- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Orbi RBR750 Wifi Guestnetwork and VLAN.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR750 Wifi Guestnetwork and VLAN.
Hi G4Net,
I was FW/SW engineer focus on protocols on L2/L2 management switch development and switched to WiFi AP design 20 years ago.
My wild guess/$2c about the truth behind why you are seeing this is: The Orbi system you used DID use VLAN to their own usage of some features/protocol implementation. But they might not think of there will be some "home user" like you would like to add smart/managemet switches onto the same network and playing with untagged/port based as you mentioned in the post about the setup you implemented. My guess is Orbi SW R&D leverage the tag based VLAN 3 to do their own control over the guess network and untag it after receiving on the Router side after striping it. But in the middle, you added some port and devices with VLAN ID 3. Also, the Orbi way leveraging this VLAN ID 3 got messed up by mixing some bugs they didn't provide any way out by some other ingress/egress rules.
So long story short, there are 3 ways you can try from here:
1). If NTGR Orbi R&D didn't mess up that much, you can try to config other VLAN to the group you want to separate from your production network(VLAN 1), guess a relative impossible to use VLAN ID as the VLAN you want to applied for IoT network, maybe like VLAN 113, to all your IoT PVID and tagged VLAN ingress/egress. From your description, I guess we probably don't have to list all the details of ingress/egress here for this configuration.
2). If 1). cannot resolve, that means you probably need to change your topology by:
a). Put all the wired IoT devices behind your smart switches: Hooked up all the wired IoT devices to the single smart switch already, either through 1 or separate into two(due to your physical instances maybe?). And if the smart switch doesn't support NAT(PPPoE too if your ISP offer the service trough PPPoE auth) or features normal home router will do the PPPoE dial-up through the actual bridge/router from ISP, i.e: FTTB FTTH bridging router with Fibre and Ethernet ports, get a new wired router for that IoT network. However, by doing this, you are actually have two routing systems at home and physically(in the spirit of L2 bridging protocol and VLAN) cannot talk to each other, unless you want to
b). Hack the dangerous game like set up default port based VLAN 3(egress) on port 5 for example(ingress on rest ports on the IoT designed smart switches are untagged as default, combinations you need to guess Orbi WORKS and try, you may feel..), and hook up that port 5 to your Orbi router or satellite(has to try and guess their VLAN leverage usage and mess up ingress/egreee rule due to I am making my best guess here and not Orbi R&D after all...). But this hack requires the packet storm control feature is available on the smart switch by limiting the pps(packet per second) during your trials and consistenly work after you figure out Orbi stuff.
3). Get a Orbi Pro with VLAN bypass from LAN to WAN enabled and then you don't have to buy the extra wired router and put your devices at home into two different L2 bridging systems and routing through different routers to the FTTH bridge provided by your ISP. But still, you might fall into same problems like standard Orbi if Orbi and Orbi Pro shared the same "leveraging VLAN ID" as foundation of their SW/feature implementation, say guess network. You still have to avoid the VLAN ID they probably leveraged and implement feature based on that VLAN ID, say VLAN 3 as my wild guess. So in other words, you still need to try to set your IoT bridge(VLAN) to some number like 113 for example to avoid the situation you are currently running into.
From your updates, budget is still a thing you don't want to avoid. So if you have time to play with it a little longer, try 1 and then 2a). then 2b). if you want to, firstly. If if of these wild guess doesn't work for you still, it means NTGR SW inside the Orbi system you have really messed up more than 1 or 2 situations that you probably don't want to spend more time to figure out how to avoid their bugs of exception handling of their lousy bridging/VLAN stealing based SW implementation. That's it.
Hope above information is not too lousy for you and maybe worth a try, few more times~ ^____^
-Dav Cheng-
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR750 Wifi Guestnetwork and VLAN.
@David_Ch strongly doubt, and fully disagree.
The Wireless Guest network isolation (a network that does only exist on the Orbi devices, Wi-Fi network!) is ä implemented on the proprietary Orbi consumer systems is purely a clever L2 filtering, not magically hiding some L3 VLAN tagging. This would have been unveiled over the any years the Netgear Orbi systems, abd a workaround would have been published long before.
The only area where VLANs are used is on the WAN (Internet) adapter, to implement a simple VLAN bridge to eg. one or multiple ports to connect some IP TV media boxes.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR750 Wifi Guestnetwork and VLAN.
Sure, it’s even nicer and good to know my wild guess is wrong. Wonderful.
BTW, VLan is L2 protocol, not L3. For some management switches I don’t want to point out, they have been implementing IGMP Snoopying through the hack/tight with specific VLan ID. STP/VLan/Any bridging protocols are L2 protocol.
Thanks for your sharing and proving I am wrong.
Cheers,
-Dav Cheng-
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR750 Wifi Guestnetwork and VLAN.
The best thing about the Community Forum (to me) is the opportunity to explore unusual technical issues.
It appears to me that this discussion has mixed two different topics:
- Attempting to isolate wired devices from the rest of the primary network. (The term IoT threw me at first because I did not read the problem carefully in:
https://community.netgear.com/t5/Plus-and-Smart-Switches-Forum/Orbi-RBR750-and-GS108Ev3-VLAN-issues/...
IoT is the description Netgear used to describe a WiFi network with different features from the primary network and the Guest WiFi network. That discussion was not about WiFi Iot. Rather it was an attempt to find a mechanism to prevent communication between two wired devices (thus on the primary network. Assigned IPs by the Orbi router.) and the rest of the primary network.
As @DaneA pointed out, the only way to achieve this would be through the use of a router than supports VLANs, which the Orbi residential product line does not. These managed switches support VLAN, but that cannot separate communication once it is delivered to the router or a satellite. - A discussion of what mechanism Netgear uses to separate devices on the Guest WiFi network from the primary network (wired & WiFi). As far as I am aware, this is no documentation available to the public which explains how this is done. Whereas the original Orbi WiFi5 products assigned devices on the Guest WiFi network IPs in the same IP subnet as the primary network, the AX product line (and the BE products?) use a separate IP subnet for Guest WiFi devices. Unlike the original Orbi, which allowed the owner to enable (or disable) the ability for devices on the Guest WiFi network to communicate with the primary network, AX products offer no option. Guest WiFi devices can communicate only with the Internet.
This means that packets to/from Guest WiFi devices travel through the same backhaul network between Orbi router and satellites as everything else (router-satellite communication, primary network communication, and WiFi IoT network communication. The topic of this second discussion is how Netgear identifies Guest WiFi traffic and keeps it separate from the primary network.
One solution might be to use VLAN tags on Guest WiFi packets and set up the backhaul network as a tagged VLAN.
Another solution might be to manage packets at the WiFi interface. - If the packet comes from a device on the Guest WiFi network, the only possible destination is the Orbi router gateway address. If this is the IP address, then send the packet there. If not, then drop the packet.
- In the reverse direction, when a packet arrives, use NAT lookup to find the internal IP address assigned to the device, then use ARP tables to discover which port to send that packet out. Same as with any other incoming packet. No need to involve VLAN in the process.
Of course, we'll never know what Netgear chose to do.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more