Solved IoT's and Intranet

[fotingo]

Hello,
I would like some help regarding Guest Network and IoT devices. I have smart plugs/switches and would like to keep them separate from main network.
I see this Asus Router has the Guest Network option and I see the option to enable/disable Intranet which works as intended. If I connect my iphone to that Guest Network, I can't access the GUI or ping any devices on the network, which is great...but...

The issue I am having is, when I disable Intranet, the IoT devices like smart plugs/switches and even wireless indoor cameras connected to that Guest Network will stop working and I lose connection to them and I can't control them anymore.

They seem to only work if I enable Intranet. Is there a way around this or is there a setting I am missing?
Thank you.

 

[bennor]

The issue I am having is, when I disable Intranet, the IoT devices like smart plugs/switches and even wireless indoor cameras connected to that Guest Network will stop working and I lose connection to them and I can't control them anymore.

Welcome to the forum.

Known issue/bug with Guest WiFi and disabling Intranet on certain Asus routers running certain firmware's causes those Guest WiFi clients to loose internet access. If you use the forum search feature you'll find a number of earlier discussion from people experiencing the exact same issue. For example:

Guest wifi last fw ax86u pro

Hi . I have. Problem with latest updte ax86u pro- 3.0.0.4.388_24198 After this update guest wifi 2.4ghz no internet access. When i enable intranet access internet work. In old fw: 3.0.0.4.388_23565 worked normal. And in new fw not work. Any1 same problem? Its a bug or new features? Or how...

www.snbforums.com

Guest Network has no internet access unless I enable access to intranet

Hi. I am trying to enable guest network for my IOT devices. I do not want to give them access to my intranet. If I enable a guest network and configure one of my devices to use that network, they can not access to internet. I only be able to make it work I give them access to intranet. When...

www.snbforums.com

Disabling "Access Intranet" on RT-AX86U guest network causes IoT devices on primary network to repeatedly disconnect

Hi, I'm having an issue where some cheap Zengge (Magic Home) LED controllers are repeatedly losing connection to my primary wireless network whenever I disable "Access Intranet" on my guest network. Previously I kept all IoT devices on my guest wifi network and disabled the bridging, as a...

www.snbforums.com

Guest network isolation issue

Hello Long-time lurker and new member. I hope I am doing this correctly. I read numerous threads before posting but am unable to solve my problem. Just recently (this was working fine ...) I stopped being able to "see" my devices on my guest Wifi network. For example, I have a Raspberry Pi...

www.snbforums.com

The workaround is to roll back to an earlier firmware where the issue isn't present. Or try using YazFi, which is a Guest WiFi addon.

YazFi - YazFi v4.x - continued

v4.4.4 Updated 2023-11-26 Feature expansion of guest WiFi networks on AsusWRT-Merlin, including, but not limited to: * Dedicated VPN WiFi networks * Separate subnets for organisation of devices * Restrict guests to only contact router for ICMP, DHCP, DNS, NTP and NetBIOS * Allow guest networks...

www.snbforums.com

GitHub - jackyaz/YazFi: Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more!

Feature expansion of guest WiFi networks on AsusWRT-Merlin, including SSID -> VPN, separate subnets per guest network, pinhole access to LAN resources (e.g. DNS) and more! - jackyaz/YazFi

github.com

 

[glens]

Known issue/bug with Guest WiFi and disabling Intranet on certain Asus routers running certain firmware's causes those Guest WiFi clients to loose internet access.

What I got out of the OP is that he can no longer control them, not that they lose Internet access. But I've never messed with any of that stuff so can't read anything into the stated dilemma.

 

[fotingo]

What I got out of the OP is that he can no longer control them, not that they lose Internet access. But I've never messed with any of that stuff so can't read anything into the stated dilemma.

Well, they really lose connectivity.. specially my wireless cameras and doorbell.. so yes, they lose connectivity. I will be trying out this Yazfi thing to see what is that about. Are there any pics on what the options look like before I install this?

 

[bennor]

Are there any pics on what the options look like before I install this?

The YazFi Github link I provided in my post above contains basic screen shot examples of the configuration screens and explanations of what the options do.

GUI:

CLI:

 

[fotingo]

Thank you. I will be giving this a shot tonight to see how it goes.
EDIT:
Before I do that.. so that option that says client isolation.. will it act as it's supposed to and not like the one in the regular Asus option?
I ask because if I also select it here...

Then I also lose connectivity altogether. I just want to make sure this works properly before I install this.

 

[bennor]

Thank you. I will be giving this a shot tonight to see how it goes.
EDIT:
Before I do that.. so that option that says client isolation.. will it act as it's supposed to and not like the one in the regular Asus option?
I ask because if I also select it here...
View attachment 54893

Then I also lose connectivity altogether. I just want to make sure this works properly before I install this.

Most if not all of the YazFi options have mouse over tool tips (may have to click on it). Or you can see the two links provided above to the YazFi pages which list what the options do. For Client Isolation: "Should Guest Network radio prevent clients from talking to each other? (true/false)". So yes it likely performs a similar or same function as Set AP Isolated. YazFi settings control ONLY the YazFi clients. Any changes you made on the WiFi > Professional page will typically apply to all WiFi clients, both main LAN WiFi and Guest WiFi.

Explanation of YazFi settings​

wl01_ENABLED​

Enable YazFi for this Guest Network (true/false)

wl01_IPADDR​

IP address/subnet to use for Guest Network

wl01_DHCPSTART​

Start of DHCP pool (2-253)

wl01_DHCPEND​

End of DHCP pool (3-254)

wl01_DHCPLEASE​

DHCP Lease Time: 120 to 7776000 seconds (2 minutes to 90 days). Values can be entered in seconds (e.g. 86400s), minutes (e.g. 1440m), hours (e.g. 24h), days (e.g. 2d), or weeks (e.g. 2w). A single digit ZERO '0' or an upper-case letter 'I' indicates that an "infinite" lease time value will be applied.

wl01_DNS1​

IP address for primary DNS resolver

wl01_DNS2​

IP address for secondary DNS resolver

wl01_FORCEDNS​

Should Guest Network DNS requests be forced/redirected to DNS1? (true/false) N.B. This setting is ignored if sending to VPN, and VPN Client's DNS configuration is Exclusive

wl01_REDIRECTALLTOVPN​

Should Guest Network traffic be sent via VPN? (true/false)

wl01_VPNCLIENTNUMBER​

The number of the VPN Client to send traffic through (1-5)

wl01_TWOWAYTOGUEST​

Should LAN/Guest Network traffic have unrestricted access to each other? (true/false) Cannot be enabled if _ONEWAYTOGUEST is enabled

wl01_ONEWAYTOGUEST​

Should LAN be able to initiate connections to Guest Network clients (but not the opposite)? (true/false) Cannot be enabled if _TWOWAYTOGUEST is enabled

wl01_CLIENTISOLATION​

Should Guest Network radio prevent clients from talking to each other? (true/false)

 

[fotingo]

Thanks for the reply.. I also have a quick question.. I found a page here on this site that talks about preparing a USB.. is that necessary to install this script?.. if not, what is the recommendation for USB for?

 

[bennor]

YazFi does not require an attached USB drive or a swap file on that USB drive. YazFi runs from the router's /jffs/scripts directory location.
Edit: There are certain other scripts that use a swap file on a USB drive or use a USB drive to store its files. Most if not all Asus routers with USB drive ports support using a USB drive as an attached storage location; media server, SMB file access, or FTP access or for other router features.

 

[fotingo]

Ok.. I have installed Yazfi, but can't seem to have internet when connecting to the Guest Network.

Is there anything else I need to do to get connectivity?

 

[fotingo]

Never mind.. I got it.. needed to enable the "Allow Internet access"

 

[Aiadi]

Hello,
I would like some help regarding Guest Network and IoT devices. I have smart plugs/switches and would like to keep them separate from main network.
I see this Asus Router has the Guest Network option and I see the option to enable/disable Intranet which works as intended. If I connect my iphone to that Guest Network, I can't access the GUI or ping any devices on the network, which is great...but...

The issue I am having is, when I disable Intranet, the IoT devices like smart plugs/switches and even wireless indoor cameras connected to that Guest Network will stop working and I lose connection to them and I can't control them anymore.

They seem to only work if I enable Intranet. Is there a way around this or is there a setting I am missing?
Thank you.

How are you expecting to be able to control your devices if you are unable to access them from another client on your intranet?

 

[fotingo]

Well.. at least the smart plugs and switches so I can turn them on and off while they are on a different network. I have also been looking for a way to keep my security cameras segregated from the main network as I have a Windows NVR for my cameras. I have been stuck because I was told I needed VLANS, but I couldn't do it with this router.. but I see that this option with Yazfi could come in very handy for what I have been planning on doing.

Now I have to figure out how I can accomplish this.. I have POE cameras, and wireless cameras on the same network, but would like to segregate them.
In order to do this, I will have to have a wireless adater connected to the NVR along with an Ethernet cable correct?

The Ethernet cable for the POE cameras and the wifi adapter for the wireless?

 

[fotingo]

I notice the Force DNS doesn't seem to be working. I have tried different ones like Family Cloudflare 1.1.1.3 and OpenDNS and it ignores them.
Is that option not working at this time?

EDIT.
Got it... "One way to Guest" was disabled.

 

[fotingo]

@bennor Thanks so much. This Yazfi option is awesome. I was able to segregate my cameras, smart plugs/switches and still able to control them from the main network. I can't believe I didn't use this before.

Would I be able to assign static IPs to Guest Network clients connected to Yazfi?

 

[bennor]

Would I be able to assign static IPs to Guest Network clients connected to Yazfi?

See the following:
https://github.com/jackyaz/YazFi/wi...verse-DNS-records#a-note-on-dhcp-reservations
https://www.snbforums.com/threads/y...inc-ssid-vpn-client.45924/page-32#post-473403

Any further questions about YazFi should be addressed to the Add-On subforum where there are numerous discussions about YazFi that one can find using the Filter option or the forum search.

Asuswrt-Merlin AddOns

This forums is for discussions about AddOns for Asuswrt-Merlin, i.e. Diversion, Skynet, etc.

www.snbforums.com

YazFi - YazFi v4.x - continued

v4.4.4 Updated 2023-11-26 Feature expansion of guest WiFi networks on AsusWRT-Merlin, including, but not limited to: * Dedicated VPN WiFi networks * Separate subnets for organisation of devices * Restrict guests to only contact router for ICMP, DHCP, DNS, NTP and NetBIOS * Allow guest networks...

www.snbforums.com

 

[pjd50]

Here is another option that may fix your issue:

SSH into your router and run the following command:
robocfg vlan 501 ports "1t 2t 3t 4t 7t 8t"

(see: https://www.snbforums.com/threads/rt-ac68p-fios-wan-dropouts-on-386-x.73214/page-2#post-727742 and https://www.snbforums.com/threads/asuswrt-merlin-386-2_6-is-now-available.72962/page-10#post-696360 for an explanation on why this fix is required)