In the process of 'hardening' my network before adding a lot of IOT devices that need controlled internet access. To limit connections to only devices I authorize I enabled "Access Control" and then authorized all the devices on the network (and discovered a few that I didn't know about).When access control is enabled and the devices are authorized I have found that most of my WiFi devices can't access printers or the NAS on the wired network. To make it weirder: Running IPscan there are a couple wired devices that they can see. bIt is almost acting like "Access Control" turns the WiFi into a 2nd guest network. (Yes I have the current firmware V2.3.5.30)Is there any resolution to this? Accessing the local network is a basic function so this seems like a pretty big logic flaw in the routing.

You are correct. Orbi's primary network is one network. All devices are accessible to every other device, wired/WiFi makes no difference. So, something is wrong and the task is to figure out what it is. Access control is a bit tricky. For example, there is a section of "Blocked Devices" that is at the very bottom of the web page (have to scroll down... and down some more). I didn't even see this table for (a long time - sigh). Another wrinkle is the Orbi "app". Sometimes the app does weird things to Access Control. I have yet to figure out what that "slider" control actually means. "Pause"? Does that mean "Blocked", or .... what? If you have never used the Orbi app on this Orbi, then of course the app cannot play any part in this. My approach would be to verify that everything works correct with Access Control turned off. Can devices print and access the NAS? Do the printers and NAS have IP addresses "assigned" in the LAN Setup?

Some devices have hard coded IPs and even more have reservations but some are outside the DHCP lease range (100 to 199). (Wanted DNS to know the host names.)"Access Control" is the toggle switch that makes it so the wireless can or can't see some of the wired devices. When "Access Control" is turned on nothing is on the blocked list as I had allowed everything that is on the network, so that isn't an issue.BTW - I don't have or use the Orbi app. I have no interest in a cloud based solution for configuring a router. It serves no purpose except to create an unnecessary security risk.Here is two IPscans from a laptop connected via WiFi made back to back after toggling the "Access Control".----------------------------Access Control offIP Ping Hostname172.20.20.1 3 ms [n/a]172.20.20.100 11 ms [n/a]172.20.20.101 3 ms [n/a] 172.20.20.103 5 ms [n/a] 172.20.20.104 3 ms [n/a] 172.20.20.105 3 ms Den---AVR-X2400H.local 172.20.20.106 7 ms T-Lap172.20.20.111 0 ms ZB-Lap172.20.20.113 0 ms [n/a]172.20.20.120 5 ms [n/a]172.20.20.150 3 ms DESK172.20.20.222 4 ms [n/a]172.20.20.230 5 ms [n/a] 172.20.20.231 4 ms [n/a] ----------------------------Access Control onIP Ping Hostname172.20.20.1 3 ms [n/a]172.20.20.100 8 ms [n/a]172.20.20.101 1 ms [n/a]172.20.20.103 6 ms [n/a]172.20.20.104 3 ms [n/a]172.20.20.105 3 ms Den---AVR-X2400H.local172.20.20.106 7 ms T-Lap172.20.20.111 0 ms ZB-Lap172.20.20.113 0 ms [n/a]172.20.20.150 4 ms DESK172.20.20.222 5 ms [n/a]172.20.20.230 7 ms [n/a]172.20.20.231 7 ms [n/a]----------------------------You can see that the HP 4000N on 172.20.20.120 disappears as soon as the Access Control is turned on. The NAS does the same thing but it is currently on a different network doing a data transfer to a new NAS.If I leave Access Control on and plug the laptop into a patch cable the printer instantly reappears. The network's pyisical topology is rather flat. Internet comes into the Orbi. Connected to one of the LAN ports on the Orbi is a 24 port managed gig switch. The only other patch cable connected to the Orbi is the home automation hub. It is pretty simple.The big thing is there is no doubt that the Orbi is what is blocking communication to the printer and the NAS. I'm almost afraid to turn on VPN and I'm going to need that to get secure remote access for the home automation. Thanks for looking

Thanks for testing. It is common for people to 'assign' IP's outside the DHCP range, and even set aside parts of the subnet for static IP's. That's all good.I have no experience with a "managed switch", but have read numerous comments about Orbi having problems with managed switches, specifically with IGMP. Could you perhaps see if there is a way to disable any IGMP capability on the switch and see if that changes anything? (Should it? Of course not. But, does it?) By-the-way, I have OpenVPN running on two separate Orbi's using Dynamic IP from No-IP.com I have a suspicion that one of them does not survive a change of public IP, but will have to wait to see if it fails again. On my Windows machine, I installed "tunXten" so that I can switch easily between VPN's. (Have no problem on Linux.) Following the directions exactly was the key to getting OpenVPN to work. I thought, "I'm a computer guy. I don't need no stupid directions!" As Stan said to Ollie, "what another fine mess."

There is no IGMP on this switch. IGMP is a layer 3 protocol for routing so it would be unusual to see it on a switch unless it had some routing functions added to it.- A managed switch just means you can log into it, have some configuration of ports, error reporting, and usually you can configure VLANs. (And if you configure VLANs some switches will let you setup some routing related to the VLANs.)My guess is that my options are:- Reset the router to factory default and reconfigure it.- Hope that NetGear issues a fix.- Put in a Ubiquiti Unifi me$h.Hate spending money twice.

Thanks. I had to ask. We had a question this week from a person with a 24 port "switch" that did everything but deliver coffee. Care to share the specific brand and model number of the switch? GambleHomeSec wrote:My guess is that my options are:- Reset the router to factory default and reconfigure it. Unless someone suggests something else, this is the most likely "next step."- Hope that NetGear issues a fix. I would not count on this. Since others do not report this issue, Netgear is not likely to think a fix is necessary.- Put in a Ubiquiti Unifi me$h. Yes, expensive. I hear they are great, but have no personal knowledge. Probably should spend some time on their user forum first.Resetting the Orbi to factory costs only time (perhaps a LOT of time). I would probably take this opportunity to give the printer an assigned IP address, rather than have it get a DHCP "luck of the draw." (Maybe you already did this.) Just for fun, what happens when the Access Control is set to "Allow all new devices to join the network" rather than "Block all new..." I have no idea why Netgear would make this an option (seems incompatible with the very idea of "Control"), but they do.

Enabled "Access Control" and WiFi can't see wired devices.

15 Replies

CrimpOn
Guru - Experienced User
Sep 14, 2019
You are correct. Orbi's primary network is one network. All devices are accessible to every other device, wired/WiFi makes no difference. So, something is wrong and the task is to figure out what it is.

Access control is a bit tricky. For example, there is a section of "Blocked Devices" that is at the very bottom of the web page (have to scroll down... and down some more). I didn't even see this table for (a long time - sigh).

Another wrinkle is the Orbi "app". Sometimes the app does weird things to Access Control. I have yet to figure out what that "slider" control actually means. "Pause"? Does that mean "Blocked", or .... what? If you have never used the Orbi app on this Orbi, then of course the app cannot play any part in this.

My approach would be to verify that everything works correct with Access Control turned off. Can devices print and access the NAS?

Do the printers and NAS have IP addresses "assigned" in the LAN Setup?
- GambleHomeSec
  Aspirant
  Sep 14, 2019
  Some devices have hard coded IPs and even more have reservations but some are outside the DHCP lease range (100 to 199). (Wanted DNS to know the host names.)
  "Access Control" is the toggle switch that makes it so the wireless can or can't see some of the wired devices. When "Access Control" is turned on nothing is on the blocked list as I had allowed everything that is on the network, so that isn't an issue.
  BTW - I don't have or use the Orbi app. I have no interest in a cloud based solution for configuring a router. It serves no purpose except to create an unnecessary security risk.
  
  Here is two IPscans from a laptop connected via WiFi made back to back after toggling the "Access Control".
  ----------------------------
  Access Control off
  IP             Ping Hostname
  172.20.20.1    3 ms [n/a]
  172.20.20.100 11 ms [n/a]
  172.20.20.101 3 ms [n/a]
  172.20.20.103 5 ms [n/a]
  172.20.20.104 3 ms [n/a]
  172.20.20.105 3 ms Den---AVR-X2400H.local
  172.20.20.106 7 ms T-Lap
  172.20.20.111 0 ms ZB-Lap
  172.20.20.113 0 ms [n/a]
  172.20.20.120 5 ms [n/a]
  172.20.20.150 3 ms DESK
  172.20.20.222 4 ms [n/a]
  172.20.20.230 5 ms [n/a]
  172.20.20.231 4 ms [n/a]
  
  ----------------------------
  Access Control on
  IP             Ping Hostname
  172.20.20.1    3 ms [n/a]
  172.20.20.100 8 ms [n/a]
  172.20.20.101 1 ms [n/a]
  172.20.20.103 6 ms [n/a]
  172.20.20.104 3 ms [n/a]
  172.20.20.105 3 ms Den---AVR-X2400H.local
  172.20.20.106 7 ms T-Lap
  172.20.20.111 0 ms ZB-Lap
  172.20.20.113 0 ms [n/a]
  172.20.20.150 4 ms DESK
  172.20.20.222 5 ms [n/a]
  172.20.20.230 7 ms [n/a]
  172.20.20.231 7 ms [n/a]
  ----------------------------
  You can see that the HP 4000N on 172.20.20.120 disappears as soon as the Access Control is turned on. The NAS does the same thing but it is currently on a different network doing a data transfer to a new NAS.
  If I leave Access Control on and plug the laptop into a patch cable the printer instantly reappears. The network's pyisical topology is rather flat. Internet comes into the Orbi. Connected to one of the LAN ports on the Orbi is a 24 port managed gig switch. The only other patch cable connected to the Orbi is the home automation hub. It is pretty simple.
  
  The big thing is there is no doubt that the Orbi is what is blocking communication to the printer and the NAS. I'm almost afraid to turn on VPN and I'm going to need that to get secure remote access for the home automation.
  
  Thanks for looking
  - CrimpOn
    Guru - Experienced User
    Sep 15, 2019
    Thanks for testing. It is common for people to 'assign' IP's outside the DHCP range, and even set aside parts of the subnet for static IP's. That's all good.
    I have no experience with a "managed switch", but have read numerous comments about Orbi having problems with managed switches, specifically with IGMP. Could you perhaps see if there is a way to disable any IGMP capability on the switch and see if that changes anything? (Should it? Of course not. But, does it?)
    
    By-the-way, I have OpenVPN running on two separate Orbi's using Dynamic IP from No-IP.com I have a suspicion that one of them does not survive a change of public IP, but will have to wait to see if it fails again. On my Windows machine, I installed "tunXten" so that I can switch easily between VPN's. (Have no problem on Linux.) Following the directions exactly was the key to getting OpenVPN to work. I thought, "I'm a computer guy. I don't need no stupid directions!" As Stan said to Ollie, "what another fine mess."

Forum Discussion

Enabled "Access Control" and WiFi can't see wired devices.