Reply

Re: SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.

SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.

SXR30 + 2 SXS30

V3.2.33.108

 

I'm having some serious issues with my vlan setup on this orbi system.

The goal is, to isolate everything on lan3 &wlan3 in the router.

192.168.30.1 is the ip for the router in the vlan.

192.168.30.2 is a raspberry pi running pi hole and a dns server.

I have Enable SSID separation for 2.4G/5GHz checked to fine control which devices connect to which speed network.

I have network isolation and client isolation set for the iot(30) vlan.

 

Issue 1, the major issue, Anything connected to the 5ghz band CANNOT see the dns server on 192.168.30.2. Anything connected to the 2.4G band works perfectly fine... too fine, actually........

 

Which brings us to issue #2:

I can subnet scan the entire 30.x subnet and see all devices and services open from any device attached to the iot vlan. Absolutely nothing is being isolated within the vlan. 

 

Which brings me to concern #3:

 

If isolation were actually working, how would the devices on the iot vlan be able to reach the dns server on the same subnet?

 

...help?

 

 

 

Message 1 of 8
DaneA
NETGEAR Moderator

Re: SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.

@Milkysunshine,

 

Welcome to the community! 🙂 

 

As far as I have checked, there is no issue logged for the SXR30 as per described in your post.  Let us try this.  Kindly update the firmware of your SXR30 to the latest firmware which v3.2.33.110-HotFix which fixes security vulnerabilities then check if the same problem will occur. 

 

You can download SXR30 firmware v3.2.33.110-HotFix here

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 2 of 8

Re: SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.

@DaneA 

 

Thanks for the reply. 

 

After the past few weeks of headaches and frustration, I'm not really interested in messing with beta firmwares when the released firmware feels like it is barely beta worthy as it is.

 

This device is... frustrating to say the least. I've had issues with MAC access lists, even worse dibilitating issues with the standard access control, non-working client and network isolation, random reboots of the satellites, the unit spamming DNS thousands of times an hour, DynDNS failing to update after about a day, traffic meter causing massive instability, and it frankly has an extremely lackluster set of firewall controls.

 

The MAC access list mistakenly allows wireless devices to randomly connect as the device thinks they are wired randomly. The wireless devices even show up in the connected devices are wired.

 

The access control tab TWICE had devices I could not modify at all. They were locked to disabled and flat out could not be enabled or deleted. This required yet a few more device resets. I don't trust in using it, and that really hurts my impression of this system.

 

I've already stated my issues with client and device isolation. They were never resolved.

 

Both satellites would randomly reboot. This required resets of both satellites, but they seem fine in AP mode.

 

Pi-hole shows the device hammering DNS thousands of times an hour, even with dns and dhcp disabled on the router.

 

DynDNS would flat out fail. It would have to be disabled, and re-enabled to start working again.... for a short while. Doing some research, it looks like this has been an issue on netgear routers for YEARS, and it still isn't resolved.

 

The traffic meter makes the device unusable. It butchers speeds, and causes reboots.

 

And why, for the love of anything, can we not change the login timeout???

 

After banging my head against the wall in frustration with not getting things to work correctly after several resets, and reconfigs, I decided to take a different approach. I repurposed my old desktop into a pfsense router, and put the Orbi in AP mode. This is quite frustrating since the Orbi is advertised as a business class setup, and that it may be in AP mode if the access control stuff actually functioned, but my ancient WRT54G had far more robust options than this. Even the Verizon 3100 gave it a run for the money with options, and blows it away in regards to stability.

 

I could have went with a different, and cheaper mesh AP setup if that was all I wanted. 

 

So the bottom line is, I wouldn't recommend this device to anyone. It doesn't do many things it should, and it isn't reliable enough for a critical business environment in my opinion.

 

My advice to anyone with a device still within the return window that stumbes upon this thread while coming across ANY of the issues I stated is to immediately box the product back up and return it. It's too late for me... Save yourself.

 

Message 3 of 8
DaneA
NETGEAR Moderator

Re: SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.

@Milkysunshine,

 

I suggest you to open a support ticket with NETGEAR Support here at anytime.  Kindly state your concern as well as you may indicate the link to this thread.  You can also upload the debug logs from your Prbi Pro WiFi 6 Mini devices.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 8
schumaku
Guru

Re: SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.


@Milkysunshine wrote:

If isolation were actually working, how would the devices on the iot vlan be able to reach the dns server on the same subnet?

The way I understand Netgear's simplified design (like these isolation on/off) I tend to state the isolated devices can reach the VLAN assigned subnet default gateway only, which does also serve as a DNS relay or the like. And no option to allow additional IP or MAC.

More complexity (or confusion) comes in if people add a wired backhaul, add switch ports exposing say this IoT VLAN for example as an access port, ....

Message 5 of 8

Re: SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.

Dupe
Message 6 of 8

Re: SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.

Nowhere does it state conditional network isolation if not using wired back haul.

Network isolation kinda worked, but client isolation did not at all. Wireless devices could easily see wired ones, as well as each other on the same vlan.

Even more confusion comes from the statement in the IoT wireless 3 advanced status saying "Allow IoT devices to see each other and access my local network On".

This isn't even an option to toggle on the pro mini. Looking at firmwares for other pros, it is an option that can be configured in wireless setup. For some reason, here it cannot.

Firmware is clearly an issue.
Message 7 of 8
BruceGuo
NETGEAR Expert

Re: SXR30 Orbi Pro Mini vlan isolation issues on wireless 3 with split ssid enabled.

Hi

 

In the statue page, "Allow IoT devices to see each other and access my local network On" is a bug since we don't provide this feature in wireless 3 anymore. We will remove the status. Network/clients isolation are managed by VLAN/Bridge setting. Can you upgrade to v4.2.0.122 and see if you still have the issue?

Message 8 of 8
Discussion stats
  • 7 replies
  • 1965 views
  • 1 kudo
  • 4 in conversation
Announcements