NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WAX214v2
Just bought 3 of these for my home which has solid walls. It seems a new model with little info on Netgear and I am not sure if 214v1 advice remains good. - such as same SSID for all 3 Advice...
First place to start: TEST THE GUEST NETWORK
WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
Next, watch out if you're running a switch with DHCP snooping. For some reason, the WAX220 won't let a client connect on your internal network once you have a Guest Network enabled, unlike the WAX214v1. It appears to trigger some blocking with the Snooper on the switch.
This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
Retired_Member wrote:
WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
Translating this rant to laymen terms. Under some unknown conditions, it appears the controls for Client Isolation and the related Client Isolation Exceptions remain invisible. The Client Isolation does however work as designed if enabled. Guest devices (locally NATed from a private IP subnet - different from the classic wax214/218 design) will not be able to reach the local LAN subnet eg. like the ubiquitous 192.168.1.1 or 192.168.0.1 of many consumer routers in use behind the guest network.
Retired_Member wrote:
Next, watch out if you're running a switch with DHCP snooping. For some reason, the WAX220 won't let a client connect on your internal network once you have a Guest Network enabled, unlike the WAX214v1. It appears to trigger some blocking with the Snooper on the switch.
None of the WAX2xx or for the sake 6xx does care or change the RFC DCHP, potentially breaking a switch with DHCP snooping enabled. Please provide the exact reports or log entries for further analysis (instead of scaring other customers here).
Retired_Member wrote:
This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
L2 isolation feature exists on the WAX214v2, v1.0.2.2 or WAX220, v1.0.3.0 similar to the screenshot above), and works in my testing as expected. Not that I'm a Netgear voice or carrying such a hat. The real issue here seems to be the two controls are hidden in the Web browser under some conditions unknown to me.
schumaku wrote:
Retired_Member wrote:WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
Translating this rant to laymen terms. Under some unknown conditions, it appears the controls for Client Isolation and the related Client Isolation Exceptions remain invisible. The Client Isolation does however work as designed if enabled. Guest devices (locally NATed from a private IP subnet - different from the classic wax214/218 design) will not be able to reach the local LAN subnet eg. like the ubiquitous 192.168.1.1 or 192.168.0.1 of many consumer routers in use behind the guest network.
Retired_Member wrote:Next, watch out if you're running a switch with DHCP snooping. For some reason, the WAX220 won't let a client connect on your internal network once you have a Guest Network enabled, unlike the WAX214v1. It appears to trigger some blocking with the Snooper on the switch.
None of the WAX2xx or for the sake 6xx does care or change the RFC DCHP, potentially breaking a switch with DHCP snooping enabled. Please provide the exact reports or log entries for further analysis (instead of scaring other customers here).
Retired_Member wrote:This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
L2 isolation feature exists on the WAX214v2, v1.0.2.2 or WAX220, v1.0.3.0 similar to the screenshot above), and works in my testing as expected. Not that I'm a Netgear voice or carrying such a hat. The real issue here seems to be the two controls are hidden in the Web browser under some conditions unknown to me.
Avoid a repost, so I'll link my related replies:
Test was pretty straight forward - Plugged WAX214v1 in, connected to a Guest Network, tried to access router admin page and was denied. Plugged WAX220 in, connected to a Guest Network there, tried to access router admin page and was successful. Did the same thing but with toggling DHCP Snooping on/off on a GS308T switch. Not exactly sure why the WAX220 only works if I turn off DHCP Snooping, but maybe it's something to do with the Guest Network's DHCP server and L2 Isolation since that's the big difference between the WAX 214 and 220.
The WAX220's Client Isolation is working fine... the L2 Isolation is not, nor is even visible. I can absolutely connect to 192.168.1.1 with a Client connected to the Guest Network on the 220, but not the 214v1. Just tried it again as I posted this.
The original firmware for the WAX220 has the L2 Isolation option visible, but updating it to any other version removes it. Reverting back to the earliest version of the firmware posted on the Downloads page does not restore that option.
Many thanks for you comprehensive responses and apologies for the late response due to continued login problems, related in some part to having 2 devices logged in at the same time, but Netgear support are puzzled why.
My system is all simple unmanaged devices, with no guest account. The heart will be a Zyxel 2010 2x10g / 2x2.5g / 8x1g switch with the 2.5g Virgin router connected to a 2.5g port and the four WAX214v2's via a Netgear 5-port 1g POE+ 83W max switch
A future upgrade when a 10g router is available would also be WAX220 (or other locally managed 2.5g AP) connected to a 5-port 2.5g POE+ NETGEAR Switch - when they finally decide to release one.
Comment / advice would be much appreciated...TomP
WTomP wrote:Many thanks for you comprehensive responses and apologies for the late response due to continued login problems, related in some part to having 2 devices logged in at the same time, but Netgear support are puzzled why.
My system is all simple unmanaged devices, with no guest account. The heart will be a Zyxel 2010 2x10g / 2x2.5g / 8x1g switch with the 2.5g Virgin router connected to a 2.5g port and the four WAX214v2's via a Netgear 5-port 1g POE+ 83W max switch
A future upgrade when a 10g router is available would also be WAX220 (or other locally managed 2.5g AP) connected to a 5-port 2.5g POE+ NETGEAR Switch - when they finally decide to release one.
Comment / advice would be much appreciated...TomP
Might as well stick with something else or hold your breath and wait and see if they release a half way decent firmware one day. These WAX220's only support 4 SSIDs, offer limited transmit power options along with very few advanced settings, no L2 Isolation (the option was present, but not working on stock firmware and no longer even present in newer firmware releases), and sport a time zone that randomly changes back to it's default (PST).
I have tested a few of these units, and the last 2 are already on their way back. If they cannot even get some simple L2 Isolation and Time Zone settings correct after multiple firmware releases, I simply do not want to bother with the rest of whatever this product is trying to be.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
