Computer A is on VLAN "O20" with Client Isolation Enabled and Network Isolation Enabled Computer B is on VLAN "O30" with Client Isolation Disabled and Network Isolation Diabled
Why can i not RDP from Computer B to Computer A?
I thought having network isolation off on VLAN O30 would mean that it can talk to other VLANs?
I also tried as a test disabling the Network Isolation on VLAN 020 and still cannot RDP
Port 1 = Connected to ISP Modem = VLAN ID 1 (Trunk Mode) Port 2 = Connected to an unmanaged 4 port Switch = VLAN ID 2 (Trunk Mode) Port 3 = Connected to PC 1 = VLAN ID 3 (Access Mode) Client Isolation=On Network Isolation=On Port 4 = Connected to PC 2 = VLAN ID 4 (Access Mode) Client Isolation=Off Network Isolation=Off
From PC 2 I want to able to RDP to PC 1. As i understand Network Isolation is off on VLAN 4, so should be able to connect to VLAN 3?
I have RDP enabled on PC 1. Not sure what else i can check?
If you have separate VLANs, then you need configure static routes.
In SRK80, the solution will be to enable different wireless on same VLAN and enable client isolation for rest of the devices, with just these two clients allowed to communicate.
We will be adding mDNS gateway that will allow some know protocols to be routed across VLANs.
Please reach out to @BruceGuo via messaging to get a pre-release firmware if you want to try it out.
I wanted VLAN3 to be most secure as its a high risk computer. Hence i enabled client and network Isolation
Yet I wanted computer 2 VLAN4 to have access to computer 3. which i thought turning off network Isolation would grant me this.
I thought having Network Isolation on VLAN3 means it cannot communitcate out to other VLANs?
so in a scenario where VLAN3 was compromised, it cannot infect other VLANs.? same goes with Client Isolation, if enabled it cannot infect other client within the same VLAN
Having VLAN4 Netowrk Isolation off mean it should be able to talk to other VLANs in this case VLAN3
I thought having Network Isolation on VLAN3 means it cannot communitcate out to other VLANs? => Ans: Yes
so in a scenario where VLAN3 was compromised, it cannot infect other VLANs.? same goes with Client Isolation, if enabled it cannot infect other client within the same VLAN => Ans: Yes
Having VLAN4 Netowrk Isolation off mean it should be able to talk to other VLANs in this case VLAN3 => Ans: No. It means other VLANs can talk to VLAN4
So having disabled the Cliant Isolation and Netowrk Isolation OFF on VLAN 3 and also on VLAN 4 allows me to RDP between PC 2 to PC 1. But doesnt this defeat the purpose of VLAN as now the network communcication between both VLANs are now open? If one VLAN was compromised, the other VLAN surely will get infected? => Ans: Let me explain more. The desing of VLAN is to separate broadcast domain. Layer 2 packets will be only active in within a VLAN. So, if a PC is comprised and then it is flooding, other VLANs would not be impacted. But, it doens't prevent layer 3 attacks. The infected PC can still communicate across VLANs via https, smtp, etc. The design of network isolation enhances the security. It "compeletely" isolates inter-VLAN traffic.
Why can i not only enable RDP ports between the 2 VLANs so not everything is exposed? => Ans: we don't have this feature now. The design will be more complicated. The can be future work and will forward to PLM to decide when we can implement it.
Thanks for the explanations and gives a good understanding around how the Orbi Network Isolation works
I would be really intrested in seeing inter-vlan integration. being a £1k device, its very similar to my previous home user router which was around £100 and yes the Orbi has some nice advantages, but not feature rich which im still yet to see. comparing to somthing like Asus home router which has a whole vast of settings, i would expect this to be better. Performance wise i cant fault the Orbi, but really like to see what more can the Orbi offer.
Is there a beta version of firmware to be released with other tweaks and enhancements? when do major firmware updates are released?
