NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WAX220 Guest Network - Unsecured
Do not buy this Access Point and expect a secure Guest Network. The original firmware had an option for L2 Isolation, but updating removes this option and reverting does not restore it. The Guest Network is broken, since it allows access to any device connected to the internal network via Ethernet with no way of isolating.
It is a bad joke that even the WAX214 has better security and allows for L2 Isolation on both guest and regular SSID's.
In 2023, implementing a proper Guest Network is something that apparently too complex for the firmware developers here. They'll push for selling more cloud subscription crap, but they can't even get something like this done correctly. No idea how anybody could justify paying a monthly fee and expect things to be properly secured after seeing this.
Also, the timezone seems to keep defaulting itself to Pacific Standard Time. Did QA even test this model?
schumaku wrote:
Retired_Member wrote:Who knows what else is not working as intended...
Whatever impression you want to bring up with such shabby comments and poorly formulated subject lines. just poor sportsmanship or bad intentions?
Unexperienced users (some >99% of the readers in such a user community) tend to understand "WAX220 Guest Network - Unsecured" very different. Wouldn't "WAX220 Can't enable Client Isolation to Block LAN Subnet Access" describe the effective information much better? Just my 2 Cents.
Reminder: We talk about essential wireless AP products WAX214v2 (street price less than 88 USD ex VAT!) for a WiFi 6 AX1800 Dual-band PoE Wireless Access Point, and WAX220 (street price less than 129 USD ex VAT) for an AX4200 Dual Band AP with a 2.5 GbE network connection.
You really love those partial sentences, don't you? I didn't know this was a competition, Mr. Good-sport.
Unexperienced users absolutely need to be made aware of a product that has flaws. Quit defending a company you say you claim to not be affiliated with. You're playing a semantics game because you have a must-be-correct complex at this point.
You still haven't tested the WAX220 as thoroughly as I have, and you just glazed over some basic stuff, like an NPC help desk rep.
Here's a real reminder: I just picked up a different brand, and return all the Netgear products I bought. The competitor was even priced almost identically for each product (switch and access point), and they offer A LOT more control, along with functionality that isn't broken.
The solution? Buy something else, don't waste your cash till Netgear decides that firmware is important, again.
Done with this thread, the replies coming in are from sources out of their depth.
14 Replies
Retired_Member wrote:
Why does the WAX220 also set up the DHCP Snooping alarms on a switch when trying to connect a device to a NON-Guest SSID, but the WAX214 does not?
The WAX220 has no idea what your switch DHCP Snooping is or does, regardless if it's a non-guest SSID (so the DHCP handshake from the wireless client is hand-over) or an Guest-SSID which does represent a designated private IP subnet dedicated to the AP.
Much more informative (for the future readers) would be what your unknown switch does report or complain on the DHCP snooping processing.
Have an eye in the DHCP RFCs for example. These AP, or in general any AP don't do anything like you describe.
Retired_Member wrote:
Perhaps this AP's firmware was poorly put together?
May i ask to adjust your transmitter frequency or the modulation a little bit, please? The reception is poor.
schumaku wrote:
Retired_Member wrote:Why does the WAX220 also set up the DHCP Snooping alarms on a switch when trying to connect a device to a NON-Guest SSID, but the WAX214 does not?
The WAX220 has no idea what your switch DHCP Snooping is or does, regardless if it's a non-guest SSID (so the DHCP handshake from the wireless client is hand-over) or an Guest-SSID which does represent a designated private IP subnet dedicated to the AP.
Much more informative (for the future readers) would be what your unknown switch does report or complain on the DHCP snooping processing.
Have an eye in the DHCP RFCs for example. These AP, or in general any AP don't do anything like you describe.
I mean to say set OFF the DHCP Snooping on my switch, causing it to block clients from accessing the internet.. I tried the exact same configuration with the WAX214v1, and I did not have to disable DHCP Snooping to get the AP to work like the WAX220 needs.
As for the switch I used, it is a GS308T.
Retired_Member wrote:
To clarify the Time Zone bug, it only happens if you check the Day Light Savings time box, and change the Time Zone from the DEFAULT one. Unchecking DST, then changing the Time Zone, then rechecking DST, will save it.
Thank you, nice find. Should be easy to fix for Netgear.
schumaku wrote:
Retired_Member wrote:To clarify the Time Zone bug, it only happens if you check the Day Light Savings time box, and change the Time Zone from the DEFAULT one. Unchecking DST, then changing the Time Zone, then rechecking DST, will save it.
Thank you, nice find. Should be easy to fix for Netgear.
After being logged out of the WAX220 for a little while, or possibly changing some settings on another page, the Time Zone will still unfortunately revert back to it's default setting. The bug grows.
Retired_Member wrote:
Do not buy this Access Point and expect a secure Guest Network.
i was almost set confirming your (hard to believe) information, as i like to take challenges. Indeed, for a moment it appeared to me the web UI controls for Ordered factory new WAX220 and WAX214v2 and took the the plunge.
Retired_Member wrote:
The original firmware had an option for L2 Isolation, but updating removes this option and reverting does not restore it. The Guest Network is broken, since it allows access to any device connected to the internal network via Ethernet with no way of isolating.
This all tastes to me like an odd problem
Retired_Member wrote:
It is a bad joke that even the WAX214 has better security and allows for L2 Isolation on both guest and regular SSID's.
As I believe in good stories, and don't like bad jokes except from those I'm coding myself, please allow me to post some screenshots taken these minutes.
WAX220, v1.0.3.0
WAX214v2, v1.0.2.2
In no way, I don't want to insist there is no issue or problem. Can't get it out of my head, believe having seen the very same Web UI (e.g. on current Chrome or Edge) with the two lines missing or hidden. Afraid, have not spotted any obvious cause.
For my part, I don't like the (i) text ... it's not clear enough to me at least. That's why I included it on the screenshot above.
schumaku wrote:
Retired_Member wrote:Do not buy this Access Point and expect a secure Guest Network.
i was almost set confirming your (hard to believe) information, as i like to take challenges. Indeed, for a moment it appeared to me the web UI controls for Ordered factory new WAX220 and WAX214v2 and took the the plunge.
Thank you, that confirms my suspicions of the WAX214v2's firmware, but I should have said I tried out the WAX214v1, which has noticeably different firmware. The L2 Isolation is present there and the Guest Network does not allow clients to access the LAN.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
