NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Orbipro1's avatar
Orbipro1
Aspirant
Jul 27, 2021

Wireless user separation

wireless 1 says this is the most secure and use for admin.  How do i separate users on 2 or 3 and make them as secure as wireless 1 ?      
schumaku's avatar
schumaku
Guru - Experienced User
Jul 27, 2021

Orbi Pro AX model? Associate the Wireless 2 and 3 profiles with dedicated VLANs for example.

  • Orbipro1's avatar
    Orbipro1
    Aspirant
    Jul 28, 2021

    how is wifi 1 the safest and how do I make the other networks as safe?  I read that vlan has leak vulnerabilities. Is the basic router setup a one lan a vlan in itself? Then setting up additional lan/ vlans further separates the users virtually but not physically.  Will the networks 2 and 3 be safer with user separation?


    It is Orbi Pro AX6000 WiFi 6 Tri-Band WiFi System.  Wireless 2 and 3 say :

    Allow IoT devices to see each other and access my local network  On

     

    wireless 1 says

    Name (SSID)ORBI30
     
     
    Broadcast NameOn
     
    Wireless APOn


    if i use advanced setting lan setup to activate lan 2 and assign a VLAN group; then wireless setup and assign wireless network to a VLAN?  How does the advanced vlan/bridge Ethernet port setting correspond with the lan and wireless vlan settings?  Then will Users or devices not be able to see one another?  


    My lan Ethernet ports under vlan/bridge settings are setup as access points for the base and one satellite, and vlan is set as default.

    when I assigned vlan in lan and wireless setup , separation did not show on advanced home summary screen.

     

     

     

     

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Jul 28, 2021

      Each VLAN does make a dedicated network. Of course, physically on the same network. Industry standard in the IT industry. Multi-tenant data centers operate VVLAN where each customer has his own full ability to use all VLANs possible. And everything can be on the same physical network. Nothing wrong with this.

       

      The WiFi client separation is a different thing - it does just prohibit by some clever L2 MAC filtering that wireless clients can communicate direct. That's why you don't see this enabled. For most use case, this is not a feature you want on your wireless...

      • Orbipro1's avatar
        Orbipro1
        Aspirant
        Jul 28, 2021

        So lan and vlan are a form of network separation or allocation. Network isolation can be on one or all of the lan by way of a designated vlan on that lan.


        lan 1 without changes then contains all devices and its default shows no client separation in the vlan bridge settings as default1.  And literature says wireless 1 is the most secure and resides on lan1 1 withe the default1 vlan.

         

        would I want to assign any of the switches to a vlan with client isolation? Then any device connected to that switch would be governed by the assigned vlan setting? Also a wireless device?

         

        The switch settings show a vlan menu, so the communication of wired devices or wireless devices connected to the switch will be affected by the vlan choice and it's setting and will ass


        so if assigned to a vlan then network three, for example, would be on a separate lan with the assigned characteristics of the vlan I'd associated with that lan? Otherwise all wireless networks and wired devices would be on lan 1 and governed by its default or assigned vlan profile?

         

         

        if a wireless network has the vlan activated then it will be assigned to the lan that has the chosen vlan id?

         

        if i wanted to prevent a wired desktop, or a unauthorized wireless device from communicating with a device on wireless three, for example, or wireless three devices from communicating with one another then a isolation would be useful?

         

        i I found these instructions for separation but only through insight app(I did not want to use insight because seems like remote administration and additional,vulnerability) but bot as simple in web interface.

        To set up client isolation on your wireless access point using the Insight Cloud Portal:

        1. Log in to the Insight Cloud Portal.
        2. If you have an Insight Pro account, select a organization.
        3. Select a location.
        4. Select Wireless > Settings > WiFi and Captive Portal.
        5. On the far right of your SSID, click the pencil (Edit) icon.
        6. Select Settings.
        7. Click the Enable radio button.
        8. Click the Broadcast SSID radio button.
        9. Click the Client Isolation radio button.

         

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More