R7450 AP Mode Stop Guest access LAN

It is not clear (to me) that this is possible.

When in AP mode, the R7450 has no role in assigning IP addresses to client devices.  That happens on the primary router.  Devices connect to the R7450, either to one of the Ethernet ports or via WiFi, and the DHCP request that they broadcast is relayed to the primary router.  The primary router goes through its regular process and responds with a DHCP offer, either from the LAN Setup table (IP assignment) or from the DHCP "pool".  The primary router has no information about how the device connected.

It might be useful to look in the primary router Attached Devices display and see how devices connected to the AP are reported.  Do they show as 'wired' or 'WiFi'?

This is one of the factors that led to the creation of mesh WiFi systems.  (such as Google, eero, Asus, Linksys, TP-Link Deco, and Netgear Orbi & Nighthawk mesh)  The other factor is that devices connected to an Access Point or WiFi Extender often do not roam seamlessly between that system and the primary WiFi system.

You can't due to the AP being on same subnet as the host router. 

tkvoice wrote:

My question is how do I stop guest devices on the AP router from getting to my LAN? How do I lock a guest down to internet only?

Well, it is possible (despite the earlier comments from CrimpOn​  and FURRYe38​ ), but it does require a different setup.  Basically you don't run the R7450 in AP mode.  Instead set up both routers as routers.

                                                                        WiFi

internet --->--- R7450 Router ----->----- guest wifi

                                         |  

                                         |    R7450 LAN port

                                         |

                                         +-------------------> -------------------R6350 Router --->--- LAN and Home Wifi

                                                                                              R6350 WAN port

You would be running double-NAT on your main home network.  That would require some care in setting up port forwarding if you use that.  You wouldn't be able to use upnp on the R6350 either. 

But it would make it impossible for anyone connecting to the R7450 wifi to reach anything on the R6350 network.  Folks on the guest network could reach the R7450 web admin page, so you would need a strong password for that.  (Note you could reach the R7450's web admin page from your home network).

Beg to disagree.  This configuration will prevent devices on the R7450 Guest WiFi from communicating with devices on the R7450 primary network.

However, it will not prevent devices on the R7450 Guest WiFi from communicating with devices on the R6350 primary network.

Suppose the R6350 LAN is subnet 192.168.1.x (the default) and assigns 192.168.1.n to the WAN port on the R7450.

The R7450 LAN must be different.  The typical default for Netgear routers is 10.0.0.x.

Suppose a device on the R7450 Guest WiFi attempts to 'ping' any IP in 192.168.1.x.  The R7450 will say, "not on my LAN. Send this out the WAN port."

The WAN port will say, "hmmm. That's on the same LAN subnet as I am. Use ARP to find the MAC address and send it there."

This will solve half the problem.

I have an RBR750 in router mode connected to the primary RBR50.  The LAN is 192.168.1.x

The RBR750 LAN is 10.0.0.x and the RBR750 Guest WiFi LAN is 192.168.2.x

Devices on both the RBR750 primary LAN and on the RBR750 Guest WiFi LAN can ping devices on the RBR50 primary LAN.

Enjoyed the experiment.

This configuration can be set to keep any device on the R7450 LAN (primary or guest) from communicating with devices on the R6350 Guest WiFi LAN, but the objective is to keep them from communicating with the primary LAN.

Only a mesh WiFi system will do this.