Menu
What's new
By:
Filters Better Search

Is there a way to let Guest Wifi clients see each other but not Intranet devices?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

domic

Regular Contributor
Trying to set up a Google Nest Hub device for my IoT Guest network (same Asus router), and I seem only to find a "Access Intranet" option which I don't want to let all my smart light bulbs and other devices see my home subnet devices.

A Fing network scan (Android app) shows only the router and my phone as discovered devices. Any solutions?
 
You need to change the isolation setting for the given guest network via its nvram variable. Unfortunately there's no GUI option to set/unset it. The problem with this method is that if you subsequently make changes to that guest network in the GUI the nvram change will be undone.

So for example, to disable client isolation on 2.4GHz guest network #2:
Code: 
nvram set wl0.2_ap_isolate=0
nvram commit
service restart_wireless
 
If one doesn't want to use the method detailed above, one can accomplish Guest WiFi client communication (on the same band) with the Asus-Merlin firmware (assuming one's router is supported) and the YazFi add-on. YazFi add's an option to enable/disable Client Isolation on the Guest WiFi.

When it comes to communication between 2.4Ghz and the 5Ghz, a similar question was asked last week in the Add-On's subforum.
https://www.snbforums.com/threads/yazfi-allow-communication-between-2-4ghz-and-5ghz-networks.82799/

An example of YazFi's options with the client isolation option highlighted:
YazFi.jpg
 
ColinTaylor said:
You need to change the isolation setting for the given guest network via its nvram variable. Unfortunately there's no GUI option to set/unset it. The problem with this method is that if you subsequently make changes to that guest network in the GUI the nvram change will be undone.

So for example, to disable client isolation on 2.4GHz guest network #2:
Code: 
nvram set wl0.2_ap_isolate=0
nvram commit
service restart_wireless
Click to expand...
Nice one!

Do you know if a similar nvram variable exists for the equivalent of "One way to guest" setting in YazFi?

The ideea is that I had uninstalled YazFi because of the issue with IoT clients from the AiMesh node who would receive IP addresses from the main subnet.

Basically what I'm trying to accomplish is to be able to ping IoT clients so to receive notifications in case any of the IoT nodes is down.

Thank you!
 
DiliMe said:
Do you know if a similar nvram variable exists for the equivalent of "One way to guest" setting in YazFi?
Click to expand...
No, there's no nvram equivalent for that. YazFi achieves it by creating separate subnets with firewall rules between them.

DiliMe said:
The idea is that I had uninstalled YazFi because of the issue with IoT clients from the AiMesh node who would receive IP addresses from the main subnet.

Basically what I'm trying to accomplish is to be able to ping IoT clients so to receive notifications in case any of the IoT nodes is down.
Click to expand...
To disable intranet access for the guest network brouting rules are created that block ICMP and TCP traffic. You could manually change these rules but the changes would be lost when the router was rebooted or certain changes were made in the GUI. Using AiMesh nodes makes this even more complicated.
 
ColinTaylor said:
No, there's no nvram equivalent for that. YazFi achieves it by creating separate subnets with firewall rules between them.


To disable intranet access for the guest network brouting rules are created that block ICMP and TCP traffic. You could manually change these rules but the changes would be lost when the router was rebooted or certain changes were made in the GUI. Using AiMesh nodes makes this even more complicated.
Click to expand...
OK, thank you for the quick response.
 
You must log in or register to reply here.

Similar threads

F
Solved IoT's and Intranet
Replies
16
Views
1K
pjd50
P
D
Guest network with intranet access v. using the main network
Replies
4
Views
458
ColinTaylor
C
P
RT-AX86U (AX5700) router dropping smart home devices every few weeks but Wi-Fi still works
Replies
2
Views
346
FredTheFrog
F
O
Solved Devices not going to the guest network
Replies
8
Views
522
Dedel66
Dedel66
B
Wifi performance on RT-AX86U Pro
Replies
1
Views
368
bbunge
bbunge
Similar threads
Thread starter Title Forum Replies Date
T There are no multiple VLANs and Guest Network Pro for Asus ROG-AX11000 pro ? ASUSWRT - Official 20
T I can't add profiles in Guest Network pro ROG-GTAX6000 ASUSWRT - Official 5
L Guest wifi last fw ax86u pro ASUSWRT - Official 6
B Understanding VLAN Assignments with Guest Network Pro: Managing VLANs Across Multiple SSIDs on ASUS RT-AX88U Pro ASUSWRT - Official 1
L Understanding „Guest Network Pro IoT“ ASUSWRT - Official 13
T How does Guest Networks work on the technical level behind the scene ? ASUSWRT - Official 16
J Asus RT-AX92U firmaware update failure and no wifi ASUSWRT - Official 3
R Failed wifi connections still logged as successful? ASUSWRT - Official 2
N Solved GT-AX6000 stock lost wifi connection on phone ASUSWRT - Official 14
J Help with system logs - Constant wifi drops ASUSWRT - Official 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 881 (members: 22, guests: 859)
Top