GT-AC2900 - Subnetting to segregate Blink cameras?

[gt2900user]

I have a GT-AC900 running on vanilla firmware 3.0.0.4.386_45956-g23134c9

Is it possible to segregate clients from the rest of the network, but still have them able to communicate with each other?

I have a Blink camera and the Blink Sync Module, and they need to communicate with each other via the network in order to save video clips locally. I currently have them on Guest Network 2 (2.4GHz), and they are unable to communicate with each other. Is there a way to set things up so that I can keep them segregated from the rest of the network (I trust Amazon about as far as I can throw them), but still able to communicate within their own subnet?

If at all possible I would prefer not to switch firmware, but if that is the only viable option aside from allowing the devices onto my main network, I will consider it.

 

[ColinTaylor]

If the GT-AC2900 behaves like Merlin-supported routers this might work.

nvram set wl0.2_ap_isolate=0
nvram commit
reboot

If you subsequently make any changes to the guest Wi-Fi settings in the GUI this change will be wiped out.

 

[gt2900user]

If the GT-AC2900 behaves like Merlin-supported routers this might work.

nvram set wl0.2_ap_isolate=0
nvram commit
reboot

If you subsequently make any changes to the guest Wi-Fi settings in the GUI this change will be wiped out.

Thank you, I will give this a try. Can you tell me where to access the CLI? I'm looking through the advanced settings menus and haven't found it yet, and I've tried SSHing to my router's IP in case that's how and get connection refused.

(Also do you happen to know the commands to display the current value of this var?)

 

[eibgrad]

If the GT-AC2900 behaves like Merlin-supported routers this might work.

nvram set wl0.2_ap_isolate=0
nvram commit
reboot

If you subsequently make any changes to the guest Wi-Fi settings in the GUI this change will be wiped out.

It would be my assumption that AP isolation is already disabled for the sake of wireless clients on the private network, and that the problem is the OP's only alternative is to enable intranet access to allow communications between guests. Seems to me the solution is Merlin + YazFi. But NOT because YazFi offers control of AP isolation at the guest level, but because it offers IP level isolation control between the guest and private networks.

Devices in guest network...

Trying the command line option had interesting results... Shutdown both the iPhone and Roku stick, ran the commands in SSH and rebooted the router and reconfigured the 5Ghz guest network #2, with "Access Intranet" disabled. Powered on both the iPhone and Roku stick and connected them to guest...

www.snbforums.com

 

[gt2900user]

admin@GT-AC2900-35C8:/tmp/home/root# nvram show | grep ap_isolate
wl0.1_ap_isolate=0
wl0.2_ap_isolate=1
wl0.3_ap_isolate=0
wl0_ap_isolate=0
wl1.1_ap_isolate=0
wl1.2_ap_isolate=0
wl1.3_ap_isolate=0
wl1_ap_isolate=0
wl_ap_isolate=0

Curiously, these were the variables set for my guest networks (before I tried making any changes). Only Guest networks 1 and 2 under 2.4 have been set up, so the other 0s make sense, but it appears that Guest Network 1 defaults to ap_isolate=0 and Guest Network 2 defaults to ap_isolate=1

This tracks with an old thread I'd seen about ap_isolate behaving differently between Guest 1 vs Guest 2,3 on old builds of Merlin: https://www.snbforums.com/threads/g...-chromecast-and-a-potential-workaround.68307/

I'll give setting ap_isolate=0 on Guest 2 a try for now; if that works, what I might ultimately do is swap the SSIDs of Guest 1 and Guest 2; leaving the Blink system on Guest 1 which defaults to ap_isolate=0, and the other IoT devices on Guest 2 because they don't need to talk to each other. That way if I reset things and forget about these settings everything will continue to work.

 

[gt2900user]

@ColinTaylor @eibgrad

Just commenting back to confirm that after setting ap_isolate=0 on Guest 2 I am able to log in to Guest 2 and successfully ping other devices on Guest 2. Thank you both for your help!

Edit: and it remains isolated from the rest of the network; I cannot ping devices on Guest 2 from LAN or the other wireless networks.