I opened a ticket on this topic. After several months, they provided a patch for the WAX220. Everything related to inter-VLAN-routing seems to work now. I guess soon there will be patches for the other devices too.
*For the future readers: There is no intention the WAX220 nor any other Netgear Wireless Access points are supporting this kind of routing. These AP do just allow multiple SSID linked to standard dot1Q (802.1q) VLANs.
Pretty sure he mis-spoke.. the bug is that the AP does not seem to support is traffic coming in on one VLAN + SSID over wireless, being sent upstream over wired, then coming back over wired to be sent out a different VLAN + SSID.
After reading this thread and others like it, I'm furious, happy, vindicated, relieved, and disturbed simultaneously. All of these appear to mention what, for all accounts, seems to be the same issue I've spent almost a year dealing with. I have had persistent problems with my network since rebuilding it last spring. My setup includes 3 WAX630E units, a WAX620, and a WAX610Y, all managed via Netgear Insight. This is complemented by switches: 1x MS510TXM, 1x GS110TPv3, and 2x GS108Tv3. These switches are not set to Insight Managed Mode, so I can utilize IGMP snooping, MLD snooping, and DHCP relay functionalities, which are unavailable through Insight management.
Despite my CompTIA Network+ certification and a fundamental solid understanding of networking, I'm stymied by an inter-VLAN communication issue particularly affecting wireless devices. Devices such as wireless speakers, printers, and anything that “casts” intermittently respond to pings but fail to work correctly for their intended purposes. Even after setting up IGMP/MLD snooping correctly, which has resulted in a much smoother, faster, more responsive network experience with no issues when adding smart home devices—direct wireless device-to-wireless device communication remains a challenge.
Another issue I've encountered is a peculiar scenario where my Firewalla Gold Plus router assigns guest VLAN IPs to each AP, but only while in Insight mode; this is despite being connected to ports properly tagged for VLAN trunking with the PVID set as VID1. I can ping the APs using these guest VLAN IPs; however, I cannot access their web interfaces via this IP, which aligns with expected VLAN isolation protocols. However, while the management VLAN IPs are still pingable, their web interfaces are inaccessible. This behavior is not only unusual but also very concerning. I have not been able to determine why this happens, but it goes away on its own.
Furthermore, it is ridiculous that, while in Insight-managed mode, one cannot change the PVID of eth1 on the WAX630E. This limitation forces me to choose between being able to properly isolate traffic on my network as the AP is advertised as capable of doing or being able to manage all my insight-managed access points singerly via Insight Cloud Management, a service provided by Netgear so that the access points may communicate with each other to optimize radio power, channel, and frequencies. The inability to fully utilize all the product's capabilities simultaneously without being told about this limitation is 100% unacceptable. We have been forced into an unwelcome trade-off. It certainly makes one wonder if Netgear was aware of this limitation when the device was released yet chose not to disclose it.
While I understand the community will not have a solution to these device issues, I'm keen to know if anyone has heard of any efforts by Netgear to address them or problems similar to what I’ve explained. Any information on upcoming firmware updates or any potential recall would be beneficial. Any insights into Netgear’s actions to remedy (or not remedy) this situation would be very welcome.
I'm also facing this exact same issue. The TCP session connects to the wireless device on a different VLAN but it will not pass traffic. Ping also works. This only happens if the two wireless devices are on the same AP but different VLANs. This is a significant bug. Can we get an update or do I need to return this product? I have verified it is not a router/firewall problem.
@rivadavia I second @Halcyonon 's thoughts here. This is an issue that's been known for several months but there's still no fix available. There's no telling if/when there will be one. So if this is a feature that's a must for you (as it was for me) better return the AP now before you are stuck with it.
I opened a case and spoke with support who stated that the problem is being actively worked on but that they can't make any claims about when the fix will be released. I guess I will be keeping the device and eagerly awaiting the fix.
So after giving support packet dumps, network diagrams, multiple explanations, the level 3 support rep said "Oh yeah we know about that problem, we don't have any plan or estimate of resolution, you should return the access point" So I returned it. Needless to say I won't be considering Netgear for my future networking needs.
