RT-AC86U guest network issue

[Neil Horowitz]

I have several 2.4 Ghz smart devices connected to my RT-AC86U router currently running Merlin 384.15 firmware. As repeatedly advised, I have these devices connected to a guest network on the router. The guest network cannot access the main network, but the devices on the guest network can be controlled from the main network. But every so often, randomly, there may be a loss of access to one or several of these devices from the main network. The router still lists the device(s) as connected to it, but when this happens, they can only be accessed from the guest network. The software used to control these smart devices installed on a computer on the main network lists these inaccessible devices as "offline". Once this occurs, the only way I have found to remedy the problem is to reboot the router. This intermittent problem also existed with prior versions of the Merlin router firmware.
Has anyone else experienced such a problem and is there a known remedy other than just connecting everything to the main network?

 

[L&LD]

You may need to show screenshots of the guest network set up screen(s).

I don't think the guests can be isolated but still be controlled from the main network with default Asus or RMerlin firmware?

You may find that YazFi will do what you need.

https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/

 

[ColinTaylor]

... but the devices on the guest network can be controlled from the main network.

That shouldn't be possible. If it is then it's a bug. The only way I can think of where this might be possible is if the IoT devices are connecting to "the cloud" and the device on the main network is controlling them through/via the cloud.

 

[CaptainSTX]

What Colin stated about cloud control of IoT devices is how it works for most of my IoT devices. In my setup wireless IoT devices connect on a guest network (no intranet), a VPN client only used by IoT devices only and they are on a subnet that is different from my primary LAN.

I can control the devices from anywhere because they are connected through thee cloud. My security camera confirms this when I connect as it indicates that the connection is through a relay.

For security you want your IoT devices to have nothing to do with your more secure devices on your primary network.

 

[guho]

Using ebtables commands, it is possible to open up a range of IP addresses on the main network to be accessible to/from guests. I have done this so guests can use IP printers and cast to Chromecasts on my main network.

Check out this post: https://www.snbforums.com/threads/a...et-access-on-ap-mode.60532/page-2#post-532244

 

[Neil Horowitz]

That shouldn't be possible. If it is then it's a bug. The only way I can think of where this might be possible is if the IoT devices are connecting to "the cloud" and the device on the main network is controlling them through/via the cloud.

You are correct. I temporarily disabled the WAN interface on the router, disconnecting my network from the cloud. In this configuration I could no longer control any of my smart devices unless I also connected my computer to the guest network. So is there anyway to configure the router to permit access to the guest network from the main network while preventing the guest network from accessing the main network?

 

[L&LD]

@Neil Horowitz, see post 2.

 

[Jack Yaz]

@Neil Horowitz, see post 2.

"One way" access should do the trick

 

[Neil Horowitz]

Using ebtables commands, it is possible to open up a range of IP addresses on the main network to be accessible to/from guests. I have done this so guests can use IP printers and cast to Chromecasts on my main network.

Check out this post: https://www.snbforums.com/threads/a...et-access-on-ap-mode.60532/page-2#post-532244

Thanks, but none of the smart devices I am dealing with allow the use of a fixed IP address. I plan to give YazFi a try this week.

 

[guho]

Thanks, but none of the smart devices I am dealing with allow the use of a fixed IP address. I plan to give YazFi a try this week.

You need to set up DHCP reservations if your devices cannot be set to fixed IPs. That is what my ChromeCasts get their fixed IPs from.

 

[Amwjujo]

I have a similar setup, where I put all my IoT devices on a guest network. Then I used YazFi(thank you for this) and I checked "one way communication " in the menu as L&D and Jack suggested .
No problems so far and everything works fine.
Give it a try and share your experience
Good luck.