What's new

Guest WiFi security in AP mode

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

colecaz

Regular Contributor
I'd like to get confirmation of what I'm seeing when I use my Asus RT-AC66U routers in access point mode and enable guest wifi.

I have a home network of an RT-AC68P for the main router with two RT-AC66U's running in access point mode and hardwired to a 24 port switch. They're all running Merlin 380.69. The AP's are connected using one of their LAN ports, which is their only port used. The 24 port switch is connected to one of the AC68P's LAN ports in "router-on-a-stick" fashion to allow internet access for the entire network.

All three routers/AP's have only one 2.4 GHz guest network enabled in addition to the standard wifi. All have the same SSID and password and have Roaming Assistant enabled.

The problem is the user is isolated from the rest of the network only if the user is connected to the main routers guest SSID. If the user is connected to either of the AP's guest SSID's, the full network is accessible just like when connected to the primary, non-guest, SSID.

Can anyone confirm this is normal in this configuration or point out where I'm going wrong? If it's normal there are probably a lot of Asus routers used in AP mode for guest networks that don't have the protection they think they do.
 
It's a technical limitation. The parent router has no way of controlling what connects to the AP, and vice-versa. For all intents and purposes, a client connected to a separate AP is identical to one connected to an Ethernet port of the main router. The main router has no way of knowing if the client on the AP is connected through the AP's main wifi, guest wifi or Ethernet.
 
I thought it might be something like that. It looks like a dedicated AP that has vlan capability, managed switch, and a router to match is the way I'll need to go.

Thanks for the quick response, RMerlin. And for your work on the firmware.
 
If you need better management control, look into a mesh-based solution, where your master node might be able to fully control the child nodes.
 
Evening all
I am currently trying to extend wifi coverage in my house. Initial thought was to go down the following route:
RT AC88U (parent)<=RJ45 Cable=>RT AC87U (AP)
but...
as much as I like the security a Guest Network offers (IoT and stuff) under Wireless Router mode, I take from you gents' word that this cannot be replicated under an AP setup.
For that matter, RMerlin did suggest exploring the AiMesh possibilities, hence my question:
What's the trade-off in terms of speed and security between a wired AP mode and an AiMesh setup? At what performance cost would a security-improved AiMesh system come? -Thanks...
[Edit signature for updated setup and mode]
 
I would say they dont differ, only setup and administration is easier with Aimesh and if it works than roaming of clients may be more seamlessly. They both dont support guest on nodes, maybe Aimesh will sometime in future - who knows.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top