NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Guest network can't access internet when client isolation is enabled
Hi, I got an AX1800 wireless AP. I'm trying to set up a guest network and personal network. I configured each of them to have a separate SSID and separate VLAN. My problem is that when I "enable ...
We have made some improvements to address your issue mentioned here. Current ETA to release the firmware is in mid of March.
Kindly wait till that time and provide your feeback.
Thanks,
Raghu
aefsdfsafwefaf wrote:The router is in fact the WAX610. It's running firmware version 9.2.07.
The WAX610 isn't a router, just a wireless access point. But I also understand you have a VLAN capable router and two VLANs configured based on your initial post.
aefsdfsafwefaf wrote:It seems that you MUST have the DHCP client setting enabled in order for the "wireless client isolation" feature to work. Is this how it is intended or is this a bug?
Now I see the full scope, it's clearly a bug.
aefsdfsafwefaf wrote:It is just and SSID with network client isolation enabled and put on the VLAN I configured for guests. With regards to this not being a consumer device—that is why I purchased it. However, I am wondering if it really is a business class device, because the solution I found (disabling the static clinet IP address for the AP configuration interface) was also described as a bug for a consumer level device. So I am suspect if the "business class" devices are just running consumer software under the hood.
Whatever ... there is a lot of low level code in use, some coming from the radio chipset makers, the base platform is industry standard, and with the WiFI 6 Mesh systems optionally supporting VLAN and multiple SSIDs it's well possible the same bug might be in place. There is a reason why a WAX610 can be priced around USD 160 ex VAT while other vendors put up business AP in the 400..600 USD or even more for cloud managed units, requiring on top annual software support and cloud management fees of 10..15% p.a., ... despite of using similar chipsets, platforms.
At the end of the day, we pay for the functionality, support, warranty, cloud services.
I know some people complain the WAC5xx and WAX6xx lack of features like a shell access, SNMPv3, ... just because they used to it from whatever overpriced enterprise class vendor. Netgear does promote these APs as Insight Managed WiFi 6 Wireless Access Points for SOHO, small and medium businesses. Price, performance, quality is perfectly right. Especially if deploying multiple units, where distances requiring distributed PoE+ switches, under Netgear's Insight Cloud management.
We have made some improvements to address your issue mentioned here. Current ETA to release the firmware is in mid of March.
Kindly wait till that time and provide your feeback.
Thanks,
Raghu
Thanks for the update and responsiveness đź‘Ť
Sorry to cut into an existing thread, but I installed the mid-March firmware on my AP such as WAC564 in non-Insight mode which had an SSID -Guest with Client Isolation, guest did not have any problems before the firmware update. No changes from default VLAN so I'd guess you'd call that Management. After the firmware update the client gets DHCP address but internet access such as tracert 8.8.8.8 fails.
Since it seems like it might be related to this, any chance you can explain your "improvements" - maybe there is some setting I need to go in and change, or maybe there is an issue which requires me to try something like toggling the Client Isolation off and then back on again? This was an item in the release notes (I am not doing URL Filtering and I think my using defaults means there is no non-management VLAN): Fixes the issue where clients cannot connect to the Internet if they are connected to the SSID with both Client Isolation and URL Filtering enabled on a non-management VLAN.
This is at my church, where I have updated four of the APs on the same LAN but left one on the previous firmware because it is WAC505 in router mode and I could not interrupt it in active use. I'm going back tonight to update that one, and will try to reply to this post if the guests are suddenly able to access internet again.
- I updated remaining AP, actually WAC510 (not 505) in router mode. -guest still failed to get internet. All default vlan 1 like I said. So I went into web GUI and under the -guest isolation checkbox I disabled the access to the AP GUI and Applied. That made -Guest get internet again! No idea whether it was just needing to apply any change to those settings, but it was easy for me to click that box about access to the AP GUI (rather than trying something else such as toggling isolation off and back on again).
Here a recap of the new bug for any Netgear firmware engineer out there, and another data point.
Models which got the mid-March firmware update such as WAC564 (presumably also WAC505 and WAC510 etc) had been running fine in standalone mode with a standard SSID such as Zero Day setup and a second -Guest SSID with defaults except Wireless Client Isolation enabled (no URL filtering or non-default VLANs or anything fancy like that). After firmware update, clients on that -Guest SSID could not access internet anymore.
New data point is that going into the web GUI for that 564 AP and simply toggleing the Wireless Client Isolation off (then Apply) then On again (then Apply) seemed to fix the problem. It was not necessary to change anything with the allow access to AP GUI checkbox that I mentioned (that was just an easy/convenient change for me to be allowed to "Apply" which is what seems to be the bug workaround).
I'm glad there is this workaround, but hopefully there can be a firmware fix and/or let the support group know, since I would think this could be common situation.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
