NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Where is traffic separation for the Guest network?
Set up the AX 6000 to replace a 4 unit Orbi Pro system with only minor hiccups. One of the main reasons I used the pro was the ability, VS the regular orbi at the time, to separate the three networks....
SW_ wrote:
Z42985 wrote:
SW_ wrote:By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest
You used the word should, and I agree it SHOULD be isolated but the previous generations of Orbis have what I would consider an abusrd security flaw in that they don't actually keep ALL of the packets seperated. They also don't even use the different subnets. You'll find some other long threads about this topic.
OTOH the new Orbi's use a different subnet, that unfortunately is not configurable (yet?), and as far my basic testing went are actually isolating all traffic between the two networks.
Yes, subnetting will isolate traffic between each interface to a certain point, but all traffics/packets still share/flow through the same physical backhaul/WAN interface even with subnettings. Subnetting is just another form of access control via routing table. Packets are dropped if they're not routable between subnets.
If you want true physical isolation, all different subnets/packets are separated, a single Orbi isn't the right product for that purpose. You'll need at least two separate routers/Orbis, one router/Orbi for each subnet with dual WANs/ISPs. Again, all these packets will travel through the same pipe upstream to be routed to their respective targets. How far down the rabbit hole do you want to take this separation/isolation? :smileyhappy:
I'm obviously not referring to the fact that there is only one WAN connection so obviously the packets are going to end up getting comingled.
I'm referring to the fact that on previous generation Orbis some types of packets are not being filtered between the LAN and Guest networks. I'm not familiar with the specific issue the OP is having with their Tesla but based on what they've said it would make sense that the reason the previous Orbi generation did not work for them was exactly because of this; the DLNA packets that are tripping up the Tesla were not being isolated between the LAN and Guest networks like a secure product would do.
The packets sent and received on the LAN should never also be sent or received on the Guest network. As I said the basic testing I did indicated this was now the case on the AX generation of Orbi.
Correct. It wasn't a complete wall in the way that the Pro allowed. Can't speak to the mechanics but I went from 9 months of misery to a complete fix the day I installed the Pro and switched on traffic isolation. Note that I tried it without isolation on the pro and it worked the same as the regular Orbi (ie: it didn't).