access points, but set them up with VLANS. A bit of work to do, but it should solve my problem. Really appreciate your help