NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
WNDR4500v2: Wireless isolation doesn't work on guest network
Hi,
I have used this Router now for about 9 months and have been very happy with its performance. We have a home business and students regularly visit our home. We have recently had requests for them to get on our WiFi (because cell reception is bad), and I wanted to use the "Guest Network" feature to accomplish this.
Goals:
--Guest network is for student needing to access the internet only.
--Guest network will broadcast SSID and will be guarded with password, given to student at their request.
--Multiple clients on guest network should not be able to see each other. Just client and the internet.....that's it.
--Guests must be absolutely isolated from our regular WIRED network (plugged into the physical ports on the WNDR4500v2) and the regular WIRELESS network (via the WiFi on the WNDR4500v2). Assets on these internal networks (WIRED & WIRELESS) are lightly guarded and thus outside individuals must not be allowed to traverse these networks.
CONFIGURATION:
Router Model: WNDR4500v2
Firmware: V1.0.0.60_1.0.38
SETUP:
-Regular Wifi "WIRELESS" is ON:
"Enable Wireless Isolation" checkbox is OFF.
-Guest WiFi "GUEST" is ON:
"Enable Wireless Isolation" checkbox is ON.
"Allow guest to access My Local Network" checkbox is OFF.
-DHCP is ON
-"Enable AP Mode" checkbox is OFF.
Everything above seemed quite straightforward for easy configuration. However, it was a different story when I actually tested it.
I used my iPad to get on the guest network. I used the application called "Fing" that does an IP address scan on the entire network. Once identifying an asset, you can then run a more detailed scan by attempting to access various services on various ports of the device. Immeidately, the guest network showed every device on my GUEST, WIRED, and WIRELESS networks (combination of fixed and DHCP addresses). Not good! I then ran a more detailed analysis of the devices found all standard open ports (smb shares, webserver, terminal services) cound indeed be accessed from the guest network.
Is this a firmware bug? How do I deny guests access to everything but their connection to the internet?
By the way, the "Help" on the router configuration screen appears to describe the checkbox functionality BACKWARDS of the description. (I tried it both ways, just in case, but to no avail.) Probably a previous version or person-who-did-interface didn't talk to person-who-did-help?
"Allow guests to see each other and access my local network
When unchecked, users connecting to this guest network can only access the Internet and cannot access any other devices in the same network or in other networks, including the main network and the wired network. In addition, all the clients in this guest network cannot access router's management GUI or any other services provided by the router (for example, ReadySHARE Storage, ReadySHARE Printer... if the router supports these functions).
When checked, users connecting to this guest network can access not only the Internet but also all devices on all local networks, including the main network and the wired network."
Thanks!
Confirmed the WNDR3700v2 firmware (even when loaded in a WNDR3800) allows for a Guest Network, that does not see the local network. Allow Local Access (unchecked), Wireless Isolation (unchecked). Guests can print to a printer on the Guest Network.
14 Replies
Well that's somehow funny as I just had to setup the GUEST wifi here too for some similar reason and figured out the exact same issue !
WiFi isolation is just a joke and not working at all....
Any advise from the community or Netgear support yet ?
Thanks.
Did you guys try pinging devices?
The settings are correct.
The only way to isolate the devices on the Guest Network is to enable "Wireless Isolation".
If a device is connected to the Guest Network and Wireless Isolation is enabled, computers on the Guest network will not be able to ping nor see each other.
If you're saying that it sees each other and can still ping, then this could be a firmware problem.
Did you try to re-flash the firmware of the router and do a factory reset?
Yes PING is working (and any protocol and service) to/from any host despite of the "Wireless Isolation" checked on.
I did not try to factory reset nor reflash the device as I really have some other thing to do than screwing up my current setup...
Honestly this Netgear router have never been very satisfactory to me with tons of bugs and full freeze requiring hard reboot from time ot time (and usually a couple minutes after ANY change to the Wireless settings).
Due to the number of similar post about this exact device and issue (and same on some other models) this definitely sounds like a huge firmware bug that your engineers will be able to confirm and should already be aware off with proper Quality Assurance process before submitting for GA.
You are correct, the WNDR4500v3 (included) does not support the Guest Network configuration flexibility. You need the WNDR3700v3. It has two configuration selections that were SUPPOSED to be separate in the WNDR4500 but some ****one***** decided to combine the two functions.
With the WNDR3700 Configuration selections One: Guest network devices can see each other (or not) This is necessary to setup a Guest network Printer to allow guests to use a printer installed on the Guest network. Two: The second configuration selection is whether or not to let the Guest network devices see the Local network (or not).
Really frosted me to waste my money on a 4500 to replace a lighnting damaged 3700. I Just ordered a 3700 from Amazon at the suggestion of the Netgear Customer Service rep. The Guest network devices being visible to each other but NOT be able to see the Local network devices is a primary requirement of my system.
Confirmed the WNDR3700v2 firmware (even when loaded in a WNDR3800) allows for a Guest Network, that does not see the local network. Allow Local Access (unchecked), Wireless Isolation (unchecked). Guests can print to a printer on the Guest Network.
