- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Enabling Guest Network
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Enabling Guest Network
Has anyone tried the guest network yet? Couple of things I see.
1) When activating, I assume the router/satillite do some sort of reset, as my devices got disconnected during the process.
2) There is no seperate Access Control. There is no way to segregate the allow / block access per network. I tried blocking my phone from my network, thinking it could log into the guest network, Nope. What ever you have setup for access controls also appears to apply to Guest Network. I did not play around with new devices can or cannot be added, as I don't have any other devices to play with.
3) There is no way to determine that I can see, if a device is on the main network or the guest network.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
@dsc_dewain wrote:Has anyone tried the guest network yet? Couple of things I see.
1) When activating, I assume the router/satillite do some sort of reset, as my devices got disconnected during the process.
thats normal
@dsc_dewain wrote:2) There is no seperate Access Control. There is no way to segregate the allow / block access per network. I tried blocking my phone from my network, thinking it could log into the guest network, Nope. What ever you have setup for access controls also appears to apply to Guest Network. I did not play around with new devices can or cannot be added, as I don't have any other devices to play with.
i think this is also normal as access control is done at mac / ip level not by wifi connection
@dsc_dewain wrote:3) There is no way to determine that I can see, if a device is on the main network or the guest network.
you cant normally distinguish this on other routers anyway
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
It seems to me that Guest network only blocks DNS lookups from attached devices to find other local devices. But if you poke around by IP address, you have full access to all local devices and services. Is this true? Please tell me this isn't true...if it is true Netgear is fooling people into thinking they are secure. And it makes me wonder what "security" is actually applied to internet traffic.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
I have used the guest access though the the Christmas holiday with friends over and none of the deivces could see or use my media server, printers,etc. So yes guest means guest.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
Hey Ron,
That is likely, because by default windows (and Macs?) will try to find devices by DNS lookups. What I am pointing out is that if you access devices by number instead, then there is no isolation. For instance, as I write, I am on a guest network. I can see in Device Manager that I ought to know about several NAS's on my network, but they are grayed out since Windows. wants to talk with them by name, not address. If I try to access them I get denied. BUT, and it is a big one, if I go to explorer and mount the NAS by address (e.g. \\192.168.1.47\share instead of \\myserver\share) they pop right up as usual. Also, my printer is still accessible since I assigned it by IP address and not by WSD port.
Hence my concern: people who aren't aware believe they are secure. People who want to pwn them can do it easily with a port scanner and no tools (given that most people leave guest unsecured and have low to no security on their NASs for internal use).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
wodehouse,
I am afaid you are incorrect. I have tested the guest network with various devices, phones (Android, iPhone, Windows Phone) , tablets (iPad Air, Android) , and computers (SurfacePro, Lenovo, Macbook, etc.). When they were attached they had no connectivity whatever to any of the devices that on on my wired or wireless network. The only addresses the router would accept would be public IP addresses and the were routed out the WAN port of the router. Any private address was dropped by the router.
It has nothing to do with the DNS it's all about how wireless creates a new "wl interface" and then uses the router and firewall rules to prevent traffic from going from this wireless network interface other other interfaces. If you dump IP tables and network adapter configurations you will see them change when the options for guest is turned off and on.
Netgear is not fooling anyone, If you think there is a bug or something in your configuration that may allow this to happen I would suggest you open a ticket with Netgear.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
I also confirmed that if I connect to my Guest network, it works correctly and I do not have access to IP addresses on my main network. I could not ping nor access a Windows network share via the main network, but I could once I went back to my main wireless network. Let's not scare everyone with incorrect claims before exhaustive testing & diagnosis.
wodehouse, is it possible that you have "Allow guests to see each other and access my local network" checked for your Guest network? That could be one reason to explain your access to IP addresses on your main network.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
I too have seen the ability to reach, well, everything on the LAN from the guest network, but I'm in AP mode. I don't have the ability to run Orbi as a dedicated router, so I can't speak for the isolation available in the default configuration.
Rodney
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
Good point -- wodehouse, are you running your Orbi in AP mode? I'm not so that may explain the isolation behavior differences.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
Hi guys,
Glad I am ont the only one seeing this. But, nope, I am not in AP mode. I do have a separate AP in the house on the internal network, but I have unplugged it during testing to remove it from the equation. Also I am running a WNDR4500v2 (not Orbi) with latest firmware (V1.0.0.60_1.0.38).
cheers
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
wodehouse,
I am curious how is your network connected? You say you also have other router on your network also? Based on all the responses here you are the only one seeing this in router mode. In AP mode the guest network has no isolation at all so I am wondering where you leakage is coming from. Also have you tried to open a ticket to tech support, they are very responsive?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
I have the WNDR4500v2 in the basement as my router to the world, and main switch on my network (wired and wireless). Upstairs I also have a Nertgear WAC120 access point. As noted, I powered that off during tests to isolate the symptoms.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
If you have Orbi in router mode connected to another router, you're double-NATting and guest will never work as intended. Orbi has to be the *only* router for isolation to work.
Rodney
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
With a router connected to another router your orbi netowrk is isloated in guest but the Wan port to the other roter would be a "external" network and thus all devices would be seen. Let say that you used 192.168.1.1 as your network for the WNDR4500 and 192.168.2.1 as your IP address for the Orbi. With the devices:
-----------------
| Internet |
| 172.x.x.x |
-----------------
|
|
------W----------
| wndr |
| 192.168.1.1 |
-----L-----------
|
|
|
-----W------------
| orbi |
| 192.168.2.1 |
-----------------
So guest isloation on the orbi will forward all packets to 192.168.1.1 and any devices you have on that network would be visable. If the packets are destined to the internet then the wndr will be reforward out though your internet modem.
For this to work the Orbi needs to either replace the wndr. You don't want double NAT going on due to issues with port forwarding for services such as gaming, VoIP etc.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
Hi Ron,
Yes, that would certainly muck things up. However, my topo is this:
-----------------
| Internet |
| 172.x.x.x |
-----------------
|
|
--------W----------
| wndr |
| 192.168.2.2 |
---------L-----------
As noted, I have an access point across the house to amplify the signal, but during testing I unplugged it to verify problem still exists.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
So where in the diagram is the Orbi router connected?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
There isn't one. I joined this thread because it popped up on a search for guest network problems. Didn't notice the Orbi part at the time, but since this is a responsive group and the firmware likely isn't greatly different between netgear devices I didn't restart elsewhere. Been trying to be clear about the equipment I have (the router and WAP).
cheers
Roger
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Enabling Guest Network
wodehouse,
I would suggest you post in the proper forum:
https://community.netgear.com/t5/WiFi-Routers/ct-p/home-wifi-routers
This forum and assocated threads are for Orbi. Sorry....
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more