Guest Network has no internet access unless I enable access to intranet

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Yop

New Around Here
Hi.

I am trying to enable guest network for my IOT devices. I do not want to give them access to my intranet.

If I enable a guest network and configure one of my devices to use that network, they can not access to internet. I only be able to make it work I give them access to intranet.

When Guest Network and disable access to intranet:
- device get an IP 192.168.101.x
- device get a DNS Server: 192.168.101.1 ( I guess it is managed by the router)
- device can resolve names-> ping google.com To 216.xxxxx (but request timeout)
- device can not open 192.168.2.1 (router IP)
- device can not ping any of the devices on my intranet.
- device from intranet can ping to IOT device on guest network.

but device can no navigate to internet.

However, if I enable access to intranet, IOT recive an 192.168.2.x ip (my main networkI) and can browse internet without problems.

My router is an ac5300. I've just factory reset it, I try to change of guest networks, play with dns settings.....

Any help please?
 

ColinTaylor

Part of the Furniture
Try using the second guest network instead of the first. This first guest network works a bit differently than the other two.
 

eibgrad

Very Senior Member
I agree w/ @ColinTaylor, try one of the other guest networks. However, it doesn't explain why the current guest network isn't working. It shouldn't make a difference which guest network you use, even if implemented differently. Not unless it's known to be broken.
 

Yop

New Around Here
Thank you both.

It seems to work using the second guest network. I never thought they were different, It's weird as least
 

davidchiou

New Around Here
Same here, across multiple versions of firmware, on XT8.
First network (2.4GHz) never had actual Internet access. This bug shouldn't even exist especially since the recent releases supposed fixed guest network problems.
 

yeah_mike

New Around Here
Encountering the same thing on my XT8 based mesh nnetwork. Guest network 1 will not work unless it is given intranet access. Solution is to use guest network 2. But I don't want to use guest network 2, because only guest network 1 is propagated across all nodes. Ridiculous!
 

jmpr

Regular Contributor
Same here, across multiple versions of firmware, on XT8.
First network (2.4GHz) never had actual Internet access. This bug shouldn't even exist especially since the recent releases supposed fixed guest network problems.
Mi guest network in XT8 is the first one in 2'4, and works ok. It's strange.
 

bbunge

Part of the Furniture
I have an AiMesh network set up specifically for the shared guest WIFI running 9.0.0.4.386.41994 Beta Version. Has been running since early Feb 2021 without a hitch. If you use a LAN subnet other than default 192.168.50.0/24 the guest 1 may not work. This is a guess on my part and not tested.
 

jmpr

Regular Contributor
I have an AiMesh network set up specifically for the shared guest WIFI running 9.0.0.4.386.41994 Beta Version. Has been running since early Feb 2021 without a hitch. If you use a LAN subnet other than default 192.168.50.0/24 the guest 1 may not work. This is a guess on my part and not tested.
Not sure what you mean. My lan doesn't start with 192, but guest wifi runs ok.
 

y-y

Occasional Visitor
I did more testing with a spare RT-AC68U, confirmed this issue is not unique to AC5300.

1st, FYI, my ISP is Verizon FIOS.

After enabling Guest-1 (2.4GHz), disable access intranet, guest client gets 192.168.101.x IP address, then the internet will get disconnected for both guest and non-guest connections.

If I enable allow access intranet on the Guest-1, guest client gets 192.168.1.x IP address, then there is no problem for both guest and non-guest connections.

Then I did something different, I connected this AC68U (WAN port) to AC5300 (LAN port), AC68U gets 192.168.111.x from AC5300 as WAN IP address. Then test again, success, no internet disconnect issue observed (disabled access intranet on Guest-1, and guest client got 192.168.101.x IP address).

So, what could be the cause? ISP's DHCP config or security feature?
 

Cmeyer3

New Around Here
Encountering the same thing on my XT8 based mesh nnetwork. Guest network 1 will not work unless it is given intranet access. Solution is to use guest network 2. But I don't want to use guest network 2, because only guest network 1 is propagated across all nodes. Ridiculous!
I have the same system. On mine, both guest network 1 and 2 do the same thing. Did yours stay working on guest network 2?
Mine will work for a short period, then all connections crash unless access to intranet is enabled.
 

y-y

Occasional Visitor
I have the same system. On mine, both guest network 1 and 2 do the same thing. Did yours stay working on guest network 2?
Mine will work for a short period, then all connections crash unless access to intranet is enabled.
my Guest-2 works fine, access intranet is disabled.
 

Newbie_21

Occasional Visitor
I would like to revive the topic.

Yes, I found the exact same thing.
My Guest-2 does not assign a new ip area but rather assigns an address from the ip area in which the intranet is located.
I don't have access to the intranet with traceroute, but I can ping all addresses.
Is there already a solution with guest-1 and its own IP range 192.168.101.xxx? Isn't there a static route to the WAN or VPN in the router missing?

regards
 

wouterv

Very Senior Member
Try using the second guest network instead of the first. This first guest network works a bit differently than the other two.
I was searching back a while ago about the difference in guest network #1 and the others.
What is the difference?
 

ColinTaylor

Part of the Furniture
I was searching back a while ago about the difference in guest network #1 and the others.
What is the difference?
Asus changed the way the first guest networks work so that they can be propagated to AiMesh nodes. This means that when Access Intranet is set to Disable they have their own separate IP subnets, 192.168.101.x and 192.168.102.x. It think (but I might be wrong) they also use vlan tagging when used in an AiMesh setup.
 
Last edited:

Newbie_21

Occasional Visitor
I think it's good that a separate ip area is used. Since the settings made with it do not enable internet access, it is certainly a mistake. What do I have to set where so that internet access is possible.
 

Newbie_21

Occasional Visitor
Now a while has passed again. Has someone got the guest network 1 to run without intranet access?
 

Newbie_21

Occasional Visitor
OK. Have you ever tried using the guest network to access the Internet with the VPN client activated and the Intranetaccess disabled setting? Works with me only if either VPN client off or intranetaccess is allowed.
Otherwise traceroute from the guest network 1 with IP 192.168.101.xxx ends at 192.168.101.1.
 

bbunge

Part of the Furniture
OK. Have you ever tried using the guest network to access the Internet with the VPN client activated and the Intranetaccess disabled setting? Works with me only if either VPN client off or intranetaccess is allowed.
Otherwise traceroute from the guest network 1 with IP 192.168.101.xxx ends at 192.168.101.1.
No. VPN Client belongs on clients not the router. My biased opinion, of course...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top