NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Where is traffic separation for the Guest network?
Set up the AX 6000 to replace a 4 unit Orbi Pro system with only minor hiccups. One of the main reasons I used the pro was the ability, VS the regular orbi at the time, to separate the three networks....
It IS strange. Netgear has never been able to get this fixed, and Tesla (on the car side) has no clue, but the prevailing theory online is that Tesla's circa 2015 wifi chip doesn't play nice with DLNA devices on the same network. And I have many, and so you would think the Guest network would be a solution. But in the normal Orbi setup, despite the different logins, network traffic on the main can see the network traffic on the guest and so no go. On the Telsa, you see it briefly connect, and then the whole wifi reboots in an endless connect/reboot cycle. The Orbi pro solved this dilemna by allowing you to choose whether the employee and guest networks can see the main network, or whether they each get individual access to the internet but not access to the other networks (network isolation), or whether they can all see each other (which would, for example, be helpful in allowing folks on the guest network to access network printers). Prior to the pro I had to have a separate ap on a subnet. The manual for the AX Orbi says you have the choice whether to allow network isolation in the same way as the pro, but there is no actual option in the firmware. So I'm re-hosed!
I don't have this new model, but it's possible to do what you want with older model RBR50 via Guest Network. By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest.
Check out this: How to separate 2.4GHz/5GHz SSIDs for Guest Network
SW_ wrote:By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest
You used the word should, and I agree it SHOULD be isolated but the previous generations of Orbis have what I would consider an abusrd security flaw in that they don't actually keep ALL of the packets seperated. They also don't even use the different subnets. You'll find some other long threads about this topic.
OTOH the new Orbi's use a different subnet, that unfortunately is not configurable (yet?), and as far my basic testing went are actually isolating all traffic between the two networks.
Z42985 wrote:
SW_ wrote:By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest
You used the word should, and I agree it SHOULD be isolated but the previous generations of Orbis have what I would consider an abusrd security flaw in that they don't actually keep ALL of the packets seperated. They also don't even use the different subnets. You'll find some other long threads about this topic.
OTOH the new Orbi's use a different subnet, that unfortunately is not configurable (yet?), and as far my basic testing went are actually isolating all traffic between the two networks.
Yes, subnetting will isolate traffic between each interface to a certain point, but all traffics/packets still share/flow through the same physical backhaul/WAN interface even with subnettings. Subnetting is just another form of access control via routing table. Packets are dropped if they're not routable between subnets.
If you want true physical isolation, all different subnets/packets are separated, a single Orbi isn't the right product for that purpose. You'll need at least two separate routers/Orbis, one router/Orbi for each subnet with dual WANs/ISPs. Again, all these packets will travel through the same pipe upstream to be routed to their respective targets. How far down the rabbit hole do you want to take this separation/isolation? :smileyhappy:
SW_ wrote:
Z42985 wrote:
SW_ wrote:By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest
You used the word should, and I agree it SHOULD be isolated but the previous generations of Orbis have what I would consider an abusrd security flaw in that they don't actually keep ALL of the packets seperated. They also don't even use the different subnets. You'll find some other long threads about this topic.
OTOH the new Orbi's use a different subnet, that unfortunately is not configurable (yet?), and as far my basic testing went are actually isolating all traffic between the two networks.
Yes, subnetting will isolate traffic between each interface to a certain point, but all traffics/packets still share/flow through the same physical backhaul/WAN interface even with subnettings. Subnetting is just another form of access control via routing table. Packets are dropped if they're not routable between subnets.
If you want true physical isolation, all different subnets/packets are separated, a single Orbi isn't the right product for that purpose. You'll need at least two separate routers/Orbis, one router/Orbi for each subnet with dual WANs/ISPs. Again, all these packets will travel through the same pipe upstream to be routed to their respective targets. How far down the rabbit hole do you want to take this separation/isolation? :smileyhappy:
I'm obviously not referring to the fact that there is only one WAN connection so obviously the packets are going to end up getting comingled.
I'm referring to the fact that on previous generation Orbis some types of packets are not being filtered between the LAN and Guest networks. I'm not familiar with the specific issue the OP is having with their Tesla but based on what they've said it would make sense that the reason the previous Orbi generation did not work for them was exactly because of this; the DLNA packets that are tripping up the Tesla were not being isolated between the LAN and Guest networks like a secure product would do.
The packets sent and received on the LAN should never also be sent or received on the Guest network. As I said the basic testing I did indicated this was now the case on the AX generation of Orbi.
great if that is the case. My Tesla connects on the new network without the reboot cycles but won't download anything so I was surmising it was a network bleed issue.Z42985 wrote:
SW_ wrote:By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest
You used the word should, and I agree it SHOULD be isolated but the previous generations of Orbis have what I would consider an abusrd security flaw in that they don't actually keep ALL of the packets seperated. They also don't even use the different subnets. You'll find some other long threads about this topic.
OTOH the new Orbi's use a different subnet, that unfortunately is not configurable (yet?), and as far my basic testing went are actually isolating all traffic between the two networks.
Yes, the Orbi can do that now via firmware update long after I had to switch to the pro.
SW_ wrote:I don't have this new model, but it's possible to do what you want with older model RBR50 via Guest Network. By default Guest Nework is not allowed to see local network and other clients on the same Guest network. If you put Tesla on Guest with a separate Guest SSID, it should be isolated from the rest.
Check out this: How to separate 2.4GHz/5GHz SSIDs for Guest Network