NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Trying to confirm if Client Isolation is supported on VLAN - ORBI 960 System
Hello,
I have a shared house with tenants and I want to setup a new mesh system that has client isolation on the main network (not just the guest network). I've asked NetGear "live chat" support and they said none of their products support Client Isolation, which I know is false because I see it discussed in the community.
Before I purchase the Orbi 960 for $1,500, could someone confirm if Client Isolation is a feature for all networks?
I did check the manual and sadly they don't list all the features.
Thank you very much for your help!!
6 Replies
Only for the Guest WiFi network. (There is no concept of Guest network for wired devices. They are by definition all on the primary LAN.) You need something far more sophisticated than a residential WiFi system.
In addition, my guess is that what is desired is not isolation, but some sort of VLAN. If a tenant has two laptops and a printer, they probably will expect that both laptops can use their printer. (i.e. three devices that communicate with each other.) Guest WiFi would not work for that situation, either.
Isolation IS supported on guest network only as mentioned already.
For any ethernet connecttions, one could install a wireless bridge connected ot the guest network at the remote guest location and use it for it's ethernet connetions to the guest network where the wireless bridge could be connected too.
A WiFi Extender or a WiFi bridge just might work. As access points, they will not assign IP addresses to individual devices (WiFi and Ethernet) that are connected at the tenant location, but their hardware might allow devices to connect with each other.
When I just now connected to the Guest WiFi on an Orbi RBR750, it assigned an IP address of 192.168.2.5 to my laptop and an IP subnet of 255.255.255.0. This would tend to imply that my laptop should be able to communication with any device on the Guest WiFi IP subnet. However, I also connected a tablet to the same Guest WiFi, being assigned 192.168.2.2. When I tried to ping the tablet from the laptop, it failed with "destination unreachable" from the router.
Thus, it is pretty clear that the router enforces LAN isolation on devices connected directly to the Guest WiFi even though the IP subnet would ordinarily allow them to communicate.
"Might" comes into play when devices are both connected to a network device (such as a WiFi extender or WiFi bridge) that is itself connected to the Orbi WiFi Guest network. Perhaps the hardware/software built into this device will maintain its own ARP table and recognize that both devices are connected to it and that communication between them have no need to pass through the Orbi system at all. I can test this hypothesis, but that requires digging though my "Box of Stuff" to find a WiFi Extender.
Thank you so much for the detailed response. The Orbi PRO version supports isolation on the VLANS and I think the cost is comparable, but it might be more complicated to set up.
My tenant only needs access to Internet. So, I'm not worried about providing an ethernet service for any users on the network - including me.
I do have another two questions:
1. I'm thinking everyone (including me) will use the Guest wifi network, this way everyone is isolated. We do not need ethernet as no devices are shared. In this case, are there any Internet speed restrictions, or will the router automatically allocate the guest network all the available bandwidth since no users are on the main network?
2. If I setup the Netgear subscription service to prevent hackers, does it still cover instrusions from the Internet into the guest network?
I need to decide if I will go with the Orbi Pro or the 960. Besides prices, the main difference I see with the 960 is coverage. I think client isolation is a good feature, I would expect it would be standard.
Thank you again for taking the time to review and respond.
