NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

anschmid's avatar
anschmid
Apprentice
Feb 03, 2017

CAUTION: Orbi's Wifi Guest Network does not really isolate guests from main network

I was just playing around around with the Guest Network in Orbi and made a rather disturbing discovery that guest clients don't seem to be separated totally from the main network, in fact can access ...
Troubleshooting
Vahik's avatar
Vahik
Aspirant
Mar 07, 2019
Activated the guest mode and uncheck the "Allow guests to see each other and access my local network". Now on guest wifi, can not open the routers login page, but all connected devices to the main wifi are visible by NetAnalyzer app on android.
  • BIG9MM's avatar
    BIG9MM
    Apprentice
    Mar 07, 2019
    Visible by NetAnalyzer app on android, yup no new news at all. That is why they put out the Orbi PRO version I believe.
     
  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Mar 07, 2019
    Vahik wrote:
    Activated the guest mode and uncheck the "Allow guests to see each other and access my local network". Now on guest wifi, can not open the routers login page, but all connected devices to the main wifi are visible by NetAnalyzer app on android.

    Yes - however you won't be able to establish e.g. TCP or UDP connections for example beteen the different networks. This was explained in this thread before several times. Scroll back to about Messge #57 - there is even a reply from johngm  on the subject. https://community.netgear.com/t5/Orbi/CAUTION-Orbi-s-Wifi-Guest-Network-does-not-really-isolate-guests/m-p/1540059/highlight/true#M26848 Netgear does not intend to enhance things towrds a full VLAN-like isolation on the consumer routers (Nighthawk, Orbi). Only the Orbi Pro systems will get (or have received already) some enhancements. 

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Mar 07, 2019

      All the guest WLAN, the standard WLAN and the LAN are sharing the same L2 infrastructure including the very same TCP/IP subnetwork and DHCP server with DHCP pool and more. With the isolation feature for the guest network enabled (that's all there is implemented!), the individual guests can't communicate with other devices on the guest network or with devices on the standard (W)LAN. In no way this is providing a complete L2 isolation bottom up.