NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

sdct989's avatar
sdct989
Tutor
Jun 23, 2017

VLAN Tagging for Guest Network

I've seen a couple of posts about this in the past on this forum, but all of them appear to be kinda old, and before you could uncheck the "Allow Guests to see each other and access my local network"...
advanced
Features
guest
network
vlan
peteytesting's avatar
peteytesting
Hero
Jun 23, 2017
sdct989 wrote:

 

I have my own router/DHCP/firewall/gateway that I want to keep using, so I have put my Orbi network into AP only mode. However, I would still like to have a guest network that I'm able to separate at my router. I would like to do this via VLAN tagging. So my questions are:

 

Is this something that Orbi is capable of now?

If not, is this something that will be available in the future? And if so, is there a way to be notified when it is available?

What actually happens when you uncheck "Allow Guests to see each other and access my local network" while in AP only mode? Does the Orbi just start NAT'ing and serving it's own DHCP at that point?

 

Lastly, assuming that it's not already a thing, I would like to chime in with others here and say that I would REALLY like to see VLAN tagging as an option in the advanced interface.

 

hi , once in AP mode the theory is that all it is a pure wireless access point and your upstream router is doing the actual routing and vlan functionality

 

vlan is usually an advanced feature of the router not the ap

 

will have a look at this during this weekend and try and get back to you but i think the "Allow guests to see each other and access my local network" only works in router mode

sdct989's avatar
sdct989
Tutor
Jun 23, 2017

peteytesting, thanks for the reply!

 

I get what you're saying about routing functions belonging to the router, but only the wireless AP knows which network/SSID the traffic came from. So it would be the only one that could augment the traffic in any way to let the router know that this traffic came from this SSID and that traffic came from that SSID. This is typically done in the form of VLAN tagging.

 

The way that I figured it would work, is that the AP would tag the VLAN that the traffic came from before it passes it off to the router. Forcing the VLAN tags at the AP level also has the added benefit that the client, assuming it's capable of tagging, can't just make up it's own and decide which network it wants to be a part of. It's with these VLAN tags that I can have my router do more advanced routing such as allowing certain requests through the firewall, assigning different dhcp realms, etc.

 

If you can suggest a different way other than VLAN tags though from my upstream router to understand which SSID a set of traffic came in on though, I could probably also work with that as well!