NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

ptainter's avatar
ptainter
Aspirant
Aug 07, 2024

Guest Network in AP Mode still works like a router

I have my AX5700 (RBR840) with 2 satellites set-up in AP Mode. I have Firewalla Gold router set-up to manage the network.   For some reason the Orbi Guest Network is still operating in Router Mode an...
ptainter's avatar
ptainter
Aspirant
Aug 07, 2024

Thanks, but I do not understand.  In AP Mode, the Orbi should not assign any IP addresses, all of that should be handled by the stand alone router.  It is only the Guest Network that is assigning IP's, the Main Network is getting IP's from the stand alone router(?)

FURRYe38's avatar
FURRYe38
Guru - Experienced User
Aug 07, 2024

Not for Guest Network. NG I believe chooses to keep the Guest Network subnet away from the main LAN while in router mode or AP mode for security reason and isolation. 

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Aug 07, 2024

    I agree with FURRYe38 .  The nature of the Guest WiFi network has changed over the years.  My understanding is that there are two fundamental reasons to have a Guest network:

    1. To have a network that is "walled off" from the primary network.  Devices on the Guest network cannot reach the primary network.
    2. To have a network that is easy to share without compromising the password of the primary network. Often the Guest network password is simple to enter and since none of the primary devices are using it, the Guest network password can be changed at any time without disturbing the primary network. (The thought of reconfiguring dozens of WiFi devices with a new password can be overwhelming.)

    The original Orbi product (2016) had it both ways.  The network could be configured to keep devices on the Guest network separate or to allow them to interact with the primary network.  I thought this was an ideal solution.  Suppose family or friends come over and one of them says, "Can I print something out?"  No problem.  Just switch the option to "Enable" and tell them how to access the printer. When they leave, disable the connection (or change the Guest password).  No impact on the primary network at all.

     

    Unfortunately (in my opinion) the folks at Netgear went "all in" on the first concept: keep devices off the primary network.

    Whereas the original Orbi had only one IP LAN Subnet, the AX product line places the Guest network in a separate IP subnet that cannot interact with the primary network.

     

    If you want Guest devices to be separate from the primary network, then the Orbi assigning them IPs in a separate network should be "no problem".  These are "Guest" deivices. They come and go.  Who cares what IP address they have for the brief time they are on the network?

    • ptainter's avatar
      ptainter
      Aspirant
      Aug 07, 2024

      Thanks.  I understand the logic of this.

       

      However, here are the three problems this gives me:

      1.  In AP Mode, the Orbi hides the Access Control and Network Settings page, I lose total control of my network and if someone is on my network that should not be there, I cannot block them.  I have no idea what security protocols are setup (if any other than WAP and a password) on the Guest Network.

      2.  Many smart home devices can only connect to a 2.4G network, they cannot connect to a mixed 2.4/5G network.  I had set-up those devices on the Guest Network which I have restricted to 2.4G.  However, now these devices cannot interconnect.  For example, my Matter hub is on the 5g Main Network, it can not control the Matter devices on the 2.4g network.

      3.  My main router is a Firewalla Gold which manages traffic in a secure way.  I am concerned that everything on the Guest Network is now bypassing that or, at the very least, is aggregated in a "single device" and I have no idea of what device is generating what flow.

       

      I replaced an older Orbi set up with this one (that worked in the maker you described for older systems) and would like to find a way to solve these problems.

       

       

      Thanks,

       

      Pat

      • FURRYe38's avatar
        FURRYe38
        Guru - Experienced User
        Aug 07, 2024

        Those features are only meant and intended for router mode, not for AP mode:

        https://kb.netgear.com/000061277/Which-features-are-disabled-on-my-Orbi-router-when-it-is-set-to-AP-Mode

         

        Since you have the 840 series which was a sub model series, NG hasn't put forth v7 FW for this model system which includes a separate IoT network that can be configured or 2.4 or 5Ghz or both. Which is only seen on 750/850/960 model series. Not sure if NG will be putting forth v7 FW for the 840 series or not. I presume if it's anything like the 350 and 650 series, these models may not see any v7 FW. 

         

        So you may want to return the 840 series if this is something new to you and find one of the above modes mentioned that supports v7 FW instead.