NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Guest network can't access internet when client isolation is enabled
Hi, I got an AX1800 wireless AP. I'm trying to set up a guest network and personal network. I configured each of them to have a separate SSID and separate VLAN. My problem is that when I "enable ...
We have made some improvements to address your issue mentioned here. Current ETA to release the firmware is in mid of March.
Kindly wait till that time and provide your feeback.
Thanks,
Raghu
We have made some improvements to address your issue mentioned here. Current ETA to release the firmware is in mid of March.
Kindly wait till that time and provide your feeback.
Thanks,
Raghu
Sorry to cut into an existing thread, but I installed the mid-March firmware on my AP such as WAC564 in non-Insight mode which had an SSID -Guest with Client Isolation, guest did not have any problems before the firmware update. No changes from default VLAN so I'd guess you'd call that Management. After the firmware update the client gets DHCP address but internet access such as tracert 8.8.8.8 fails.
Since it seems like it might be related to this, any chance you can explain your "improvements" - maybe there is some setting I need to go in and change, or maybe there is an issue which requires me to try something like toggling the Client Isolation off and then back on again? This was an item in the release notes (I am not doing URL Filtering and I think my using defaults means there is no non-management VLAN): Fixes the issue where clients cannot connect to the Internet if they are connected to the SSID with both Client Isolation and URL Filtering enabled on a non-management VLAN.
This is at my church, where I have updated four of the APs on the same LAN but left one on the previous firmware because it is WAC505 in router mode and I could not interrupt it in active use. I'm going back tonight to update that one, and will try to reply to this post if the guests are suddenly able to access internet again.
- I updated remaining AP, actually WAC510 (not 505) in router mode. -guest still failed to get internet. All default vlan 1 like I said. So I went into web GUI and under the -guest isolation checkbox I disabled the access to the AP GUI and Applied. That made -Guest get internet again! No idea whether it was just needing to apply any change to those settings, but it was easy for me to click that box about access to the AP GUI (rather than trying something else such as toggling isolation off and back on again).
Here a recap of the new bug for any Netgear firmware engineer out there, and another data point.
Models which got the mid-March firmware update such as WAC564 (presumably also WAC505 and WAC510 etc) had been running fine in standalone mode with a standard SSID such as Zero Day setup and a second -Guest SSID with defaults except Wireless Client Isolation enabled (no URL filtering or non-default VLANs or anything fancy like that). After firmware update, clients on that -Guest SSID could not access internet anymore.
New data point is that going into the web GUI for that 564 AP and simply toggleing the Wireless Client Isolation off (then Apply) then On again (then Apply) seemed to fix the problem. It was not necessary to change anything with the allow access to AP GUI checkbox that I mentioned (that was just an easy/convenient change for me to be allowed to "Apply" which is what seems to be the bug workaround).
I'm glad there is this workaround, but hopefully there can be a firmware fix and/or let the support group know, since I would think this could be common situation.
Doug,
Tell us a little bit more about the LAN IP config of the WACs (DHCP or static?) as it appears the point they enhanced was related to the static IP case. Also tell us more bout the guest network - what security mode is in place there?
There is a cryptic known issue in the WAC540 / WAC564 Firmware Version 9.3.0.5 stating "WAC564 static radio configurations are not persistent across reboot. Workaround: Reconfigure the static radio configurations." I'm little bit lost of what they understand under the term "static radio config" here.
No issues with the guest networks and client isolation (some with WPA2 Personal, some open with OWE, or OWE and OWE transition mode (using the simple captive portal) on 505/510/540/610... all under Insight management. Still the best investment ever in my opinion.
Regards
-Kurt
Sorry there is one thing I guess isn't answered to your question by me saying "defaults" like I did (so DHCP since that is a default). That is the SSID I added for -Guest has a WPA2 password (ten numeric digits in my case). Not Open, not Portal, etc. Thanks for the mention of cryptic known issue, my three tests were all in locations where WAC564 may have been strongest AP (instead of two WAC505 and one WAC510 that I also have). It is indeed cryptic enough to potentially match my situation - no static IP addresses but static in the sense that I do standalone config using GUI and then don't make further changes until the router reaches end-of-life (which used to mean thunderstorm lightning zap but I'm hopeing I solved that by replacing lots of copper runs with fiber runs). Personally I would think "static radio config" might instead mean something like choosing a specific radio channel instead of "auto" (and mine are "auto").
Sorry but Insight just doesn't fit with my model at church. The exception was when I tried using a recently purchased BR200 router at home, Insight worked well for that until a couple days ago when it said that it will end after a 30-day trial. I took that as an excuse to further test/"prove" that my BR200 was causing delays in my clients DNS requests (when the DHCP assigned 192.168.1.1 forward/relay was adding around 70ms), and I wasn't willing to go to each of 50 clients to set their DNS manually to some different address. Switching to an Edgerouter solved my DNS slowdown.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
