× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

Bridge group to isolate traffic

orbier981
Aspirant

Bridge group to isolate traffic

I have an Orbi RBK50 router with 2 satellite, and I also have a 2nd non-Orbi wifi router. I wanted to isolate the network traffice of my IoT devices from my laptops/phones. I put the IoT devices on the 2nd non-Orbi wifi router and put the laptops/phones on the Orbi router. I then enabled a bridge group for the Orbi router's port #1 (which the 2nd-Orbi router was plugged into) through the VLAN/Bridge Settings.

My goal was to make the IoT devices unable to connect to the laptops/phones (to mitigate potential future vulnerabilities of the IoT devices). Did I accomplish this network isolation?

If so, can anyone suggest a simple method to confirm the network isolation?

 

If not, can anyone suggest an affordable consumer device that would easily enable this network isolation?

 

Thanks in advance!

Model: RBK50| Orbi AC3000 High-Performance Tri-Band WiFi System
Message 1 of 5
CrimpOn
Guru

Re: Bridge group to isolate traffic

What about attaching the IoT devices to the Orbi guest network and not letting guests see the regular network?

 

Message 2 of 5
orbier981
Aspirant

Re: Bridge group to isolate traffic

I've read on this forum that the guest network is not truly isolated from the main network and that people have been able to access devices on the main network from the guest network, so I was hoping for an alternate solution.

Message 3 of 5
CrimpOn
Guru

Re: Bridge group to isolate traffic


@orbier981 wrote:

I've read on this forum that the guest network is not truly isolated from the main network and that people have been able to access devices on the main network from the guest network, so I was hoping for an alternate solution.


Your memory is correct.  There have been comments about the Guest network not being totally isolated.  The recent firmware updates have made changes to how Guest works.  It might be worth a few minutes to upgrade to the latest firmware and see if you can get access to anything on the primary network from Guest.  Of course, smartphone apps on the Guest network will still control IoT devices on the primary network because they go through "the cloud", much like when they are not connected to Orbi at all.

 

Disclosures: (1) I don't use the Guest network feature, and (2) I'm not confident that I would know how to "prove" that Guest is totally isolated from the primary network.

Message 4 of 5
CrimpOn
Guru

Re: Bridge group to isolate traffic


@CrimpOn wrote:

What about attaching the IoT devices to the Orbi guest network and not letting guests see the regular network?


I enabled the Orbi guest network and tried several of my network scanners.  They see the laptop I was scanning from, but nothing else.  I tried http and telnet to the Orbi router and satellite.  Both timed out.  One interesting phenomenon: one scanner filled up the ARP table with MAC addresses for most of the devices attached to the Orbi.  I checked several times.  (Delete Arp cache. Display cache - all gone. Run scanner. Display cache - they're back.)  There is probably a good reason why Arp needs to be enabled on the Guest network (to talk to the router or satellite, perhaps?)  It could be a lot of trouble for the Orbi to keep a table of "show Guests the Arp entry for these IP's,, but not any others.  Actually, a simple table might not work if devices on the Guest network are allowed to see other devices on Guest.

 

Anyway, I have exhausted my skills about how to get at the Orbi network from the Guest Wi-Fi.  Seems  pretty secure to me.

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 1830 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi 770 Series