YazFi Guest Network with YazFi assigning LAN IPs, not the IPs of my guest settings.

[jorgsmash]

I'm having trouble with my guest network with YazFi on my AX88U. My LAN is 192.168.50.0/24, and the guest network is supposed to be 192.168.2.0/24

I connected my phone, laptop, and a smart garage door opener to the guest network to test it out. My phone initially gave an error that it couldn't get an IP address from the Geust SSID (DHCP), but after a few tries it connected and got an IP on the guest network, 192.168.2.x. My laptop also got a guest IP. The clients showed up under the YazFi settings as guest clients. Shortly after, I checked my phone, I'm still connected to the guest network SSID, but my IP has switched to a LAN IP of 192.168.50.x, same with my Mac, it's on the guest SSID but it's getting a LAN IP 192.168.50.x.

Clients seem to switch between the two subnets while still being connected to the guest SSID. The smart garage door opener is showing up under the "network map" which you can see is the MyQ-20A and the MyQ Garage door opener (Hub + Sensor). The garage door opener has not shown up under the YazFi settings as of yet.

The client "Android-dhcp-13" is my phone, and it shows up in both the network map and the YazFi connected clients list simultaneously. You can see the MAC address ending in A3:08 on both.

My Mac is connected to the Guest SSID and showing up in network map, and is getting a LAN IP of 192.168.50.x

 

[jorgsmash]

I think I figured out the Mac at least. I had a static IP set in DHCP so the router probably saw the MAC address and assigned it to the LAN. I removed that and I think that took care of it. However, I can't figure out the garage door opener, why it shows in the network map (it has the wifi icon that looks like it is on the guest network) and not in the YazFi connected clients list. The door sensor that you pair with the hub after you connect the hub to the wifi also shows in the network map list, but it's icon appears to be on the main wifi, without the guest icon.

 

[jorgsmash]

I can also access the router GUI login from my phone and use the asus router app while on the guest SSID

 

[bennor]

I'm having trouble with my guest network with YazFi on my AX88U. My LAN is 192.168.50.0/24, and the guest network is supposed to be 192.168.2.0/24
<snip>

When using YazFi don't use the Network Map to see what IP addresses the YazFi clients are using or have been assigned. You use either; the YazFi GUI page, or the System Log > Wireless Log, or use SSH and view the YazFi CLI interface. One does not set or reserve static IP addresses for YazFi clients using the LAN > DHCP section.

One configures static IP addresses for the YazFi clients through a separate method. See the following links for how to do so:

Setting up YazFi with PiHole and Reverse DNS records

Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more! - jackyaz/YazFi

github.com

Or see my post here:
https://www.snbforums.com/threads/y...inc-ssid-vpn-client.45924/page-32#post-473403

For Wifi clients that are switching between the main WiFi and the YazFi Guest WiFi you may need to reconfigure those clients to forget the main WiFi login or connection. For some devices like Amazon Echo's this may mean going online through the Amazon portal and removing saved WiFi logins. Also one may need to physically power cycle the WiFi client to force it to reconnect to WiFi and connect to the YazFi Guest network.

 

[jorgsmash]

For Wifi clients that are switching between the main WiFi and the YazFi Guest WiFi you may need to reconfigure those clients to forget the main WiFi login or connection. For some devices like Amazon Echo's this may mean going online through the Amazon portal and removing saved WiFi logins. Also one may need to physically power cycle the WiFi client to force it to reconnect to WiFi and connect to the YazFi Guest network.

Thanks, I'll check out your links. But my phone wasn't switching between the network SSIDs, I could literally go into the wifi settings on my phone and see that I was connected the the guest SSID but still had an IP address for a LAN client. No DHCP reservation for my phone was configured. And I could still access the router GUI login and use the Asus router app on the guest ssid.

Also, that doesn't explain the smart garage door opener. It doesn't show up under the YazFi GUI page at all. It doesn't show up in the YazFi CLI either.

The only place I see the garage door opener is on the network map. And there are two devices, one shows with the little guest wifi icon, one does not. The hub (MyQ-20A) gets set up through an app, which I joined to the guest wifi, and then you link the door sensor, which looks like it somehow just joined the LAN network.

I also just joined some Blink security cameras to the guest network (reconfigured through the app. Had to hold down the reset button on the blink station, connect to it through the app, and then sign in to the guest network.) It does not show up as connected to the guest either.

 

[bennor]

Thanks, I'll check out your links. But my phone wasn't switching between the network SSIDs, I could literally go into the wifi settings on my phone and see that I was connected the the guest SSID but still had an IP address for a LAN client. No DHCP reservation for my phone was configured. And I could still access the router GUI login and use the Asus router app on the guest ssid.

Are you using Guest Network #1 for YazFi? If so don't. Change to using Guest 2 and or 3. Guest #1 is treated differently by the Asus firmware, it is apparently used for AiMesh. Sometimes YazFi on Guest 1 works fine, sometimes not. When it doesn't move to using Guest 2 or 3.

As for the garage door opener you may need (if you haven't already) reconfigure that device and re-associate the proper Guest WiFi network to it.

 

[jorgsmash]

Are you using Guest Network #1 for YazFi? If so don't. Change to using Guest 2 and or 3. Guest #1 is treated differently by the Asus firmware, it is apparently used for AiMesh. Sometimes Guest 1 works fine, sometimes not. When it doesn't move to using Guest 2 or 3.

As for the garage door opener you may need (if you haven't already) reconfigure that device and re-associate the proper Guest WiFi network to it.

I believe it is the Guest Net 1, just the first button on the left in the GUI. Won't switching to 2 or 3 break AI mesh? I have the main router downstairs and a lot of the smart home devices are upstairs and need to connect to the AX58U I have set up as an AI mesh node. If I use the other guest networks, won't they all try and connect to the router downstairs and have a really poor connection. Router downstairs is on the opposite side of the house, and garage is on other side, another floor up. So wifi won't reach it very well from the main router. Thanks for the advice tho. I may have to test that to see how it works.

 

[bennor]

Are you u

Won't switching to 2 or 3 break AI mesh? ... I have the main router downstairs and a lot of the smart home devices are upstairs and need to connect to the AX58U I have set up as an AI mesh node.

Wait, are you using AiMesh? This is your first mention of it. YazFi does not work with AiMesh nodes.

 

[bennor]

Per the YazFi developer...
https://www.snbforums.com/threads/guest-network-clients-not-using-yazfi-subnet.71718/#post-680188

YazFi doesn't work on Aimesh nodes. The guest network on the node will be unrestricted

 

[jorgsmash]

Crap. Sorry, didn't know that was a limitation. There was no mention of it during the install script or anything. So would I just have to implement static IPs for all of the smart devices and use IP tables to block them from accessing other devices on the LAN?

 

[bennor]

Crap. Sorry, didn't know that was a limitation. There was no mention of it during the install script or anything. So would I just have to implement static IPs for all of the smart devices and use IP tables to block them from accessing other devices on the LAN?

Its a well mentioned limitation in the YazFi threads/discussions. Can't answer why it was not included in the instructions. Yes you would likely have to use static IP's and IP tables, or use VLAN's or similar to try and restrict or control those devices. Or maybe not use AiMesh nodes at all and instead use WiFi range extenders or something like that which connect to the main router's YazFi Guest Wifi.

Edit to add: Also you may want to fill out the signature field of your profile to indicate router, firmware , addon scripts, and AiMesh settings/nodes so people are aware next time of your setup.

 

[jorgsmash]

Would running a ethernet cable from downstairs up to the second router, and running the AX58U in different mode (AP, Repeater) be a solution?

I'll look into updating my signature.

 

[bennor]

Would running a ethernet cable from downstairs up to the second router, and running the AX58U in different mode (AP, Repeater) be a solution?

Repeater mode might work, you'd have to experiment/test.

 

[jorgsmash]

For using IPtables rules via SSH on the router, would I have to add each IPtables command line-by-line to a startup script (eg. firewall-start)? Or is there a better way of doing it?

 

[SomeWhereOverTheRainBow]

For using IPtables rules via SSH on the router, would I have to add each IPtables command line-by-line to a startup script (eg. firewall-start)? Or is there a better way of doing it?

This is the way.....

GitHub - jackyaz/YazFi: Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more!

Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more! - jackyaz/YazFi

github.com

 

[jorgsmash]

This is the way.....

GitHub - jackyaz/YazFi: Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more!

Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more! - jackyaz/YazFi

github.com

But I can't use YazFi with AI Mesh. I currently need AI mesh for dead spots in wifi coverage at my house.

 

[SomeWhereOverTheRainBow]

But I can't use YazFi with AI Mesh. I currently need AI mesh for dead spots in wifi coverage at my house.

I use it for "limited" no mesh coverage.

 

[jorgsmash]

How do you mean? If I need to use AI mesh would your suggestion still work? I may not have time today but I need to start experimenting with blocking certain IoT devices from accessing other devices on the LAN, only allowing Internet access via iptables. In my case with no guest network, all devices on the same subnet. Since I can't use the guest network with AI mesh.

 

[SomeWhereOverTheRainBow]

How do you mean? If I need to use AI mesh would your suggestion still work? I may not have time today but I need to start experimenting with blocking certain IoT devices from accessing other devices on the LAN, only allowing Internet access via iptables. In my case with no guest network, all devices on the same subnet. Since I can't use the guest network with AI mesh.

From my understanding, the only guest network that supports AIMESH, is number 1. I don't use yazfi on number 1.

 

[bennor]

This likely won't help those who use AiMesh but some quick and dirty observations on using a wireless extender to extend the YazFi Guest 2 network (I likewise don't use WiFi Guest #1 for YazFi) on a non AiMesh setup.
Main router: RT-AX86U Pro (388.2_2)
Wireless range extender: Linksys RE6400
Asus RT-AC68U (stock latest Asus firmware) configured for Repeater mode

Linksys range extender worked fine when connected direct to the YazFi Guest #2 Wifi. No devices connecting through the Linksys range extender could access main LAN clients.

If I connected the Repeater mode RT-AC68U via WiFi to the Linksys RE6400, the Repeater RT-AC68U worked as expected with YazFi. Repeater clients couldn't access main LAN clients.

However the problem I experienced when connecting the Repeater RT-AC68U direct to YazFi Guest #2 Wifi was all LAN clients were accessible from devices connected to the Repeater RT-AC68U. The Repeater RT-AC68U would pull a main LAN IP address. Any device connected to the Repeater RT-AC68U in this specific setup would have a LAN IP address not a YazFi Guest #2 WiFi network IP address. Almost as if the Repeater RT-AC68U was tunneled through the YazFi blocking tables, like the RT-AX86U Pro saw the Asus router and treated it differently even though connected to the YazFi Guest #2 WiFi. Strange.