NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Creare rete guest senza supporto vlan
Firmware V 3.1.0.12 Salve. Come posso settare il WAC510 per configurare una rete guest, che ovviamente abbia il solo accesso ad internet senza assegnare una vlan diversa ? Purtroppo de...
Hello there, Thanks for reaching Netgear community.
Without VLAN support in your infrastructure, It is difficult to setup a guest network with v3.1.0.12 firmware.
Please wait for next release with some new exiting features. With new firmware release you should be able to create a network to isolate it from your local network.
Stay tuned!
Thanks.
-Sharan
Retired_Member, is this "client isolation" a different feature from the "client separation" documented in the WAC505 User Manual (for example) on p.36 ff.?
"By default, client separation is disabled for a WiFi network (SSID or VAP), allowing communication between WiFi clients that are associated with different WiFi networks on the access point. For additional security, you can enable client separation."
In the industry common terms, this documented "client separation" feature is usually named "client isolation". The purpose is to suppress direct communication between Wi-Fi STA within the same AP STA (or uncommonly within the same access point).
Assuming these are two different features (what I doubt, can't check because my WAC are all in Insight cloud mode): Does the "client isolation" also deny communication to other systems on the same network - WLAN, switched LAN, other WAC, ... (read TCP/IP subnetwork) only permitting communication with the default gateway so only Internet access is possible? This is the way the Guest WiFi is implemented on the Nighthawk routers - however it's a constant source of complaints, as other (W)LAN IP can be pinged, Multicast traffic is still open, and much more denying the intended purpose of an isolated guest network on the same (W)LAN - without proper VLAN separation.
Edit: In Insight (App 4.0.11, Cloud 4.0.11.3), we only have a control for "client isolation" - which is obviously for what I understand being "client isolation". While one does commnly enable this on guest networks, this does not make a Guest WiFi capability on the same subnet.
Salve, proseguo la discussione in italiano.
Purtroppo l'aggiornamento firmware non risolve il mio problema.
Mi spiego meglio, ho attivato due SSID
la prima chiamiamola "wifi1" senza Client Isolation dove per sicurezza ho attivato la MAC ACL, VLAN ID 1. Mi collego a questa SSID con un tablet ed accedo ad internet e a tutte le risorse in rete (NAS, switch etc)
la seconda chiamiamola "wifi1 guest" con Client Isolation con Captive Portal, VLAN ID 1. Mi collego con il tablet ed accedo ad internet, ma continuo ad accedere alle risorse di ret (NAS, switch etc.)
Forse mi è sfuggito qualche importante settaggio?
Grazie.
Mi dispiace, I'm not that fluent in writing Italian - reading and talking is easy 8-)
essellewrote:
...la seconda chiamiamola "wifi1 guest" con Client Isolation con Captive Portal, VLAN ID 1. Mi collego con il tablet ed accedo ad internet, ma continuo ad accedere alle risorse di ret (NAS, switch etc.)
Forse mi è sfuggito qualche importante settaggio?
Niente ... you miss nohting. Exactly the behaiviour I would expect from this configuration. As I said Client Isolation (or "Client Separation" as per the December 2017 User Manual) does not make a L2 Guest network isolation beyond of the pure STA wireless network.
OK
at this point if I configured the WAC510 as a router and associated the guest network to a different VLAN ID (for example 100) and the DHCP server of the VLAN 100 as a result of 192.168.100.xxx?
keeping VLAN 1 with its DHCPserver (192.168.1.xxx as a managment?
The guest clients would access the VLAN 100 and would have a 192.168.100.xxx address and would see the internet but not the network resources (NAS etc.)
Thank you.I don't think the router mode is intended for this use case, too. The WAC510 router mode is a dead simple NAT router to connect a single subnet to an Internet connection (modem/FTTH or the like) for a many2one NAT - about what any €9.95 router can do. So either check with your ISP on how to get multiple IP addresses (a small subnet with public addresses) on your Internet link, or deploy some L2 or L3 (the second one might inherit double NAT) router or security appliance where you can properly isolating the guest VLAN (or physical LAN for the sake of it).
Now let's wait for NTGR to reply (I've pushed this to the WAC5xx preoduct managers) - to me the situation with this VLAN-less guest network feature annoucement is still more than vague. And at least on the IM4 managed environment, I can't see something obvious.
Gentile esselle,
le consiglierei di contattare direttamente il supporto tecnico al riguardo
Saluti
Elisabetta
Team NETGEAR
Cara Elisabetta, cosa può aiutare Netgear Support in questo problema? Al momento una funzione di rete ospite senza una VLAN dedicata non è disponibile...
NETGEAR Academy
Migliora le tue competenze con la Netgear Academy - Formati, certificati e rimani aggiornato con la tecnologia Netgear più recente!
Unisciti a noi!
ProSupport for Business
Piani di supporto completi per l'ottimizzazione della tua rete e la tranquillità della tua azienda.