NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Bridge group to isolate traffic
I have an Orbi RBK50 router with 2 satellite, and I also have a 2nd non-Orbi wifi router. I wanted to isolate the network traffice of my IoT devices from my laptops/phones. I put the IoT devices on t...
What about attaching the IoT devices to the Orbi guest network and not letting guests see the regular network?
I've read on this forum that the guest network is not truly isolated from the main network and that people have been able to access devices on the main network from the guest network, so I was hoping for an alternate solution.
orbier981 wrote:
I've read on this forum that the guest network is not truly isolated from the main network and that people have been able to access devices on the main network from the guest network, so I was hoping for an alternate solution.
Your memory is correct. There have been comments about the Guest network not being totally isolated. The recent firmware updates have made changes to how Guest works. It might be worth a few minutes to upgrade to the latest firmware and see if you can get access to anything on the primary network from Guest. Of course, smartphone apps on the Guest network will still control IoT devices on the primary network because they go through "the cloud", much like when they are not connected to Orbi at all.
Disclosures: (1) I don't use the Guest network feature, and (2) I'm not confident that I would know how to "prove" that Guest is totally isolated from the primary network.
CrimpOn wrote:
What about attaching the IoT devices to the Orbi guest network and not letting guests see the regular network?
I enabled the Orbi guest network and tried several of my network scanners. They see the laptop I was scanning from, but nothing else. I tried http and telnet to the Orbi router and satellite. Both timed out. One interesting phenomenon: one scanner filled up the ARP table with MAC addresses for most of the devices attached to the Orbi. I checked several times. (Delete Arp cache. Display cache - all gone. Run scanner. Display cache - they're back.) There is probably a good reason why Arp needs to be enabled on the Guest network (to talk to the router or satellite, perhaps?) It could be a lot of trouble for the Orbi to keep a table of "show Guests the Arp entry for these IP's,, but not any others. Actually, a simple table might not work if devices on the Guest network are allowed to see other devices on Guest.
Anyway, I have exhausted my skills about how to get at the Orbi network from the Guest Wi-Fi. Seems pretty secure to me.