NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
CAUTION: Orbi's Wifi Guest Network does not really isolate guests from main network
I was just playing around around with the Guest Network in Orbi and made a rather disturbing discovery that guest clients don't seem to be separated totally from the main network, in fact can access ...
It sounds like the Orbi forwards multicast IP packets between the guest and main networks, even when the isolation box is selected, but blocks other IP traffic between these zones. I'm just guessing. I would agree this is a bug. I wonder if this was done to support some services that use broadcast or multicast, like DHCP or uPNP? If so, I would like to see configuration options / check boxes to allow or block specific broadcast and multicast traffic from leaking between guest and primary networks.
Even if the Orbi forwards IP multicast between guest and main networks, that doesn't explain why access to the printer and file server are permitted. Hopefully, Netgear will investigate and respond soon.
I would hope in router mode all connections to the guest SSID would provide a separate subnet, i.e. 192.168.10.xxx and assign IPs. That would provide direct access to the internet thru the router but prevent any connectivity to the normal LAN. I know with FiOS here and having to keep their router in the loop, when I tested google wifi (they don't allow bridge mode and mesh and have a locked in 192.168.86.xxx LAN) I could not access my FiOS local LAN.
Using a separate subnet is one way to implement a guest network, but it can be done with one subnet. It just has to be done with the right set of internal policies to block traffic. Even with two subnets, some sort of policy is required in order to keep the traffic segregated.