WAX220 Guest Network/isolation not working properly
Hello Comunity,
I just got a WAX220, updated to FW 1.0.3.0 right after basic setup. But further down the specific setup, I got in to issues. The wifi devices connected to a guest network, can't access the LAN ethernet.
Client isolation works. When disabled, clients can reach each other. When enabled, they don't.
The client isolation exceptions work, too. LAN ethernet connection never works, despite any isolation setting.
I can't even ping the APs own guest network IP (Isolation settings, DHCP/manual IP, etc. doens't matter), nor the main.
But if I do a traceroute to any IP outside it's own subnet, I get the AP with its given name and IP as the first hop. Nothing answers from behind though. Not even its own main IP.
Any Idea? This isn't intended, is it?
How is it supposed to work anyway? Is it meant as a gateway? Does the LAN Ethernet need a different subnet or the same, given by the guest networks dhcp?
Well, it does what is expected (one exception already discussed ref. L2 Isolation which appears to be disabled by default and does not offer a user control to enable it for now). Probably it does not what you might want...
I can't even ping the APs own guest network IP (Isolation settings, DHCP/manual IP, etc. doesn't matter), ...
The idea of the essential guest network is to provide simple Internet access for your guests, using mobile devices, phones, tablets, ... so this is what it does.
But if I do a traceroute to any IP outside it's own subnet, I get the AP with its given name and IP as the first hop. Nothing answers from behind though. Not even its own main IP.
1 <1 ms <1 ms <1 ms WAX220-1.lan [192.168.200.1] 2 1 ms 2 ms 3 ms [[my.usual.LAN.gw ]] ...nothing else from the WAX220... 3 3 ms 2 ms 2 ms [[my.internet.WAN.gw]] ...nothing else from the WAX220... ...
7 11 ms 3 ms 4 ms 72.14.223.0 8 8 ms 4 ms 4 ms 172.253.50.233 9 4 ms 4 ms 4 ms 172.253.50.5 10 3 ms 3 ms 3 ms dns.google [8.8.8.8] ...goes through...
How is it supposed to work anyway? Is it meant as a gateway? Does the LAN Ethernet need a different subnet or the same, given by the guest networks dhcp?
The guest network does make up an isolated, dedicated private IP subnet.
Start from this p.40
Set up or change a guest WiFi network The AP supports a total of four user WiFi networks. Each user WiFi network can function either as regular user WiFi network or a guest user WiFi network. The essential difference between a regular WiFi network and a guest network is the pool of IP addresses that the network assigns to its WiFi clients. By default, and irrespective of which user WiFi network functions as a guest network, guest WiFi devices are assigned an IP address in the range from 192.168.200.100 to 192.168.200.200. You can change these automatically assigned IP addresses by changing the DHCP server settings for the guest networks. For more information, see Change the DHCP server settings for guest WiFi networks on page 62.
...resp. p.62
Change the DHCP server settings for guest WiFi networks A WiFi client that connects to a guest network (see Set up or change a guest WiFi network on page 40) is assigned an IP address in a different address range than a regular WiFi client. By default, the address range for guest WiFi clients is derived from the address range of the DHCP server (or router) in your network. For example, if the DHCP address range in your network is 192.168.100.2 to 192.168.100.254, the default address range for a guest WiFi network is 192.168.200.100 to 192.168.200.199. You can change this address range, which then applies to all WiFi guest networks on the AP. You can change the DHCP server settings for a guest network only if you enable at least one guest network on a user WiFi network (see Set up or change a guest WiFi network on page 40).
