NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WAX214v2
Just bought 3 of these for my home which has solid walls.
It seems a new model with little info on Netgear and I am not sure if 214v1 advice remains good. - such as same SSID for all 3
Advice on where to start and pitfalls to avoid would be much appreciated. Thanks
14 Replies
Tell us about the installation and design idea behind these three WAX214v2 please.
If reading about three APs and thick walls, I'm missing a switch (ideally PoE+), the cabling, and the Hilti to dig some holes through the walls.
Sure, these devices can serve one SSID.
Sorry for late reply as Netgear keep asking to reset my password, even though I entered the previously rest one.
I found this advice online
" these are the most important things to do:
- Same SSID, passphrase and security settings on all APs
- Different channel for each AP. Ideally non-overlapping (1, 6, 11)"
Does this make sense as I have seen conflicting advice online?
Sound advice - as long as we talk of the 2.4 GHz band and the US/FCC channels.
Still unclear to me on how you intend to connect the WAX214v2 to the primary network and router.
First place to start: TEST THE GUEST NETWORK
WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
Next, watch out if you're running a switch with DHCP snooping. For some reason, the WAX220 won't let a client connect on your internal network once you have a Guest Network enabled, unlike the WAX214v1. It appears to trigger some blocking with the Snooper on the switch.
This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
Retired_Member wrote:
WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
Translating this rant to laymen terms. Under some unknown conditions, it appears the controls for Client Isolation and the related Client Isolation Exceptions remain invisible. The Client Isolation does however work as designed if enabled. Guest devices (locally NATed from a private IP subnet - different from the classic wax214/218 design) will not be able to reach the local LAN subnet eg. like the ubiquitous 192.168.1.1 or 192.168.0.1 of many consumer routers in use behind the guest network.
Retired_Member wrote:
Next, watch out if you're running a switch with DHCP snooping. For some reason, the WAX220 won't let a client connect on your internal network once you have a Guest Network enabled, unlike the WAX214v1. It appears to trigger some blocking with the Snooper on the switch.
None of the WAX2xx or for the sake 6xx does care or change the RFC DCHP, potentially breaking a switch with DHCP snooping enabled. Please provide the exact reports or log entries for further analysis (instead of scaring other customers here).
Retired_Member wrote:
This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
L2 isolation feature exists on the WAX214v2, v1.0.2.2 or WAX220, v1.0.3.0 similar to the screenshot above), and works in my testing as expected. Not that I'm a Netgear voice or carrying such a hat. The real issue here seems to be the two controls are hidden in the Web browser under some conditions unknown to me.
schumaku wrote:
Retired_Member wrote:WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
Translating this rant to laymen terms. Under some unknown conditions, it appears the controls for Client Isolation and the related Client Isolation Exceptions remain invisible. The Client Isolation does however work as designed if enabled. Guest devices (locally NATed from a private IP subnet - different from the classic wax214/218 design) will not be able to reach the local LAN subnet eg. like the ubiquitous 192.168.1.1 or 192.168.0.1 of many consumer routers in use behind the guest network.
Retired_Member wrote:Next, watch out if you're running a switch with DHCP snooping. For some reason, the WAX220 won't let a client connect on your internal network once you have a Guest Network enabled, unlike the WAX214v1. It appears to trigger some blocking with the Snooper on the switch.
None of the WAX2xx or for the sake 6xx does care or change the RFC DCHP, potentially breaking a switch with DHCP snooping enabled. Please provide the exact reports or log entries for further analysis (instead of scaring other customers here).
Retired_Member wrote:This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
L2 isolation feature exists on the WAX214v2, v1.0.2.2 or WAX220, v1.0.3.0 similar to the screenshot above), and works in my testing as expected. Not that I'm a Netgear voice or carrying such a hat. The real issue here seems to be the two controls are hidden in the Web browser under some conditions unknown to me.
Avoid a repost, so I'll link my related replies:
Test was pretty straight forward - Plugged WAX214v1 in, connected to a Guest Network, tried to access router admin page and was denied. Plugged WAX220 in, connected to a Guest Network there, tried to access router admin page and was successful. Did the same thing but with toggling DHCP Snooping on/off on a GS308T switch. Not exactly sure why the WAX220 only works if I turn off DHCP Snooping, but maybe it's something to do with the Guest Network's DHCP server and L2 Isolation since that's the big difference between the WAX 214 and 220.
The WAX220's Client Isolation is working fine... the L2 Isolation is not, nor is even visible. I can absolutely connect to 192.168.1.1 with a Client connected to the Guest Network on the 220, but not the 214v1. Just tried it again as I posted this.
The original firmware for the WAX220 has the L2 Isolation option visible, but updating it to any other version removes it. Reverting back to the earliest version of the firmware posted on the Downloads page does not restore that option.
Retired_Member wrote:
WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
The last reply before I stop this thread: The L2 Isolation feature as known from the WAX214/218 ...
L2 Isolation
To prevent WiFi and LAN clients on the same access point from communicating with
each other, select the Enable radio button. By default, this option is disabled. If you
enable L2 isolation, clients can still communicate with each other over the Internet.
If you enable L2 isolation, to exclude a device from L2 isolation, enter the MAC address
of the device in a Whitelist field. You can exclude up to three devices....is not available on the WAX214v2 or WAX220.
The default config listed (the only place the feature is mentioned) does show the L2 Isolation Disabled.
Client Isolation
To prevent WiFi clients that are associated with the same or different WiFi networks
on the access point from communicating with each other, select the Enable radio
button. By default, this option is disabled. If you enable client isolation, WiFi clients
can still communicate with each other over the Internet.
Note: If L2 isolation is enabled, the Client Isolation radio buttons are disabledIt's not about Netgear having the L2 Isolation implemented right or wrong.
Would be nice to hear from Netgear team about this missing functionality to avoid similar future disappointing customer communication. DavidGo
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
