- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Orbi Wifi Pro mini appearing as device in VLAN
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Orbi Wifi Pro mini appearing as device in VLAN
I am using the SXK30 as an AP and created 2 VLANS (i.e. home (VLAN ID1), guests (VLAN ID 20)).
It is working well, however, when I check my router the SXR30 (the main unit) appears under the devices connected to both VLANs. So in VLAN 1 it appears under an IP under VLAN 1 and in VLAN 20 it also appears as a device with IP under VLAN 20.
What could be happening here or how do I fix it? Shouldn't the AP not appear in each VLAN since its not part of the VLANs?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi Wifi Pro mini appearing as device in VLAN
Hello @lostgear
And welcome to the NETGEAR Community! 🙂
Is this your topology?ISP -> SXK30 (main router ; vlan 1 and vla20 ) -> SXK30(AP)
Now SXK30 AP appearing in both VLAN1 and VLAN20 connected client list?
If so what is the SXK30 master port configuration : trunk/access and VLAN configured on port to which SXK30 AP is connected?
Have a lovely day,
Nivedita Pa
Netgear Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi Wifi Pro mini appearing as device in VLAN
Hi,
Thanks for the reply. It is in AP mode.
ISP-Router-Swtich Port 1------SXR30 Port 1 (LAN)
Switch Port 2 - SXS30 Port 1 (LAN)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi Wifi Pro mini appearing as device in VLAN
I find my SXK50 does this as well. In fact it uses one of the VLAN's as it's default route.
I believe it is an artifact of the connected devices display. If the SXR did not have an IP address it would not be able to map the devices connected to the VLAN's. It also uses the DHCP info on the VLAN's to determine the subnet masks.
Unfortunately that also means the management GUI and ability to route through the SXR in order to escape VLAN confinement are both available to devices on the more restricted VLAN's.
Selecting "Network Isolation" in the vlan setup plugs most of the holes but unfortunately the ebtables "GUEST" chain is part of both "INPUT" (routed) and "FORWARD" (bridged) chains. That big hammer precludes more sophisticated firewall rules in your main router such as one-way access to printers or IOT devices not possible with stateless ebtables rules.
I would like an option that left FORWARD alone but dropped all traffic other than existing exceptions and vlan 1 from INPUT.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi Wifi Pro mini appearing as device in VLAN
Glad to know I am not alone. Should I still turn on network isolation between even if my switch and/or router is already separating them? setup is SXR30 (VLANS 1,2) in AP mode, connected to Switch connected to Router.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi Wifi Pro mini appearing as device in VLAN
I would say if you can then you should isolate vlan 2 if only to disable the GUI access.
Personally I can not because I allow limited routing between VLAN's -- DVR and printers for instance can be accessed from any vlan. One-way access can not be granted with the stateless ebtables firewall -- either the requests or reply's end up blocked.
The issue without isolation is that if a malicious user changes their default route to the SXR IP then they can vlan hop to any subnet that has a valid return route. Likely the traffic never even hits the router so it is tricky to block.