Reply

Re: R7000 Guest network ip range?

wififan
Aspirant

R7000 Guest network ip range?

I just setup this unit with relatively default settings - meaning I changed SSID for all 4 Networks, changed passwords / pins, etc

 

I need help assigning an IP range to the Guests networks which is different than the non-Guest networks.

 

Lil' help?

 

TIA

Message 1 of 9
wififan
Aspirant

Re: R7000 Guest network ip range?

Forgot to clarify:

- single unit

- xfinity service

- no fancy bridging, etc. desired

 

I just want guests to not be able to access internal network resources via ip addressing

Message 2 of 9
TheEther
Guru

Re: R7000 Guest network ip range?

The R7000 has no provision to assign a dedicated range of IP addresses for guest users.

 

Instead, just go to the Guest network setup page on the R7000 and make sure that Allow guests to see each other and access my local network is not checked.  This will prevent guests from accessing internal network resources.

 

 

Message 3 of 9
wififan
Aspirant

Re: R7000 Guest network ip range?

@TheEther - when you write "... This will prevent guests from accessing internal network resources ..." - how, exactly, does this work?

 

For example, if I have a NAS/SAN which lives on the LAN, or a printer, or whatever, how does a checkbox inside Netgear software prevent someone from hacking into my Guest network and geting to my NAS/SAN??

Message 4 of 9
TheEther
Guru

Re: R7000 Guest network ip range?

I don't work for Netgear, so I can only make an educated guess.  The software certainly knows which devices are connected to the guest network.  It can drop packets from those devices targeted to non-guest devices in the LAN and vice versa.  It probably identifies traffic by the joined Wi-Fi network (guest or non-guest), IP address and possibly also by MAC address.  Ideally, it would check all 3 but it's probably sufficient to filter just by the Wi-Fi network.

Message 5 of 9
wififan
Aspirant

Re: R7000 Guest network ip range?

@TheEther - thx for taking the time to respond.

 

How do I escalate this to a Netgear employee / community Mod so I can get an accurate answer?

Message 6 of 9
TheEther
Guru

Re: R7000 Guest network ip range?

You can either hope for a moderator who has access to Netgear employees to respond, or send a private message to one directly, or click on Support at the top of this web page, then Contact Us > Get help on my NETGEAR product to get help.

 

FWIW, I'm pretty confident about my guess.  I am a software engineer in the computer networking industry.  While I don't specifically work on Wireless Networking, I'm pretty knowlegeable about general networking principles.  What I described is how I would implement a guest network.

Message 7 of 9
wififan
Aspirant

Re: R7000 Guest network ip range?

@TheEther - you may have misunderstood my reply ... I don't think your approach is incorrect; rather, I want to know how these yahoos built this?!? Meaning, I currently have four SSIDs - Guest 2.4, Guest 5, Internal 2.4 and Internal 5 - on the same subnet (WTF?!?!)

 

Use case: I have my laptop on I5 and a security cam of my sleeping kid on I5 ... someone hacks into G2.4 ... since *ALL FOUR* SSIDs share the same subnet, it is only a matter of time until the hack has my sleeping kid on video.

 

Apparently there is some magical checkbox for 'don't let other wifi clients see stuff' which operates on undisclosed tech?? If I wanted a 'just trust us' approach to wireless security I would save all this hassle and get an OnHub 😉

 

Again, thx to @TheEther for the guidance to submit a ticket.

Message 8 of 9
TheEther
Guru

Re: R7000 Guest network ip range?

I can understand your concern and looking for an explanation can often help alleviate fears. I'm not sure that an explanation from Netgear, should they choose to provide one, is going to allay them. You may simply have to trust them on this. After all, you are trusting that router generally works. If you can't, then you can use a second router as a dedicated guest network.

With respect to your use case, a hacker can just as easily attack your internal 5 GHz network directly. The fact that two internal Wi-Fi networks are on the same subnet does not make it significantly less safe. I suppose Netgear could have put the guest network on an entirely different subnet but what would make you trust this to be any more secure?

The first and main line of defense for Wi-Fi is a strong password. I use passwords of at least 16 characters in length. Ideally, they should be totally random or use the first letters from a long, memorable phrase that only you know. For convenience, you cab use a simpler password for the guest network, but it should still be long. For example, HumansTakeFlight, though this one is not ideal because it lacks numbers and special characters.
Message 9 of 9
Discussion stats
  • 8 replies
  • 4671 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 6E