×  Introducing Nighthawk RS700 WiFi 7 (BE) Router. For more details, please visit Nighthawk Tri-Band WiFi 7 Router.

Start a New Discussion

Start a New Discussion

Reply

Netgear AP Mode

PM_13
Tutor
Tutor
‎2021-02-13 06:34 PM
‎2021-02-13 06:34 PM

Netgear AP Mode

Hi,

 

Need some input on this one before I put this into action:

 

I have two SSIDs running on Orbi router say "Home" and "Guest" and I deselected the option that allows machines on "Guest" to see each other. Thereafter I put the Orbi router in AP mode and plugged it into one of the ports of PfSense which is running two VLANs:

VLAN10: Home (only static assignment in subnet 192.168.10.x)

VLAN20: Guest (runs its DHCP subnet 192.168.20.x)

 

If there are no firewall rules that allow these subnets to talk to each other than is it possible to isolate "Guest" network from "Home" network?

Thanks,

 

Pankaj

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 4
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2021-02-13 11:16 PM
‎2021-02-13 11:16 PM

Re: Netgear AP Mode

Orbi has no VLAN capability.  In AP mode, every device that connects will send a DHCP broadcast that the Orbi will send "out the WAN port" looking for a DHCP server.  There will be nothing to distinguish which SSID the DHCP request came from.  And thus no way for the PfSense to know which IP subnet to assign.

 

The ability the Orbi has to prevent devices on the Guest SSID from reaching other devices is limited to the Orbi.  It is not based on IP subnet, as the Orbi has only a single DHCP pool of IP addresses.  (On the newer AX products, I have a vague impression that the Guest SSID actually does have a separate IP subnet - which makes more sense.)

 

Is the concern that the Orbi Guest isolation mechanism may not function correctly?

I love my Orbi.
Message 2 of 4
0 Kudos
Reply
alokeprasad
Mentor
Mentor
‎2021-02-14 09:35 AM
‎2021-02-14 09:35 AM

Re: Netgear AP Mode

@CrimpOn wrote:

 

The ability the Orbi has to prevent devices on the Guest SSID from reaching other devices is limited to the Orbi.  It is not based on IP subnet, as the Orbi has only a single DHCP pool of IP addresses. 

So, with the Orbi in AP mode, when there are devices connected to the Orbi (its ethernet ports or WiFi) and devices connected to some other router.

The devices connected to the Orbi's guest network will "not see" other devices connected to the Orbi, but will have access to devices (PC's NAS's) connected directly to the router?

Orbi RBK50v2 ver 2.7.4.24
Love my Orbi (with this firmware version).
Message 3 of 4
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2021-02-14 12:00 PM
‎2021-02-14 12:00 PM

Re: Netgear AP Mode

@alokeprasad wrote:
So, with the Orbi in AP mode, when there are devices connected to the Orbi (its ethernet ports or WiFi) and devices connected to some other router.

The devices connected to the Orbi's guest network will "not see" other devices connected to the Orbi, but will have access to devices (PC's NAS's) connected directly to the router?

That is one concern.  I am not confident that there is any mechanism within the Orbi to limit what Guest devices can do once their packets leave the Orbi.  The other concern remains, i.e. that Orbi has no capability regarding VLAN. Every packet from the Orbi will come from the same IP subnet with no VLAN tag, and no way to distinguish one from another.

I love my Orbi.
Message 4 of 4
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 3 replies
  • ‎2021-02-13 06:34 PM
  • 578 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 6E