Guest network question

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

DHLarson

Occasional Visitor
What's different with guest networks? Using it to segregate IOT traffic and suddenly a thermostat that was working fine went south. Moved it over to the internal network and everything is hunky dory. Interface gives me little info on the thermo to figure it out. All I was trying to do we limit the device to internet access only. Are there protocol differences, DNS, etc? In the interest of working this through, is there a primer for TCP dump on the router if I wanted to really dig deep?

I hate these type of issues.

Thanks!
 

cooloutac

Very Senior Member
What's different with guest networks? Using it to segregate IOT traffic and suddenly a thermostat that was working fine went south. Moved it over to the internal network and everything is hunky dory. Interface gives me little info on the thermo to figure it out. All I was trying to do we limit the device to internet access only. Are there protocol differences, DNS, etc? In the interest of working this through, is there a primer for TCP dump on the router if I wanted to really dig deep?

I hate these type of issues.

Thanks!

how were you limiting it?
 

demetry14

New Around Here
What's different with guest networks? Using it to segregate IOT traffic and suddenly a thermostat that was working fine went south. Moved it over to the internal network and everything is hunky dory. Interface gives me little info on the thermo to figure it out. All I was trying to do we limit the device to internet access only. Are there protocol differences, DNS, etc? In the interest of working this through, is there a primer for TCP dump on the router if I wanted to really dig deep?

I hate these type of issues.

Thanks!

You could just put it in a DMZ.
 

DHLarson

Occasional Visitor
how were you limiting it?
Only specific limit was blocked access to intranet. Running Skynet but didn't find any outbound blocks on the thermostat's local IP. Does the guest network use the DoT DNS target or the router WAN DNS (they are different - router is using ISP's DNS, DoT is using Cloudflare)?
 

DHLarson

Occasional Visitor
You could just put it in a DMZ.
Shouldn't need to - it sets ups a SSL tunnel to an upstream host. No inbound packets outside the tunnel that I can see. That's what seems weird about this.
 

cooloutac

Very Senior Member
Only specific limit was blocked access to intranet. Running Skynet but didn't find any outbound blocks on the thermostat's local IP. Does the guest network use the DoT DNS target or the router WAN DNS (they are different - router is using ISP's DNS, DoT is using Cloudflare)?

I don't understand where do you have dot set up? You can try putting the thermostat ip in dhcp settings as static ip and specify the dns for it there.
 

DHLarson

Occasional Visitor
DNS over TLS is set up on WAN tab with Cloudflare DNS servers as TLS targets. ISP DNS addresses are the default DNS addresses on the same page but I assume go unused because of DoT setting. I'm unclear if the guest networks use the default DNS address or they, too, use the DoT configured addresses.
 

cooloutac

Very Senior Member
DNS over TLS is set up on WAN tab with Cloudflare DNS servers as TLS targets. ISP DNS addresses are the default DNS addresses on the same page but I assume go unused because of DoT setting. I'm unclear if the guest networks use the default DNS address or they, too, use the DoT configured addresses.

Hmm I'm not sure, hopefully someone else can chime in. Judging by this maybe they don't. (1) YazFi - YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client | SmallNetBuilder Forums (snbforums.com) You could see if that addon works for you.
 

bbunge

Very Senior Member
With my Ecobee I had to use the middle button for guest 2.4 GHZ, DNS filter set to Router and the Ecobee set to unfiltered.
There is an issue with the first guest Wifi and Diversion.
Issue has nothing to do with DoT which I run successfully.
 

cooloutac

Very Senior Member
Just picked up a refurb ax58u for very cheap. running great. but I now am running into similar problems. With latest firmware I like that it uses different subnet for better isolation of guest 1. but now I lose the ability to specify dns for it in the dhcp settings. When aimesh 2.0 is officially released for ax58u I would like to be able to have this option and use the guest 1 with a specific dns.

I'm not sure how Yazfi is going to work with aimesh, only other option is to put them all on a vpn with merlin firmware and specify a dns there. But I've found that causes problem with alexa controlling my tv (I'm lazy). Everything works but power on and select button, don't ask me why lol. I really just wanted to keep things as simple as possible now.


I think bbunge hit the nail on the head also in another thread. It makes no sense that allow intranet would work if guest 1 is on a different subnet. You have to use guest 2 or 3. Its very strange that asus has the option there, but it would make sense why it is not working with your diversion.

I also don't put anything that needs intranet access on a guest network unless using a time limit. Or only allowing intranet temporarily for some functions, then disabling it later. Otherwise it defeats the purpose of having a guest network in the first place. (and I don't mean guest 1, ironic, not a pun)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top