Menu
What's new
By:
Filters
Better Search

Guest network problem

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

bigtreiber

New Around Here
Hi there,

I'm using two ASUS Routers (N66U and AC87U, both running Merlinwrt 380.61) as access points in my Homenetwork.

Internet Access and DHCP is managed via a Fritzbox and the two ASUS Routers are connected via LAN to the Fritzbox.

Everything works fine and as expected apart from "guest network".

When I enable guest network on one of the ASUS Routers there is a separate WiFi with a different SSID and WPA2 Key, but the network is not seperated. Devices connected to the ASUS Router still have COMPLETE access to my home network.

I just tried it with https://gist.github.com/the-darkvoid/c6a1c112603cc33e68a7 and inserted the code from the script to "services-start" in /jffs/scripts, but that didn't change anything :-(

What am I doing wrong? Any suggestions?

Regards,
bigtreiber
 
AP mode is unable to isolate guest clients, because the network routing is handled by the Fritzbox, not by the Asus device.
 
Issue accures for Me on the 5ghz wifi ,even though i just use the ac87u as a router and not in ap mode.
The 2.4 isolates correctly but not on 5ghz. Even exchanged the router but same issue, contacted asus about it but they havent got back to me about the issue.

Skickat från min LG-H815 via Tapatalk
 
RMerlin said:
AP mode is unable to isolate guest clients, because the network routing is handled by the Fritzbox, not by the Asus device.
Click to expand...

Thanks for the info. Any suggestions how to set things up to reach the goal? Do I have to use "router" mode on the Asus Devices?
 
bigtreiber said:
Thanks for the info. Any suggestions how to set things up to reach the goal? Do I have to use "router" mode on the Asus Devices?
Click to expand...

Yes, however this will create different problems, where you will be double NATed.
 
bigtreiber said:
Devices connected to the ASUS Router still have COMPLETE access to my home network.
Click to expand...
For your Guest Network, is "Access Intranet" = OFF? Have you played around with the Ebtables BROUTING chain?
Code: 
# EXAMPLE:  block computers attached to a Guest Network (wl0.1) from seeing computers on your other local networks
/usr/sbin/ebtables -t broute -I BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.2.0/24 --ip-proto tcp -j DROP
/usr/sbin/ebtables -t broute -I BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.3.0/24 --ip-proto tcp -j DROP
/usr/sbin/ebtables -t broute -I BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.4.0/24 --ip-proto tcp -j DROP
/usr/sbin/ebtables -t broute -I BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.5.0/24 --ip-proto tcp -j DROP

# Legend
# wl0.1 is the 2.4GHz guest #1 Wi-Fi interface
# wl1.1 is the 5GHz guest #1 Wi-Fi interface
# wl0.2 is the 2.4GHz guest #2 Wi-Fi interface
# wl1.2 is the 5GHz guest #2 Wi-Fi interface
# wl0.3 is the 2.4GHz guest #3 Wi-Fi interface
# wl1.3 is the 5GHz guest #3 Wi-Fi interface
 

Attachments

  • guest.JPG
    guest.JPG
    128.3 KB · Views: 548
bigtreiber said:
I don't have that setting. I think because I'm running the Router in "Access Point" Mode ...
Click to expand...
This example may or may not work with Access Point mode. I only use Wireless Router mode.
Code: 
#!/bin/sh
# EXAMPLE:  Block all Guest Network devices from accessing various local networks
for interface in wl0.1 wl1.1 wl0.2 wl1.2 wl0.3 wl1.3; do
  for network in 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24; do
    /usr/sbin/ebtables -t broute -I BROUTING -p IPv4 -i $interface --ip-dst $network --ip-proto tcp -j DROP
  done
  /usr/sbin/ebtables -t filter -I FORWARD -i $interface -j DROP
  /usr/sbin/ebtables -t filter -I FORWARD -o $interface -j DROP
done
 
bigtreiber said:
Where can I find that setting?
Click to expand...

On my TM AC1900 which I am running as an AP using the stock ASUS firmware the guest network is by default restricted from accessing the LAN. (see verbiage below)

I have tested it and it seems to work as it should. I use one SSID for guests and to protect my network as much is possible these days I run my connected home automation devices on another guest SSID.

Guest Network
line_export.png

network_config.png

The Guest Network provides Internet connection for guests but restricts access to your local network.
 
You must log in or register to reply here.

Similar threads

S
Network printer no longer available after activating Guest networks
Replies
18
Views
542
Tech9
Tech9
F
AI mesh guest network 1 issues
Replies
3
Views
493
Fuechslein
F
R
Guest network MAC address white listing limit
Replies
5
Views
299
Ryo
R
H
Question about (normal) guest network with ASUS ROG Rapture GT-AX6000
Replies
9
Views
413
HHawk
H
N
guest network questions
Replies
9
Views
638
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
SevenFactors Clients Unable to Connect to Guest Network After Firmware Upgrade Asuswrt-Merlin 2
H changed AC68U to AX86U Pro, same guest network setting but all devices gone? Asuswrt-Merlin 11
D Creating an ethernet guest network Asuswrt-Merlin 5
S Network printer no longer available after activating Guest networks Asuswrt-Merlin 18
R Wireless MAC (Band filter filtering out Guest network) Asuswrt-Merlin 2
R Guest network MAC address white listing limit Asuswrt-Merlin 5
B Single guest network where devices can interact Asuswrt-Merlin 6
J Change the name of the guest network in network map? Asuswrt-Merlin 1
D Guest network with intranet access v. using the main network Asuswrt-Merlin 4
J Pihole/Yazfi with guest network Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 574 (members: 25, guests: 549)
Top