Prohibit Guest network device accessing lan in AP mode

[Tech9]

The device(s) shown on your screenshots have different names and you have obscured the MAC address. I can't see if this is the same device or different.

 

[tarzan2000]

The device(s) shown on your screenshots have different names and you have obscured the MAC address. I can't see if this is the same device or different.

Two different devices of the same type (IoT) are connected on the AX86U main node to a normal guest network and receive an address from the network 192.168.101.0
The same two devices, when moving closer to the managed AX86S node, receive an address from my internal network 10.7.0.0
It does not matter that in the photo you see, two different devices with different addresses = this is as an example = Important they BOTH have settings for connecting ONLY to the guest network.

I have had this problem for a long time. It does not depend on alpha or stable firmware version. It was also on version 388.1.

 

[Tech9]

The more important question - does this client have access to the main network? If it doesn't - all good.

You may have discovered yet another bug with Guest Network to nodes. It had issues for a very long time.

 

[drinkingbird]

Two different devices of the same type (IoT) are connected on the AX86U main node to a normal guest network and receive an address from the network 192.168.101.0
The same two devices, when moving closer to the managed AX86S node, receive an address from my internal network 10.7.0.0
It does not matter that in the photo you see, two different devices with different addresses = this is as an example = Important they BOTH have settings for connecting ONLY to the guest network.

I have had this problem for a long time. It does not depend on alpha or stable firmware version. It was also on version 388.1.

Sounds like that node has "access intranet" enabled (whether you told it to or not). When that is enabled clients do not get the 192.168 IP, they get a main LAN IP.

You can try enabling and then disabling that feature (reboot after each) as it should force everything to get rebuilt. Maybe even totally erase and disable GW1, reboot, then reconfigure it and reboot again.

You may have to factory reset the node via WPS and rejoin it. It that doesn't work, might have to redo the whole system from scratch.

 

[tarzan2000]

The more important question - does this client have access to the main network? If it doesn't - all good.

Yes, if these clients reconnected to AX86 and as a result received an address from my main network (10.7.0.0)
If I move back to the main node AX86U they get an address from 192.168.101.0 and access to my main network (10.7.0.0) is completely lost

I've just run tests on my Lenovo x270 laptop by connecting it to a guest network and moving between nodes. It turns out that the second Ai Mesh node has a serious security problem.

Sounds like that node has "access intranet" enabled (whether you told it to or not). When that is enabled clients do not get the 192.168 IP, they get a main LAN IP.

You can try enabling and then disabling that feature (reboot after each) as it should force everything to get rebuilt. Maybe even totally erase and disable GW1, reboot, then reconfigure it and reboot again.

You may have to factory reset the node via WPS and rejoin it. It that doesn't work, might have to redo the whole system from scratch.

Yes, you're right, that's what I do. If I see that on the second node my IoT devices have received an address from my main network, then I reboot the second node, and then the devices go to the first node and everything is ok. But due to the fact that the second node is closer to the distance with some IoT devices - they connect to it again.

 

[drinkingbird]

Yes, if these clients reconnected to AX86 and as a result received an address from my main network (10.7.0.0)
If I move back to the main node AX86U they get an address from 192.168.101.0 and access to my main network (10.7.0.0) is completely lost

I've just run tests on my Lenovo x270 laptop by connecting it to a guest network and moving between nodes. It turns out that the second Ai Mesh node has a serious security problem.




Yes, you're right, that's what I do. If I see that on the second node my IoT devices have received an address from my main network, then I reboot the second node, and then the devices go to the first node and everything is ok. But due to the fact that the second node is closer to the distance with some IoT devices - they connect to it again.

Make sure everything is running the latest stable firmware. Run stock (not merlin) on the node(s). I'd even go as far as say they should all be on the same code base (386 or 388). Factory reset all devices (after putting the firmware of choice on them) and reconfigure everything from scratch.