Re: wireless isolation


wireless isolation

after upgrading the firmware i found a new option
wireless isolation.

what does that setting do?
Message 1 of 8

Re: wireless isolation

sorry what i meant was

this option is available in both guest network and regular wifi network.
there allready was an option to give users access to the local network.
is this option perhaps a bit redundant, at least for the guest network.?
Message 2 of 8
Not applicable

Re: wireless isolation

It blocks wireless connections from connectining to you wired PC's. Does "help" not give an explantion for this? Enable Wireless Isolation If checked, the wireless client under this SSID can only access internet and it can‘t access other wireless clients even under the same SSID, Ethernet clients or this device. Other clients can‘t access the wireless client, either.
Message 3 of 8

Re: wireless isolation

Wireless Isolation is a fairly rare feature on home based routers. When switched on, it stops two computers on the wireless network from seeing each other, but still allows you to see computers on the wired network . . .

g00gle for more information . . . Smiley Wink
Best regards,

Nat Ray MCSE/MCT since 1997


Cox Communications > SB6120 DOCSIS 3.0 > WNDR3700v1 (4), WNDR3400v2 (2), WPN824v2 (2), R7000, RT-N66R *AP(s) via Wired Backbone* > Ooma Telo / D-Link DGS-1024D > NeoTV-550 (3) . . .** HPEnvy800 -PHX **

DD-WRT v24-SP2 (12/14/11) std. Build 18007

Optimize your network: Disable IPv6 . . . Post responsibly . . .

‘Quality trumps Quantity’
Message 4 of 8

Re: wireless isolation

So ray vs. ray ... which is it? Searay says it isolates wireless from wired, NatRay says it isolates wireless from wireless.

I just downloaded the V1.0.7.98NA firmware (pretty much could get nothing on "guest networking" working before that). I setup separate b/g/n and a/n wireless networks, added a Guest network on b/g/n with both "wireless isolation" ON and "Allow guest access to My Local Network" OFF.

My basic network topology is cable modem -> wired router (DHCP provider -> multiple wired nodes and wireless routers. The WNDR3700 has a static IP of on the wired (WAN) side, and serves up wireless addresses in 10.10.0.x.

However, when I connect to the Guest network wirelessly (IP address provided by the 3700), I can still ping every device on the wired side of the LAN (e.g., in addition to getting to the Internet. This is the OPPOSITE of what I want - I assumed "guest network" + isolation = the guest network can only see the Internet, not be routed to every other node on the LAN.

Incidentally if I plug in a computer into one of the wired ports on the WNDR3700 the behavior is the same - 10.10.0.x address, but can ping anything on and Internet.

I suppose they figure you only have one wireless router on the network (WNDR3700) and it connects directly to the Internet (i.e. cable modem). By virtue of the wireless router being on the network, I guess it can't tell the difference between a LAN and Internet address, since the cable modem's providing the NAT.

Any ideas of how I could get a truly isolated guest network in this configuration? I have other reasons for keeping the rest of my network configured as it is; I just wanted to add a guest network using this feature of the WNDR3700.

Message 5 of 8

Re: wireless isolation

You are able to ping the wired devices on the network, that's true. However, you will notice if you try that you can't do anything else.

The guest isolation this router uses amounts to blocking all ports to pretty much everything except the LANs DNS and DHCP services. All other ports, on all other machines, are blocked by the router.

So it doesn't give you obfuscation (hiding what's there), but it does give you a pretty decent firewall.
Message 6 of 8

Re: wireless isolation

Wireless isolation was commonly used for securing guest networks from accessing one's internal network/client/servers from a SINGLE shared router... but different manufacturer will implement it slightly different from one another. It is not often used as this single point of failure can allow an intruder to access your main router and/or other connected "trusted" routers' devices.

Noways, it is better to have a good router/intrusion detection/captive portal system, and stick one or more cheap/recycled router on a separate channel for your "guests/subscribers/etc". VLANs can be used to further enhance security in such a setup.
Message 7 of 8

Re: wireless isolation

That is why like guest gate , guestgate,com which has layer 3 switch , wifi with good amount setup you can as addo-on unit to any existing network Smiley Happy
VPN Case Study


"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

June Mizoguchi-
Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 4 kudos
  • 7 in conversation

Orbi WiFi 6E