Re: WAX214v2
@Retired_Member wrote:
WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
Translating this rant to laymen terms. Under some unknown conditions, it appears the controls for Client Isolation and the related Client Isolation Exceptions remain invisible. The Client Isolation does however work as designed if enabled. Guest devices (locally NATed from a private IP subnet - different from the classic wax214/218 design) will not be able to reach the local LAN subnet eg. like the ubiquitous 192.168.1.1 or 192.168.0.1 of many consumer routers in use behind the guest network.
@Retired_Member wrote:
Next, watch out if you're running a switch with DHCP snooping. For some reason, the WAX220 won't let a client connect on your internal network once you have a Guest Network enabled, unlike the WAX214v1. It appears to trigger some blocking with the Snooper on the switch.
None of the WAX2xx or for the sake 6xx does care or change the RFC DCHP, potentially breaking a switch with DHCP snooping enabled. Please provide the exact reports or log entries for further analysis (instead of scaring other customers here).
@Retired_Member wrote:
This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
L2 isolation feature exists on the WAX214v2, v1.0.2.2 or WAX220, v1.0.3.0 similar to the screenshot above), and works in my testing as expected. Not that I'm a Netgear voice or carrying such a hat. The real issue here seems to be the two controls are hidden in the Web browser under some conditions unknown to me.
@schumaku wrote:
@Retired_Member wrote:WAX214v1 had it implemented correctly... But, if the WAX214v2 is done anything like the WAX220 (very likely), then your Guest Network will be able to communicate with your internal network, such as logging to 192.168.1.1...
Translating this rant to laymen terms. Under some unknown conditions, it appears the controls for Client Isolation and the related Client Isolation Exceptions remain invisible. The Client Isolation does however work as designed if enabled. Guest devices (locally NATed from a private IP subnet - different from the classic wax214/218 design) will not be able to reach the local LAN subnet eg. like the ubiquitous 192.168.1.1 or 192.168.0.1 of many consumer routers in use behind the guest network.
@Retired_Member wrote:Next, watch out if you're running a switch with DHCP snooping. For some reason, the WAX220 won't let a client connect on your internal network once you have a Guest Network enabled, unlike the WAX214v1. It appears to trigger some blocking with the Snooper on the switch.
None of the WAX2xx or for the sake 6xx does care or change the RFC DCHP, potentially breaking a switch with DHCP snooping enabled. Please provide the exact reports or log entries for further analysis (instead of scaring other customers here).
@Retired_Member wrote:This all likely stems from Netgear's poorly developed firmware, specifically with the L2 Isolation.
L2 isolation feature exists on the WAX214v2, v1.0.2.2 or WAX220, v1.0.3.0 similar to the screenshot above), and works in my testing as expected. Not that I'm a Netgear voice or carrying such a hat. The real issue here seems to be the two controls are hidden in the Web browser under some conditions unknown to me.
Avoid a repost, so I'll link my related replies:
Test was pretty straight forward - Plugged WAX214v1 in, connected to a Guest Network, tried to access router admin page and was denied. Plugged WAX220 in, connected to a Guest Network there, tried to access router admin page and was successful. Did the same thing but with toggling DHCP Snooping on/off on a GS308T switch. Not exactly sure why the WAX220 only works if I turn off DHCP Snooping, but maybe it's something to do with the Guest Network's DHCP server and L2 Isolation since that's the big difference between the WAX 214 and 220.
The WAX220's Client Isolation is working fine... the L2 Isolation is not, nor is even visible. I can absolutely connect to 192.168.1.1 with a Client connected to the Guest Network on the 220, but not the 214v1. Just tried it again as I posted this.
The original firmware for the WAX220 has the L2 Isolation option visible, but updating it to any other version removes it. Reverting back to the earliest version of the firmware posted on the Downloads page does not restore that option.
@Retired_Member wrote:These WAX220's only support 4 SSIDs, ...
The subject on this thread is clearly marked as WAX214v2 8-/
I'd wish Netgear would enhance the Data Sheets for the Essential Wireless devices related to the max number of SSID, and the power settings available. Either way, for further reference, here the relevant sections from the fine documentation:
User WiFi networks
The AP supports four user WiFi networks that can broadcast on a single band or both
radio bands. These four networks are in addition to the management WiFi network.
Essentials WiFi 6 AX1800 Dual Band Access Point Model WAX214v2 User Manual p.34 ff. "User WiFi networks"
Essentials WiFi 6 AX4200 Dual Band Multi-Gig Access Point Model WAX220 User Manual p.34 ff. "User WiFi networks"
@Retired_Member wrote:...offer limited transmit power options along with very few advanced settings, ...
Manage the radio transmit power
By default, the AP’s radios transmit at full power.
If you have several APs in your network, interference could occur at full power. You can
set one or both radios to transmit at half or a quarter power. However, if you set the
transmit power too low, WiFi clients might not be able to connect to the AP.
If the AP is the only AP in your network and your WiFi devices are all fairly close to the
AP, you could use a lower radio transmit power, allowing you to save some energy.
Essentials WiFi 6 AX1800 Dual Band Access Point Model WAX214v2 User Manual p.70 ff., "Manage the radio transmit power"
Essentials WiFi 6 AX4200 Dual Band Multi-Gig Access Point Model WAX220 User Manual p.70 ff., "Manage the radio transmit power"
@Retired_Member wrote:... no L2 Isolation (the option was present, but not working on stock firmware and no longer even present in newer firmware releases),
Have ever reported your most likely local issue with Netgear support (the only formal correct way) or have you decided to just to register in the Netgear Community to make noise?
Amazing, being member of the WAX220 Beta Test community, and as an average unpaid idiot spending a lot of my spare time helping users here in the community, I can't provide another reply - because all the Beta units, and units I bought from Swiss Netgear retailers, paid with from my own hard earned money, ... do have the controls available, in my testing this works like a charm. Here on my WAX214v2 on v1.0.2.2 firmware:
Yes, I've identified some quirks and oddities in certain combinations, working with Netgear QA and Engineering. Convinced this will lead to some upcoming new releases later this summer 2023.
Regards,
-Kurt
Hello @WTomP
@WTomP wrote:
... due to continued login problems, related in some part to having 2 devices logged in at the same time, but Netgear support are puzzled why.
Must admit that I don't have the full picture why Netgear decided to simplify the WAX214v2 and the WAX220 Web UI, getting rid of the ability to track the open admin changes, and limit the access to just one device resp. source LAN IP address, limiting the capabilities for no obvious reason when comparing to the WAX214 and the WAX218.
Based on the current v1.0.2.2 (WAX214v2) and the v1.0.3.0 (WAX220) firmware, both throw such an information if having admin sessions open from different source IP addresses...
In my testing, this works as it should, of confirming to logout the other sessions is enforced, and the local password login is granted.
Can you please a little bit iterate more what is confusing to you or your Netgear support case?
TIA
-Kurt
