Hi, Does anyone know how the Wifi Guestnetwork works in the Orbi sytem? Does it have its own VLAN ID or does it work another way? I recently installed a RBR750 Orbi router (AX4200) with two Satellites (RBS750) wired connected (wired backhaul) through two Netgear GS108Ev3 switches. Everything has latest firmware.Problem:When there is no VLAN configured on the switches the Wifi Guestnetwork works fine (only Internetaccess, no LAN access, which is as it should work). When I configure a VLAN (PVID3) on the switches the Wifi Guestnetwork no longer works on the Satellites Guestwifiradio, but only on the Routers Guestwifiradio. Standard wifi still works fine on Router's and Satellites radio's (both internet and LAN connection). Therefore it looks like the ORBI uses its own VLAN ID or is it something else? And how can this be solved so that the Guestnetwork keeps working on the Satellites wifi, with a VLAN enabled on the switches?

The only mention of VLAN in connection with Orbi systems is in terms of providing IPTV. Guest WiFi is accomplished by assigning two MAC addresses to each radio (2.4G and 5G) They broadcast the primary and guest SSID's using separate MAC addresses so that devices which connect will address their traffic to the proper MAC address, and thus the proper network. It might be useful to know the purpose of enabling VLAN on the switches. Is it port based or tagged?

The purpose of the VLAN configuration is that some (wired) iot devices should only have internet-access and not access to other devices on the LAN (both wired and wireless).If the Guest- and standard WIFI-network both are assigned by MAC address, I don't understand why the Guest-networkconnection is lost to the Satellites in a VLAN as the standard WIFI network still works fine.My network setup is as follows:()--- modem ------- Orbi (RBR750) Router -------- GS108Ev3 switch (#1) ------- GS108Ev3 switch (#2)|- multiple devices are wired connected on switch #1|- Orbi Satellite-1 (RBS750) is wired connected on switch #2|- Orbi Satellite-2 (RBS750) is wired connected on switch #2|- 2 IOT devices are wired connected on switch #2And several devices through wireless connections of course, either on the Router or Satellite 1 or 2 (2.4 and/or 5Ghz).My VLAN-Configuration on the two switches is as follows:-Switch #2: VLAN3 untagged on the 2 iot-ports and tagged on the Trunk-port to the GS108 (#1). VLAN1 is untagged on all ports. PVID3 is set for the 2 iot-ports, the rest is PVID1.-Switch #1: VLAN3 has 2 ports: the Trunk-port (tagged) to the GS108 (#2) and the (untagged) uplink-port to the Orbi router. VLAN1 is untagged on all ports. PVID1 is set on all ports.In this VLAN configuration Sat1 and Sat2 Guestnetwork connections don't work, only on the Router Wifi the Guestnetwork works. The standard Wifi connection works fine. How is that possible? In addition to the Guestnetwork issue there is another issue: wired and wireless devices connected directly to the Router are able to communicate with the iot devices which of course is not what I want. I don't have wired connections to the Router (except for the downlink to switch #1 of course) so this issue is not too big a deal, but ideally the Orbi router has a proper VLAN implementation where wireless SSID's can be assigned to a VLAN and also port 1-3. More easy would be as Netgear could add more allow/block options into the devices-section in the GUI and Orbi-app: Allow/block any access, allow/block LAN-access and allow/block internet-access, per device by MAC address/IP address. Then in my case a VLAN setup would no longer be necessary.

I don't beleive the Home version of Orbi will support your configuration needs. You may want to look at Orb Pro for VLAN support on LAN to WAN configurations.

Well, I am 99.9% certain that Orbi routers have no VLAN capability with the exception of the provision for IPTV, and that is a method to bypass the routers NAT facility for IPTV's. Perhaps the 750 product is different from my old RBR50. On my Orbi, the guest WiFi network can be set up to (a) Allow Guests to see each other and access the local network, or (b) Guests cannot see each other and cannot access the local network. This options appears to be available only when the Orbi is in router mode. (In AP mode, every packet goes "upstream" to the primary router and the Orbi has no ability to restrict guest access. Although I do not personally feel that way*, I can understand that others want to isolate IoT devices. In that case keeping them from accessing the primary network makes sense. What is the point of not allowing devices on the primary network to access those IoT devices? * I wonder how the smart switch that turns my christmas lights on and off is going to compromise my house. It has no camera or microphone. It has no web server. It accepts zero connections from anywhere. Some of them are able to respond to ICMP (ping), which has been useful to me.

You are correct CrimpOn, Home class Orbi don't have LAN to WAN VLAN support. I beliieve only the WAN to LAN support for this specififc ISP or iPTV devices that need it. I know there is some VLAN configurations on Orbi Pro which maybe what the OP needs to look into. https://kb.netgear.com/000046302/What-is-an-Orbi-Pro-WiFi-System https://kb.netgear.com/000062272/How-do-I-create-configure-and-assign-VLANs-on-my-Orbi-Pro-WiFi-6 https://kb.netgear.com/000053872/How-do-I-set-up-my-Orbi-Pro-WiFi-System-to-work-with-Insight https://kb.netgear.com/000054793/How-do-I-configure-port-VLAN-IDs-for-switch-ports-in-Insight

Orbi RBR750 Wifi Guestnetwork and VLAN.

12 Replies

Replies have been turned off for this discussion

CrimpOn
Guru
Jan 15, 2022
The only mention of VLAN in connection with Orbi systems is in terms of providing IPTV.

Guest WiFi is accomplished by assigning two MAC addresses to each radio (2.4G and 5G) They broadcast the primary and guest SSID's using separate MAC addresses so that devices which connect will address their traffic to the proper MAC address, and thus the proper network.

It might be useful to know the purpose of enabling VLAN on the switches. Is it port based or tagged?
- G4Net
  Aspirant
  Jan 15, 2022
  The purpose of the VLAN configuration is that some (wired) iot devices should only have internet-access and not access to other devices on the LAN (both wired and wireless).
  If the Guest- and standard WIFI-network both are assigned by MAC address, I don't understand why the Guest-networkconnection is lost to the Satellites in a VLAN as the standard WIFI network still works fine.
  My network setup is as follows:
  ()--- modem ------- Orbi (RBR750) Router -------- GS108Ev3 switch (#1) ------- GS108Ev3 switch (#2)
  |- multiple devices are wired connected on switch #1
  |- Orbi Satellite-1 (RBS750) is wired connected on switch #2
  |- Orbi Satellite-2 (RBS750) is wired connected on switch #2
  |- 2 IOT devices are wired connected on switch #2
  And several devices through wireless connections of course, either on the Router or Satellite 1 or 2 (2.4 and/or 5Ghz).
  My VLAN-Configuration on the two switches is as follows:
  -Switch #2: VLAN3 untagged on the 2 iot-ports and tagged on the Trunk-port to the GS108 (#1). VLAN1 is untagged on all ports. PVID3 is set for the 2 iot-ports, the rest is PVID1.
  -Switch #1: VLAN3 has 2 ports: the Trunk-port (tagged) to the GS108 (#2) and the (untagged) uplink-port to the Orbi router. VLAN1 is untagged on all ports. PVID1 is set on all ports.
  In this VLAN configuration Sat1 and Sat2 Guestnetwork connections don't work, only on the Router Wifi the Guestnetwork works. The standard Wifi connection works fine. How is that possible?
  
  In addition to the Guestnetwork issue there is another issue: wired and wireless devices connected directly to the Router are able to communicate with the iot devices which of course is not what I want. I don't have wired connections to the Router (except for the downlink to switch #1 of course) so this issue is not too big a deal, but ideally the Orbi router has a proper VLAN implementation where wireless SSID's can be assigned to a VLAN and also port 1-3.
  
  More easy would be as Netgear could add more allow/block options into the devices-section in the GUI and Orbi-app: Allow/block any access, allow/block LAN-access and allow/block internet-access, per device by MAC address/IP address. Then in my case a VLAN setup would no longer be necessary.
  - CrimpOn
    Guru
    Jan 15, 2022
    Well, I am 99.9% certain that Orbi routers have no VLAN capability with the exception of the provision for IPTV, and that is a method to bypass the routers NAT facility for IPTV's.
    
    Perhaps the 750 product is different from my old RBR50. On my Orbi, the guest WiFi network can be set up to (a) Allow Guests to see each other and access the local network, or (b) Guests cannot see each other and cannot access the local network. This options appears to be available only when the Orbi is in router mode. (In AP mode, every packet goes "upstream" to the primary router and the Orbi has no ability to restrict guest access.
    
    Although I do not personally feel that way*, I can understand that others want to isolate IoT devices. In that case keeping them from accessing the primary network makes sense. What is the point of not allowing devices on the primary network to access those IoT devices?
    
    * I wonder how the smart switch that turns my christmas lights on and off is going to compromise my house. It has no camera or microphone. It has no web server. It accepts zero connections from anywhere. Some of them are able to respond to ICMP (ping), which has been useful to me.
FURRYe38
Guru
Jan 15, 2022
I don't beleive the Home version of Orbi will support your configuration needs.

You may want to look at Orb Pro for VLAN support on LAN to WAN configurations.

Forum Discussion

Orbi RBR750 Wifi Guestnetwork and VLAN.