NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Frank-NYC's avatar
Frank-NYC
Tutor
Jan 15, 2021
Solved

Orbi Pro 6 - IOT Client Isolation

Hello, I am looking the Orbi Pro 6 for a home use.  It is the front runner for a new mesh network because of the 4 SSIDs (one being IoT).   I have been looking at the manuals and I see that there ...
  • stevethompson's avatar
    stevethompson
    Jan 22, 2021

    Yes, network discovery is verified.  I use wireless 3 for my google home devices, set up through the google home app on my smartphone.  With network isolation disabled and my iphone connected to wireless 3 I can see all the devices and set them up, and all the google home devices are found by and are controllable by the google home mini. 

     

    YMMV but with the google home devices on wireless 3 with client isolation disabled, you have network discovery.

     

    Steve

JohnD333's avatar
JohnD333
Apprentice
Feb 03, 2021

Frank,

 

Hope the below helps.

 

Everything on SSID 1 (admin) can see and (via app) talk to those on SSID3 (IoT).  But not the other way around.  So with SSID iphone, I can tell a irobot on SSID 3 to vacuum via the app on the phone.  I can monitor and change my IoT Thermostat, etc.  This is done via an iphone app where I have entered the IP address for each device, or physically on the IoT device where I can setup a fixed the IP address (Nexia Thermstat), or the decvice website that contains the same fixed IP address.    All of these IoT devices have fixed addresses that I use from my reserved pool, i.e., below the starting point for the DCHP addressing.  DCHP addressing normally starts at __.___.__.02. I start at 51 or 101 to allow me to assign 50 or 100 devices that will always have th esame iP address.

 

(Normally) Alexa Echo DOT etc (SSID IoT) cannot see an external speaker on SSID1 or broadcast to it.  If on same SSID, speakers can be connected to various sats or the main router and play normally.  A phone on SSID 1 can make changes to an Echo DOT on SSID IoT, but again that is because you ise an app that knows the IP address of the Echo DOT.  I say (Normally) because I have not tried to look for app settings that would allow me to specify a IoT IP address.  That probably wll not work, but have not tried - something to attempt in spare time.

 

Hardwire connections to devices and switches are all SSID1 by default.  My TV, roku, sat receiver, AV receiver etc are all hard wired.  My Echo DOT cannot see or communicate with them but my SSID wifi phones etc can stream or airPlat to any of them regardless which Orbi SAT or Router phone is connected to.  My AV receiver has wifi, but terrible location so use wired that has been there for years.  That locks all related wifi speakers to SSID1, or they will not be seen.  but I do not want Alexa Echo DOTS etc anywhere near SSID1, so Echos ater IoT SSID.  All mics and cameras on SSID1 off by default.

  • youngbru's avatar
    youngbru
    Aspirant
    Jul 11, 2022

    Sorry to resurrect an old thread, but I am not able to communicate from VLAN1 to VLAN3 with network isolation enabled only on VLAN3 and client isolation disabled (both network and client isolation disabled on VLAN1). I can, of course, control devices on VLAN3 through an app that communicates with the device through the cloud, but I am unable to ping the device from a device on VLAN1. I can communicate if I connect my device (phone/computer) to VLAN3.

     

    Did you have to do anything extra in the settings to enable this functionality?

    • GMoGoody8's avatar
      GMoGoody8
      Luminary
      Jul 11, 2022

      youngbru , This is the "network isolation" setting in VLAN setup. If you disable this though you lose the security you were probably hoping to keep. 

      The newer FW just released now allows mDNS rules. This allows only Multicast which most devices use for discovery/communication. I enabled this and created two rules for "all services" from VLAN 1 to VLAN 3 and another from VLAN 3 to VLAN 1.  This allows all my HomeKit communication to be local now and keeps the network isolation I wanted for security. 

      I verified this by powering down my HomeKit hubs and my Phone on VLAN 1 could get status from everything on VLAN 3 

      • youngbru's avatar
        youngbru
        Aspirant
        Jul 11, 2022

        GMoGoody8 yes, that is what I thought Network Isolation did. I am actually OK with connecting my notebook to the IoT VLAN if I need to access an IOT device directly. Most of the time I will be accessing through the cloud anyway, I think.

         

        But in case I want to play with it, where are these mDNS setting located? I am running firmware V4.2.0.122 on both my SXR80 and SXS80.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More