Menu
What's new
By:
Filters Better Search

Guest Networks not isolated in AP mode?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BeachBum

BeachBum

Regular Contributor
Hello, I have a Asus RT-3200 in AP mode connected to a pfSense router. I have a Guest Network turned on and it appears to not be isolated from the LAN. Connected clients can ping and mount shares from the LAN.

I see no option listed to isolate the Guest Network, and interestingly the description says '...restricts access to your local network.'

Firmware is Merlin 380.59_0

How can I isolate clients on the Guest Network?

SS1.png SS2.png
 
Guest isolation is not possible in AP mode, because the AP has no control over the traffic once it leaves the AP and reaches your pfsense firewall.
 
Might be possible to VLAN out the guest SSID, so at least the Guest Network remains isolated, not sure if AsusWRT can do this - and if not, I'm not sure it would be worth the effort, however this question has been asked many times over..

(Airports can support Guest Networks using VLAN 1003 when in Bridged Mode (AP mode in AsusWRT speak))

Within pfSense, you would still have to create the VLAN and the FW rules (WAN <-> VLAN1003), and setup the DHCP scope for VLAN1003.

OpenWRT is similar in this respect... and perhaps OpenWRT on the AP might be able to do more what you're looking for...
 
@RMerlin, can 380.59 create VLAN's? (in APmode)


I guess the only other way to achieve the isolation would to give each device a static mapping and then block them from the lan via firewall rules. That is a pia...
 
BeachBum said:
@RMerlin, can 380.59 create VLAN's? (in APmode)


I guess the only other way to achieve the isolation would to give each device a static mapping and then block them from the lan via firewall rules. That is a pia...
Click to expand...

Not through the webui. You'll have to manually create everything yourself through scripting.
 
You must log in or register to reply here.

Similar threads

F
AI mesh guest network 1 issues
Replies
3
Views
417
Fuechslein
F
TheLyppardMan
Access options with guest networks
Replies
4
Views
1K
bennor
B
R
Wireless MAC (Band filter filtering out Guest network)
Replies
2
Views
95
recharging
R
R
mDNS repeater with guest network/vlan
Replies
3
Views
1K
robca
R
C
YazFi: Guest Networks and DNS Director?
Replies
13
Views
1K
bennor
B
Similar threads
Thread starter Title Forum Replies Date
S Network printer no longer available after activating Guest networks Asuswrt-Merlin 18
L Does Merlin support custom Image for Guest Networks? Asuswrt-Merlin 6
C YazFi: Guest Networks and DNS Director? Asuswrt-Merlin 13
TheLyppardMan Access options with guest networks Asuswrt-Merlin 4
R Wireless MAC (Band filter filtering out Guest network) Asuswrt-Merlin 2
R Guest network MAC address white listing limit Asuswrt-Merlin 5
B Single guest network where devices can interact Asuswrt-Merlin 6
J Change the name of the guest network in network map? Asuswrt-Merlin 1
D Guest network with intranet access v. using the main network Asuswrt-Merlin 4
J Pihole/Yazfi with guest network Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 903 (members: 21, guests: 882)
Top