WAX202 as an AP problem

Question

I have a Billion BiPAC 8800AXL R2 as my main router.

I have 2 SSID subnets set up lets call them ABC and ABC-Guest

ABC uses 192.168.1.xxx and ABC-Guest uses 192.168.2.xxx allowing access to the Internet but not the local ports.

When I use the WAX202 in AP mode it doesn't heed the restrictions from the main router and allows access to all subnets. Is this because it connects to the main router via one of the Ethernet ports on the BiPAC?

How can I set the WAX202 to respect the SSID and subnets from the BiPAC ? I thought it was supposed to take the IP assignments from the host router?

Thanks

Simon

schumaku · Answer

Hello Simon,
Dnomis&nbsp;wrote:
I have a Billion BiPAC 8800AXL&nbsp;R2 as my main router.
I have 2 SSID subnets set up lets call them ABC and ABC-Guest 
ABC uses 192.168.1.xxx and ABC-Guest uses 192.168.2.xxx allowing access to the Internet but not the local ports.
&nbsp;
When I use the WAX202 in AP mode it doesn't heed the restrictions from the main router and allows access to all subnets. Is this because it connects to the main router via one of the Ethernet ports on the BiPAC?

This is because these two networks and two subnets by default only exist on your router Wireless side, not on the LAN where the AP can connect to by default.
&nbsp;
Going a little bit&nbsp; beyond of the Netgear community scope, your&nbsp;router only supports port based VLAN not tagged based VLAN.
&nbsp;
So you can only isolate a port from the other ports. If you want to isolate your airports from the routers wifi/LAN ports, setup a 'Interface Grouping' and create a new group to isolate the port your Airport connects to as the WAN link
example below for isolating a guest wifi network
Example for a guest wifi network (it is the same for the LAN port isolation, just need to create a new rule)
1. Click on Interface Grouping2. Click on 'Add'3. Enter a 'Group Name' eg guest4. Under 'Available LAN Interfaces' select your 'Guest Network' and click on the arrow pointing left, so the guest wifi network should now be added to 'Grouped LAN Interfaces'5. Click on 'Apply'6. Under 'Group Isolation' tick the box and click on 'Apply'7. Click on 'LAN &gt;&gt; Ethernet'8. Under 'Group Name' select your guest wifi group for this example I used 'guest'9. Tick 'LAN Side Firewall' and click on 'Apply' (with this option enabled anyone connected to the guest wifi network, will not be able to access the routers web gui, they can only access the internet)
&nbsp;
Said this: With a properly configured VLAN-capable switch - a simple Netgear Plus or&nbsp;Ethernet Easy Smart Managed Essentials Switch, you can configure an additional VLAN, define two LAN ports as access ports for each VLAN e.g. one for VLAN 1 [U]ntagged, PVID 1, one for VLAN 200 [U]ntagged, PVID 200 [and nothing else on these ports], then define a so called trunk port for the WAX as&nbsp;one for VLAN 1 [U]ntagged, PVID 1, plus VLAN 200 [T]agged [and nothing else on these ports]. Now configure the second ABC-Guest on the WAX associated to the VLAN 200.
&nbsp;
That's all folks.
&nbsp;
&nbsp;

schumaku · Answer

There will be two different Ethernet links required, one will be the normal LAN, the other the Guest LAN.
&nbsp;
&nbsp;

schumaku · Answer

ABC and ABC-Guest can't be on the same LAN port, because the BiPAC does not support a VLAN trunk. A dedicated port for the ABC-Guest is required, so a additional dedicated physical Ethernet link for the ABC_+-Guest is required - this is what the router does allow.
&nbsp;

&nbsp;

Dnomis · Answer

Many thanks for your reply. I am trying to get my head around the last part but I think I got lost around where the Trunk port was introduced...
I have tried to map it out on the attached picture but I think I got lost...
What am I missing?

Dnomis · Answer

Many thank you for your help...This is stretching my understanding a lot and I am struggling to get it to work in reality.&nbsp;I think I have bitten off more than I can chew...The WAX202 doesn't appear to allow me to set up and VLANs unless I put it into router mode which I didn't think I wanted to do?&nbsp;Additionally once I have done this I need to repeat it all with a&nbsp;WAC104 if that is even possible...&nbsp;My full network was working ok with the 2 Netgear routers hard wired to the Billion and setup as access points using the same SSID and everything could see everything else ok as they were all on the same network, they could all access the internet etc. Admittedly the switch between access points wasn't as seamless as i would like but I expected that.&nbsp;I don't need "guests" as such and it only got complicated when I started putting some "smart" devices onto the network and I read that it would be a good thing to segregate them so that if someone did manage to hack into one then they would not have access to my LAN. Which is where this all began...&nbsp;&nbsp;I guess by far the easiest option would be to buy a mesh system and set it up on there... Time to go back to the drawing board I think...&nbsp;

Forum Discussion

WAX202 as an AP problem

7 Replies

Related Content

WAX202 Same SSID

WAX202 Wake on Lan

WAX202 vs WAX206 at 2.4GHZ

WAX202 5GHZ only mode takes 10+ mins until it works.

WAX202 as a secondary router

NETGEAR Academy

ProSupport for Business