Intranet access cannot be disabled under Guest Network 1

figorr

Regular Contributor
Hi, I am a bit confused because I am trying to setup a Guest Wifi under the 5GHz, and index 1. The main router is a RT-AX88u running Firmware Version: 386.8. I tried also under the 2.4GHz but same result.

The idea is the guests can have internet through the different nodes (RT-AX88u, RT-AX58u and RT-AX68u) but when I chose "Guest network on AiMesh" to "All Aimesh nodes" ... and then I set the "Access Intranet" to "Disabled" ... it seems the disabled option is selected. But after applying the settings ... the "Access Intranet" is being shown again as "Enabled" ... an all the guest clients can access the non guest network.

So I installed and enabled the Yazfi addon. And then I tried a different setup.

- Setting "Guest network on Aimesh" : "All Aimesh nodes"
- "Access Intranet" Disabled (But Access intranet cannot be set as disabled). After applying the settings ... It is shown again as enabled.
- Enabling the Yazfi addon and setting the "One Way to Guest" as enabled.

As a result ... the guests can access the Non Guest Network. And this is normal because the "Access Intranet" returned to "Enabled" after applying the settings.

The only way it seems to work (but not as expected) is by enabling the following options:
- Setting "Guest network on Aimesh" : Router only
- "Access Intranet" Enabled (Access intranet cannot be set as disabled). Allways is being shown again as enabled after applying the settings.
- Enabling the Yazfi addon and setting the "One Way to Guest" as enabled.

By doing this last setup ... Guests had cannot access intranet (because of the "One Way to Guest" of the Yazfi addon) although the "Access Intranet" is being shown as "Enabled". But Guests only have internet under the "Router" coverage, not under the nodes.

Is this a bug or is there something else I need to change under the setup to be able to run a Guest Network under the Aimesh Nodes, but with Intranet Access disabled for the Guests?
 

Piotrek

Occasional Visitor
Guest network 1 is specific and is used for AiMesh.
Use Guest Network 2 or 3.
 

figorr

Regular Contributor
But under Guest Network 2 or 3 ... the guests cannot connect through nodes. At least I didn't see the option under the setup. The option of "Guest network on AiMesh" to "All Aimesh nodes" only appears under the Guest Network 1.

Is there any way to have a Guest Network through the nodes?
 

bennor

Very Senior Member
The idea is the guests can have internet through the different nodes (RT-AX88u, RT-AX58u and RT-AX68u) ....

So I installed and enabled the Yazfi addon. And then I tried a different setup.
You have two separate issues at play here. First, Asus sets Guest Network #1 for use with AiMesh. Because of this Guest Network #1 may behave differently than Guest #2 or #3. Move WiFi Guest #1 devices to Guest #2 or #3. Second, YazFi doesn't work on AiMesh nodes. See Jack Yaz's comment indicating such in this post. It should also be noted that when using YazFi, it will change the enabled Guest network, for example YazFi will enable Access Intranet, and use it's own filtering methods to control or set access to the local network clients (one way or two way to guest).
 
Last edited:

Piotrek

Occasional Visitor
Sorry, can't help - I'm not using AiMesh.
All I know is that using Guest Network 1 often causes problems and unexpected behavior.
 

figorr

Regular Contributor
OK, thank you to @Piotrek and @bennor for your quick response.

Just some strange thing I have just noticed.

I just made another test and I enabled Guest Network 1 under 2.4GHz and now I can set "Access Intranet" to Disabled under the 2.4GHz ... and It seems that remains as disabled after applying the settings.

So I can confirm that now works.

So after confirming that it is working ... I disabled Yazfi addon for the 5GHz network and after that I also disabled the Guest Network 5GHz.

And the Guest Network 1 under 2.4GHz is still working as expected, with Intranet disabled for the guests.

Very weird. But now works.
 

figorr

Regular Contributor
Just an update.

You were right.

There are some strange behaviours on some devices. I have several Shelly devices connected to the main router ... and all of them were disconnected and there was no way to reconnect them. Even restarting the whole AiMesh system. While a couple of Shelly devices that are connected to a node ... didn't loose their connection.

In the meanwhile ... the Guest Network was working Ok ... and the guests cannot access the intranet ... and there was internet through the nodes.

But finally I disabled Guest Network 1 ... and I enabled only the Guest Network 2. It is a shame that we cannot have a Guest Network thorugh the nodes. I hope that can be implemented soon.
 

drinkingbird

Very Senior Member
Just an update.

You were right.

There are some strange behaviours on some devices. I have several Shelly devices connected to the main router ... and all of them were disconnected and there was no way to reconnect them. Even restarting the whole AiMesh system. While a couple of Shelly devices that are connected to a node ... didn't loose their connection.

In the meanwhile ... the Guest Network was working Ok ... and the guests cannot access the intranet ... and there was internet through the nodes.

But finally I disabled Guest Network 1 ... and I enabled only the Guest Network 2. It is a shame that we cannot have a Guest Network thorugh the nodes. I hope that can be implemented soon.

It should work, but you should probably start with latest firmware and factory reset on all Asus devices. On your main router you can run Merlin if you need the features that brings, but if you don't need them, run stock firmware. On the nodes, only run the latest stock Asus firmware, not merlin, and again factory reset.

Then configure from scratch. You can use Guest Wireless 1, that is specifically designed for AiMesh and puts the guests into their own subnet and totally isolates them.

Then on your devices "forget" the wifi network (whether main or guest) and re-join.

The main bug I'm aware of with GW1 on the 386 code base is for people with FIOS/Frontier (and possibly some other fiber providers). It seems Asus is for some reason forwarding DHCP packets from the guest wireless out the WAN port, and ONTs are stripping off the VLAN tag and replying to that DHCP packet, causing stuff to get all messed up and your internet to completely go down.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top