NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Separate Subnets for Wifi
Is there a way to subnet the main WiFi network from the guest WiFi network? I would like to do this since I can then shape the traffic in/out to the guest WiFi, to provide general access for web brow...
Thanks for the explanation. Sounds like the Orbi is a router "behind a router", which is generally not recommended. (Obviously, it "works" because that's the default Orbi configuration and most customers would not think to change it. I didn't for over a year, until it "didn't work" anymore when I wanted to set up VPN.)
You could accomplish this with the residential Orbi, but it would be a chore I would find unpleasant.
- Change the subnet mask to 255.255.254.0
- Assign IP's to every device in 192.168.1.x
- Set the DHCP pool to 192.168.2.x
Now any "new device" that connects is in a different subnet than all of the pre-defined devices. In a way this is simply a variation on Access Control. No new device gets full service until you assign it an IP in the "good" subnet. But, what a tedious process!
I also forsee some awkward conversations. Wife has friend over. They talk about something interesting. Friend says, "I'll show you." Whips out tablet, connects to Guest WiFi. And, the video doesn't play.
So my RBR50 is in AP mode and just servicing WiFi only. As to the awkward conversations....too freaking bad. I am a technology/security specialist and the security of my home network is paramount over anything else. In fact I have a dual firewall setup, with the first firewall as my active FW(OPNsense on a DIY device). Behind it is my DMZ and then a second firewall that sits in transparent mode. The OPNsense firewall runs Suricata IDS/IPS. I run all logs and data to my Elasticsearch stack, that lets me visualize the data, so I can understand who is attacking me.
Yes its alot of work...but worth it!
Sounds like separating "permanent devices" and "transient devices" into separate subnets would work. To get on the network, a person has to enter a valid WiFi password. DHCP will give all the permanent devices an IP in one subnet and all of the unassigned devices an IP in a different subnet (no matter which WiFi group they log into, primary or guest). Maybe a sneaky person could connect to the Guest WiFi and then set up a static IP into the permanent subnet. Would not work with the new AX product (I guess).
Depending on what capabilities the router has, the different subnets could have differences in addition to QoS, such as different DNS entries (a Brutal Pi-Hole for Guests, for example).
- Exactly!!! So the question is can the Orbi use separate subnets for guest va perm? If yes how would I do it?
If the Orbi was acting as a router, then my original concept would work:
- Change the subnet mask from 255.255.255.0 to 255.2555.254.0
- Use the LAN setup table to assign IP's in one subnet to all of the permanent devices,
for example 192.168.1.x. When they boot up, they get IP's in this subnet through DHCP. - Define the DHCP range to be 192.168.2.x (whatever portion you want, such as 1-100, 50-60, whatever).
When unassigned devices connect, they will get an IP in subnet 192.168.2.x through DHCP
Since the Orbi is an Access Point (AP) and is not providing DHCP, then the router that is providing DHCP would have to do something similar. If it's a Netgear router, there is probably a similar mechanism for defining (a) device IP's and (b) the DHCP range.