1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Guest mode not allowing Intranet

Discussion in 'Asuswrt-Merlin' started by EventPhotoMan, Jul 20, 2018.

  1. EventPhotoMan

    EventPhotoMan Regular Contributor

    Joined:
    Mar 29, 2018
    Messages:
    135
    what is the chances of having a check box to the firmware to allow my guest clients access to the intranet?

    In my case, I place smart devices on separate SSIDs for isolation purposes. Easy trouble shooting is always helpful.
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,039
    Location:
    UK
    Somewhere between no hope and Bob Hope. :D
     
    sfx2000 likes this.
  4. EventPhotoMan

    EventPhotoMan Regular Contributor

    Joined:
    Mar 29, 2018
    Messages:
    135
    Why do you say that?

    Steve Jobs Didn’t take no for an answer...
     
  5. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,409
    Location:
    United States
    @EventPhotoMan
    Maybe via command line (adjust wl0.1 for the appropriate guest instance)

    nvram set wl0.1_lanaccess=on
    nvram commit
    service restart_wireless
     
  6. EventPhotoMan

    EventPhotoMan Regular Contributor

    Joined:
    Mar 29, 2018
    Messages:
    135
    3F142351-26D3-4B15-8B56-2586909E2D73.png 8820CAFC-086C-4381-89E4-92B109AEDAD6.png Funny on my gateway/router there is an option to limit intranet for guest accounts.

    But for all my access point their is no option
     
  7. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,409
    Location:
    United States
    Ahh....you didn't say Access Point......no hope.
     
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,039
    Location:
    UK
    And there was me thinking he was talking about buttons for each individual client rather than the entire SSID (which is already there in router mode).
     
  9. EventPhotoMan

    EventPhotoMan Regular Contributor

    Joined:
    Mar 29, 2018
    Messages:
    135
    Can someone explain the difference why the router has this option and why the access point does not?
     
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,039
    Location:
    UK
    Because the ability to allow/disallow guest clients access to the intranet is done with the rules that route traffic between the physical interfaces on the router. An access point doesn't do any routing.
     
  11. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    12,868
    Location:
    San Diego, CA
    Or Johnny Cash and No Cash... Steve Jobs and No Jobs

    We all hope Kevin Bacon has a long time left...

    ecf2eb42f810610bfff16942eed066f8.jpg
     
  12. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    12,868
    Location:
    San Diego, CA
    It's a routing function within AsusWRT, in AP mode, it's disabled, along with a lot of other things.
     
  13. EventPhotoMan

    EventPhotoMan Regular Contributor

    Joined:
    Mar 29, 2018
    Messages:
    135
    I actually called asus And started a trouble ticket with their research and development team, I explained my situation, and what I was trying to do with guest clients. They are going to look into seeing if an option can be made to allow for intranet
     
  14. EventPhotoMan

    EventPhotoMan Regular Contributor

    Joined:
    Mar 29, 2018
    Messages:
    135
    What are the other things that are disabled when using at guest account?
     
  15. EventPhotoMan

    EventPhotoMan Regular Contributor

    Joined:
    Mar 29, 2018
    Messages:
    135
    That being said, any account, sorry, any clients connected to a guest account through an access point, would have full Access to the intranet, how long does the router know the difference between a client connected to the main SS ID as compared to a guest account?
     
  16. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,039
    Location:
    UK
    Well that won't get very far. :rolleyes: It's technically not possible in AP mode. It's networking 101.
     
  17. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,039
    Location:
    UK
    It's nothing to do with using a guest account. It's about whether the Asus is configured as a router or an access point.
     
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,039
    Location:
    UK
    By "guest account" you really mean connected to one of the wireless guest networks.

    Are you taking about a guest SSID on the router or a guest SSID on the access point (which is in turn connected to a router)?
     
  19. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    12,868
    Location:
    San Diego, CA
    It's possible, but it would complicate things - at present, I think the Asus folks are more focused on the AIMesh stuff, so the ticket might be put at a pretty low priority unless there's benefit to the AIMesh work, IMHO...
     
  20. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,039
    Location:
    UK
    Well I suppose anything's possible if they're willing to redesign the entire router - but within the current design it's not possible. I doubt they're suddenly going to implement VLAN support after all these years.
     
  21. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    12,868
    Location:
    San Diego, CA
    That and introducing a level of complexity that can get many into trouble without even trying...

    The guys over in Cupertino - the Guest Network is a VLAN on Wireless, and as such, it can be "extended" to other AP's, either wired backhaul, or via Wireless - but even there - they make a clear decision...

    Guest Network is untrusted - even with Authenticating the WiFi, the Wireless clients can only access the internet, and cannot interact with the "private" LAN resources - and they do AP isolation, so clients cannot see each other - so they take a broad concept and then narrowly limit the scope of what the Guest Wireless clients can do.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!