Ap isolation not working?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

cooloutac

Senior Member
When I set AP isolated on my AC86u, 384.19 firmware, client devices can still communicate with each other. What Am i doing wrong? Sorry in advance if I'm making a silly noob mistake.

FOr example i set AP isolation on 2.4ghz band. But I can still ping and print with all devices including lan, 5ghz and other 2.4ghz devices. I turned off VPN, rebooted router and same issue.
 

MakeItEasy

Occasional Visitor
I guess you set AP isolation in your main WIFI network. I did not try this feature but all is working fine with the Guest network which is always on. I'm using firmware 384.82072.
 

cooloutac

Senior Member
I guess you set AP isolation in your main WIFI network. I did not try this feature but all is working fine with the Guest network which is always on. I'm using firmware 384.82072.
The problem with guest network is it does not use the node. I guess that is the only choice cause the ap isolation does not work at all. I must be doing something wrong. I did see they are working for in the future to have guest network work with ai mesh. but thats probably a long ways off. The problem is I need to extend the guest network connection between the backyard shed and front door.
 
Last edited:

MakeItEasy

Occasional Visitor
Maybe a bug, who knows ?

The node ? You mean you are using more than one router in AiMesh mode ? In this case, sorry, I can't help you, I only have one router and thus I don't use AiMesh.
 

cooloutac

Senior Member
https://forums.tomshardware.com/threads/secured-guest-wifi-network.3514721/ ya this guy explains the problem may be better then I do. I guess there is no solution, just have to wait until the hopefully upgrade the firmware in future. Really don't like the snobby and the "we're smarter cause we make things more complicated" replies but I guess they are right. Like the OP in that thread I think it would be crazy for me to buy new overkill hardware for my small single family home. But like I always say security is only for rich people. LOL
 

MakeItEasy

Occasional Visitor
The guest mode was for me a "must have" when buying this router, as well as being able to define time slots.

I have an "always on" guest mode which is used by more devices than the main WiFi network.

I did not know AiMesh did not support guest network on nodes, thanks for pointing that out !

Hope that this feature will be added later on by ASUS as I had the plan to add a second router too and use AiMesh in the near future.
 

OzarkEdge

Part of the Furniture
I did not know AiMesh did not support guest network on nodes, thanks for pointing that out !
AiMesh 2.0 (386 firmware) is arriving now with guest WLANs index 1 supported across all nodes. Here's the current release 3.0.0.4.386.40451 for your AC86U:


OE
 

cooloutac

Senior Member
AiMesh 2.0 (386 firmware) is arriving now with guest WLANs index 1 supported across all nodes. Here's the current release 3.0.0.4.386.40451 for your AC86U:


OE
Ya I saw that posted by merlin. Look forward to it. Might wait till Merlin can incorporate it though so I can use it with policy rules for the vpn. I figured it might be a while though and was looking for another option in the meantime. Thanks for your post. It will be huge for Asus.

EDIT: Just realized you were saying it was released yesterday!!! NICE! really like how you can view clients on guest netowork now in network map. that was my other concern. awesome.
 
Last edited:

OzarkEdge

Part of the Furniture
EDIT: Just realized you were saying it was released yesterday!!! NICE! really like how you can view clients on guest netowork now in network map. that was my other concern. awesome.
Client listing is for all guest WLANs index 1,2,3; but sync to all nodes is only for guest WLANs index 1... still better than a poke in the eye with a sharp stick.

OE
 

cooloutac

Senior Member
Just realized it won't work for me because the ac66u_b1 and ac68u have not been updated with 386 firmware :(
 

OzarkEdge

Part of the Furniture
Just realized it won't work for me because the ac66u_b1 and ac68u have not been updated with 386 firmware :(
You could try the latest AC68U beta for both models:


I'm running the AC86U flavor.

OE
 

cooloutac

Senior Member
doesn't work. guest network 1 still not using node with ac86u main router and ac66u-b1 as node. using latest official firmware and the beta on the node. or the beta on both.

EDIT: Factory reset recreated guest network and made sure use all nodes option was set. Now it works!
 
Last edited:

cooloutac

Senior Member
I went back to Merlin. the aimesh worked wih guest mode on new firmware, but it did not seem to work correctly. for example one of the main reasons i am using aimesh is for better connection for my front doorbell and shed cam. the ac86u connects great at back of house to the shed, and i have the ac66u-b1 at front of house for the doorbell. on firmware 384 and 385 front doorbell always connected to the ac66u-b1 node and never tried to connect to main router at back of house. but with the new firmware the the front doorbell was always connected to the main router in back, passing up the node right in front of it, with a poor connection of almost 80rssi, instead of connecting to the node with 50rssi.

Another issue i had with the new firmware is my vpn was just not working correctly for some reason. it would connect, but alot of my devices and some websites and apps were getting blocked. at first i thought maybe since it was friday they just got blacklisted today. but even switching servers didn't help so i figured it has to be leaking data or something. After going back to merlin my vpn is working as it should. no issues connecting the devices to the web or connecting to any websites using the same vpn server, plus that added policy rules feature is golden. Merlin firmware is a must have for anyone with a vpn because i'm starting to wonder if the stock vpn option even works properly. I also kept having problems of no internet, even with vpn off after toggling vpn on and off I would have to keep toggling between dns servers in wan settings to get internet back which i found strange.

gonna stick with merlin until he updates and see if its any better at that point, thought i'm no longer looking forward to it. no point in going to stock for the guest nework on ai mesh, when its not even connecting the one thing i want to the node. i'd rather have the vpn since i treat my home like a public network anyways lol.
 
Last edited:

OzarkEdge

Part of the Furniture
I went back to Merlin. the aimesh worked wih guest mode on new firmware, but it did not seem to work correctly. for example one of the main reasons i am using aimesh is for better connection for my front doorbell and shed cam. the ac86u connects great at back of house to the shed, and i have the ac66u-b1 at front of house for the doorbell. on firmware 384 and 385 front doorbell always connected to the ac66u-b1 node and never tried to connect to main router at back of house. but with the new firmware the the front doorbell was always connected to the main router in back, passing up the node right in front of it, with a poor connection of almost 80rssi, instead of connecting to the node with 50rssi.
After installing RC2-7 beta on my 2xRT-AC86U AiMesh, my 2.4 mobile had connection trouble beyond the node (driveway) that kept stopping TuneIn streaming. Never had this before with SC and same SSIDs or with no SC and different SSIDs. I was also getting the impression that my WiFi signals/connections were a bit stronger (the new SDK?). So, I raised the Roaming Assistant 2.4 RSSI from default -70 to -62, and the trouble stopped. The 2.4 default RSSI used to be -55... maybe they need to change it back that direction.

I'll bet your router has stronger WiFi than your node, and your IoT is on the 2.4 band and needed more 'Roaming Assistance'.

OE
 
Last edited:

cooloutac

Senior Member
Well it worked better when I used the official 386 release on main router with beta on node only. front doorbell connected to the node immediately. Could be unrelated but my 384 and 385 firmware's also had -70 rssi disconnect set. also turns out the VPN and DNS issues I was having was prolly not due to firmware. All day I was messing with the router switching firmware and flashing and it kept on getting worse even on Merlin firmware I not only was getting VPN and dns issues i was also getting dhcp issues. the router cpu was going fkn crazy. On all firmware. Both cores spiking to 100%. Then the VPN just stopped connecting alltogether. The syslog said CA must be specified which I never had to do before. And even copy and pasting the CA in he router was not saving it. Hard reset, reflash ing but nothing was working. Then I couldn't even get internet with it off! My wan ip kept changing!! Then I did another hard reset and it took a real long time for wireless lights to come on. I came on here to ask for help and the forums were down! I thought wow my isp and the govt really don't want me using a VPN!! Haha I hooked up the old ac66ub1 I had as node as main router and it worked fine on first setup even with VPN. So I boxed up the AC86u for return to store.


But I didn't want to give up lol. So I saw suggestion on mullvad site to format the jfss partition. And that worked! Router started working normally again. I'm back on Merlin again and VPN is not being blocked in any devices. Lol. 12 hours later. I disconnected the node and will keep it for backup or maybe hook it up again when Merlin release 386 but Im in no rush I should of never touched the the main router. Wow.
 
Last edited:

OzarkEdge

Part of the Furniture

cooloutac

Senior Member
I wonder if that is something the typical Asus router owner should know how to do?

OE
apparently. especially if you own the ac86u. I don't run scripts and I never had to do that on the ac66u_b1 which I've owned over 2 years where I occasionally ran vpn, always ran ai protection and qos. switched between merlin and stock and never had a single issue except for when it went down on 9/11 this year after a supposed power outage at verizon which prompted me to change the ssid password which caused issues connecting devices. but a hard reset fixed it. Partly why I decided to upgrade in case it was compromised, since i'm adding more iot devices and want better range. but I realize now the newer models don't do any better with more devices and they are prolly even more vulnerable lol . I basically paid 180 dollars for slightly better range and more vpn bandwidth. And yes I always keep my router in a UPS. Maybe to you this behavior on the ac86u is normal, but I find it horrifying and suspicious. I mean I can't even run qos or ai protect without issues. Did you read everything I said? Its twilight zone status. I keep forcing myself to use this forrest fire but I hope I don't end up regretting it in the long run.

Why did the website go down? Planned maintenance?
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top