NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Where is traffic separation for the Guest network?
Set up the AX 6000 to replace a 4 unit Orbi Pro system with only minor hiccups. One of the main reasons I used the pro was the ability, VS the regular orbi at the time, to separate the three networks....
I'm not sure I can be any help, but would like to understand your problem a bit better anyway.
When you say your Tesla, do you mean an automobile or do you have one of their power systems?
Next, what do you mean by traffic separation? Are you connecting your Tesla to the guest network? If, so why? It can't be part of your primary network? That seems very odd.
If by traffic separation, you mean that it requires a different IP address range from the main network, I read here where someone was able to telnet into the RBR850 and change the guest network address scheme following the instructions for the RBR50, so that might be an option for you.
It IS strange. Netgear has never been able to get this fixed, and Tesla (on the car side) has no clue, but the prevailing theory online is that Tesla's circa 2015 wifi chip doesn't play nice with DLNA devices on the same network. And I have many, and so you would think the Guest network would be a solution. But in the normal Orbi setup, despite the different logins, network traffic on the main can see the network traffic on the guest and so no go. On the Telsa, you see it briefly connect, and then the whole wifi reboots in an endless connect/reboot cycle. The Orbi pro solved this dilemna by allowing you to choose whether the employee and guest networks can see the main network, or whether they each get individual access to the internet but not access to the other networks (network isolation), or whether they can all see each other (which would, for example, be helpful in allowing folks on the guest network to access network printers). Prior to the pro I had to have a separate ap on a subnet. The manual for the AX Orbi says you have the choice whether to allow network isolation in the same way as the pro, but there is no actual option in the firmware. So I'm re-hosed!
I don't have this new model, but it's possible to do what you want with older model RBR50 via Guest Network. By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest.
Check out this: How to separate 2.4GHz/5GHz SSIDs for Guest Network
SW_ wrote:By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest
You used the word should, and I agree it SHOULD be isolated but the previous generations of Orbis have what I would consider an abusrd security flaw in that they don't actually keep ALL of the packets seperated. They also don't even use the different subnets. You'll find some other long threads about this topic.
OTOH the new Orbi's use a different subnet, that unfortunately is not configurable (yet?), and as far my basic testing went are actually isolating all traffic between the two networks.
Z42985 wrote:
SW_ wrote:By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest
You used the word should, and I agree it SHOULD be isolated but the previous generations of Orbis have what I would consider an abusrd security flaw in that they don't actually keep ALL of the packets seperated. They also don't even use the different subnets. You'll find some other long threads about this topic.
OTOH the new Orbi's use a different subnet, that unfortunately is not configurable (yet?), and as far my basic testing went are actually isolating all traffic between the two networks.
Yes, subnetting will isolate traffic between each interface to a certain point, but all traffics/packets still share/flow through the same physical backhaul/WAN interface even with subnettings. Subnetting is just another form of access control via routing table. Packets are dropped if they're not routable between subnets.
If you want true physical isolation, all different subnets/packets are separated, a single Orbi isn't the right product for that purpose. You'll need at least two separate routers/Orbis, one router/Orbi for each subnet with dual WANs/ISPs. Again, all these packets will travel through the same pipe upstream to be routed to their respective targets. How far down the rabbit hole do you want to take this separation/isolation? :smileyhappy:
Yes, the Orbi can do that now via firmware update long after I had to switch to the pro.
SW_ wrote:I don't have this new model, but it's possible to do what you want with older model RBR50 via Guest Network. By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest.
Check out this: How to separate 2.4GHz/5GHz SSIDs for Guest Network
Redlightning88 wrote:The manual for the AX Orbi says you have the choice whether to allow network isolation in the same way as the pro, but there is no actual option in the firmware. So I'm re-hosed!
Yeah, they haven't exposed that setting yet but the best that I can see this default configuration is actually keeping them isolated and it also creates a different subnet. Are you seeing any evidence that traffic is being allowed to pass between the main LAN and the guest LAN?
FWIW my Model 3 has always connected fine to my main wifi network.
As far as the physical topology of your network. Are your Orbis plugged into each other or do some plug into a switch?
Thanks for the explanation. It sounds to me like changing the subnet for the guest network might address your issue. The instructions for doing so are in post no. 7, here:
This should prevent the DLNA packets from being seen on the guest network. It's worth a shot if you want to try it.
Good luck!
Bandito wrote:Thanks for the explanation. It sounds to me like changing the subnet for the guest network might address your issue. The instructions for doing so are in post no. 7, here:
This should prevent the DLNA packets from being seen on the guest network. It's worth a shot if you want to try it.
Why do you think changing the Guest wireless subnet from the default 192.168.2.0 to something else would address the OPs issue?
Changing the subnet is not going to have any impact on the filtering between the LAN and Guest subnets.
I see no reason why if the DLNA packets aren't being filtered with the default settings changing the subnet to something different is going to cause them to be filtered.
I think the OP needs to ensure that if their Orbis are physically connected that they are not connected through a switch. If that's not the issue then I'm wondering if the new generation of Orbis has the same lack of basic isolation as previous generations but if that's the case then my testing was not thorough enough.Having separate subnets should separate the traffic and only allow access to the WAN from each subnet. For example if the main traffic was on 192.168.0.1 and the the guest traffic was on 192.168.0.2 with a mask of 255.255.255.254, that should prevent any traffic from crossing between the two subnets. They would go to the WAN for any address not in their particular subnet.
Redlightning88 wrote:... network traffic on the main can see the network traffic on the guest and so no go.
...
... Orbi pro solved this dilemna by allowing you to choose whether the employee and guest networks can see the main network, or whether they each get individual access to the internet but not access to the other networks (network isolation), or whether they can all see each other (which would, for example, be helpful in allowing folks on the guest network to access network printers).
...
Older FW versions didn't allow this, but the Orbi Pro solution above was added in later (Orbi RBR50) FW release. There is an option/check box on Guest Network page, which is doing what's described above by default.
- [ ] Allow guests to see each other and access my local network
