Guest Network Question

[TheLyppardMan]

I'm just curious and I suspect the answer is no, but is it possible to restrict visitors to only using a Guest network even if they happen to know the main network password? If not, I suppose a workaround could be to give the main network an obscure SSID, have all the family devices connect to the new SSID and then hide it.

 

[lorkadiscovery]

Could you maybe setup a guest network with the same SSID as the main network but then use the Wireless MAC Filter on the WiFi tab to set all the allowed devices to the main network?

Not sure if it would work but that may force all rejected MACs to connect to the guest SSID?

 

[eibgrad]

Do these ppl have authorization to use the private network, or have they somehow gained access to it when that wasn't your intent (e.g., the kids mentioned it)? Because if it's the latter, your problem doesn't warrant a technical solution; you need to do a better job of keeping it a secret (or change it often in case it does "leak" for whatever reason). If they *do* have authorization to access the private network, then what would be the means to differentiate when they *intended* to use the private network vs. they only needed access to the guest network? How could you ever automate such decision making?

 

[OzarkEdge]

I'm just curious and I suspect the answer is no, but is it possible to restrict visitors to only using a Guest network even if they happen to know the main network password? If not, I suppose a workaround could be to give the main network an obscure SSID, have all the family devices connect to the new SSID and then hide it.

Hiding SSIDs doesn't really hide them and may slow client connections.

If your WLAN credentials have been compromised, change them.

OE

 

[TheLyppardMan]

Do these ppl have authorization to use the private network, or have they somehow gained access to it when that wasn't your intent (e.g., the kids mentioned it)? Because if it's the latter, your problem doesn't warrant a technical solution; you need to do a better job of keeping it a secret (or change it often in case it does "leak" for whatever reason). If they *do* have authorization to access the private network, then what would be the means to differentiate when they *intended* to use the private network vs. they only needed access to the guest network? How could you ever automate such decision making?

It hasn't actually happened, so it's only theoretical, but I guess the first scenario is the most likely one. Unless the MAC filter only covered the main network (which I assume it doesn't) then there wouldn't be a technical solution would there? Interestingly, from what I remember, Synology routers do have quite a good way to deal with this using their Safe Access app - anything that isn't specifically allocated to a user-defined group is automatically connected to a default group, which can also be user-defined (Internet access can certainly be blocked on the default group, but I can't remember if internal network access can also be blocked).