time scheduling and block internet access not working ....

zero7404

Regular Contributor
lately have observed some odd behavior and wondering if anyone knows why this would happen ...
i have a windows pc that connects to my guest 1 wifi, this device gets assigned an IP and i can see it in the list of connected devices. i assigned a time parental control to block internet between certain times for that device. but that doesn't work ..
i also tried switching from time schedule to basically 'Block Internet Access', and when that is enabled for the device, it doesn't do anything to prevent the computer from accessing the internet. i use a work-provided vpn on it to connect to the workspace.

this observation has me concerned here, i put it on the guest 1 network primarily to isolate it from the rest of my LAN and now I am wondering if this notion is a false pretense to believe - if the issue i see is a bug, then there may be other bugs as well ..

anyone else observe a device still online and communicating with the internet after enabling Block Internet Access for it in the Router ? or is this not possible to do for a device connecting to guest 1 wifi ?

any advice would be appreciated greatly ...

my version is 386.5
 

eibgrad

Part of the Furniture
In general, it's recommended you do NOT use guest #1, but instead guest #2 or #3. ASUS has (imo) messed up guest #1 for the benefit of AiMesh. For example, it will usually configure the wireless clients of guest #1 (2.4GHz and 5GHz) on their own IP networks (192.168.101.x and 192.168.102.x, respectively) and bridges (br1 and br2, respectively). But from observing the firewall when configuring parental controls, it seems to assume the default private network's bridge (br0).

Code:
Chain PControls (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            TIME from 15:00:00 to 20:00:00 on Mon,Tue,Wed,Thu,Fri MAC 01:02:03:04:05:06

So again, I find it best to avoid guest #1 as much as possible. At the very least, I would first try guest #2 or #3 and see if it helps.
 

zero7404

Regular Contributor
i'll give it a shot, thanks for the advice. i thought guest 1 would be a good pick for isolated devices, and it seems most compatible for some one-off's. for instance, one of my child's school chromebooks is able to connect to guest 1, but not guest 2, even though both broadcasts are set to the same WPA2 and operate at (I assume) the same band (2.4).

if i enable my 3rd guest, should i keep my first guest on or can i disable it ? if i could get the one-off devices to connect to guest 3, then guest 1 would be wasted power if nothing uses it anymore.

edit: i spoke too soon about the one-off device, i have mac filtering turned on and the device mac is not registered. that's why it wasn't connecting ... sorry about that.
 

zero7404

Regular Contributor
guest 3 + parental controls and block internet access is working ... thanks again for that advice !

if i can disable guest 1 without impact to guest 2 & 3 let me know so i can do that
 

L&LD

Part of the Furniture
Yes, you can disable any of the Guest networks independently of the others.
 

zero7404

Regular Contributor
In general, it's recommended you do NOT use guest #1, but instead guest #2 or #3. ASUS has (imo) messed up guest #1 for the benefit of AiMesh. For example, it will usually configure the wireless clients of guest #1 (2.4GHz and 5GHz) on their own IP networks (192.168.101.x and 192.168.102.x, respectively) and bridges (br1 and br2, respectively). But from observing the firewall when configuring parental controls, it seems to assume the default private network's bridge (br0).

Code:
Chain PControls (1 references)
pkts bytes target     prot opt in     out     source               destination        
    0     0 DROP       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            TIME from 15:00:00 to 20:00:00 on Mon,Tue,Wed,Thu,Fri MAC 01:02:03:04:05:06

So again, I find it best to avoid guest #1 as much as possible. At the very least, I would first try guest #2 or #3 and see if it helps.
just had a 2nd read at this ... does this mean that it's 'potentially' possible for a client to gain access to the LAN, when the Intranet Access feature is explicitly set to disabled ?
true for any guest broadcast or just the 1st ?
 

eibgrad

Part of the Furniture
just had a 2nd read at this ... does this mean that it's 'potentially' possible for a client to gain access to the LAN, when the Intranet Access feature is explicitly set to disabled ?
true for any guest broadcast or just the 1st ?

There have been all kinds of documented issues w/ using guest #1, including NOT preventing access to the private network. Some searching through the forum will produce a number of threads over quite some time. That's why I said, unless you're using a guest network w/ AiMesh, just stay away from it. It's nothing but trouble. Guest #2 and #3, afaik, have no such issues and work as expected.
 

zero7404

Regular Contributor
was easy enough to turn on guest 3 and work with that. thanks again for the advice.

now left somewhat concerned about that bug/issue with my work computer when it was connecting to guest 1. why hasn't asus plugged this ? doesn't sound like they would leave issues like this long standing.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top