NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ex3700 in access point mode needs internet connection - interferes with DHCP to other access points
I have configured my new ex3700 as an access point with a wired connection back to my firewall. I also configured it with a fixed IP address and an invalid gateway address (as no gateway address is not allowed). However when it is on devices connecting to other access points frequently have problems obtaining an IP address.
If I enable internet access everything seems to work OK, but I do not want to give internet access to infrastructure kit such as this (none of the other WAPS I use have access to the internet).
It appears to be acting as a DHCP forwarder (although I haven't packet sniffed to check this as yet). A normal WAP has no need of an internet connection. How can I configure this device so it will work without itself having an internet connection, and not interfere with other access points / SSIDs?
3 Replies
When you "enable internet access", how are you doing that? By changing the invalid gateway address on the EX3700 to a valid one?
When clients connect to the EX3700, do you happen to know what gateway address they receive? Is it the gateway address configured on the extender, or the gateway address provided by the DHCP server? It had better be the latter, but I'm curious. How do your other WAPs behave?
It seems odd to be restricting Internet access at the WAP, presumably by using no or a bogus gateway address. A client connected to the extender could easily access the Internet by manually configuring a valid gateway address. Maybe you are banking on a layperson not knowing how to do this, but that's a broken security model. The firewall, protected from admin access by a password, is where enforcement of Internet access should be applied.
I doubt that the EX3700 is acting as a DHCP forwarder/relay because it is not a router. DHCP requests are broadcast, so the EX3700 should simply be flooding them on LAN and WLAN ports.
The wifi devices connecting through the ex3700 receive all their config from the dhcp server as you'd expect. The ex3700 as a WAP is merely acting as a bridge between the wired and wireless worlds here. The WAPs IP configuration is (I hope - as it should be) only relevant to the ex3700 itself. I am merely setting it up so that the WAP itself cannot access the internet - which I could also do in the firewall but if the device has no configured gateway address it can only talk to its local subnet which is how I prefer to configure any device that should not require internet access.
You seem to have a very poor understanding of TCP/IP if you believe that the configuration of a bridge can affect the configuration of devices that are connecting through the bridge. The only way the EX3700 would be able affect client configuration is if it was acting as a DHCP server with clients also configured to use DHCP. The last thing I expect a WAP to do is run a DHCP service or even act as a DHCP proxy. This latter would only make sense if the WAP was also a router which is the last thing one would normally want of a WAP.
It does though appear that the ex3700 is doing something DHCP shaped as when it is on, clients (even those not using the ex3700) sometimes take a very long time to receive their configuration.
I would not even have suspected this sort of thing a few years ago, but I bought a small cisco managed switch a couple of years ago that some cisco idiot had decided to put some layer 3 'security enhancements' in, which totally screwed up nfs and some apple stuff. Cisco had to produce a new version of the switch firmware to fix it as the 'enhancements' could not be configured or turned off.
c'est la vie
Why does my question about whether the EX3700 can affect the configuration of clients connected to it seem so far fetched when you are suggesting that it is affecting clients that are not even connected to it? Who has the greater misunderstanding?
Anyway, it's time for you to run Wireshark on one of the clients having difficulty while the EX3700 is on and see what's really going on.
