Page 1 of 1

Can't Isolate the Guest Network

Posted: Mon May 20, 2019 3:01 pm
by jeffreytsang
Has anyone setup a guest / virtual access point that prevents guests from accessing your regular network? Here's what I tried:

1. Went to the router interface page: 192.168.42.1/admin
2. Clicked on "2.4 GHz Band" (also tried "5 GHz Band") tab, then clicked "Basic" tab
3. Clicked on "Clients Isolation" check box
4. In the table at bottom called "Wireless - Guest/Virtual Access Points", I clicked "Enabled", added an SSID name, and clicked the "Isolate Clients" check box. Then clicked "Apply/Save"
5. Finally, I went to the "Security" tab under "2.4 GHz Band", selected my newly created guest network SSID, and set a password. Then clicked "Apply/Save".

On my Mac, I can see the newly created guest network, can log on to it, and access the Internet. But it also still allows me access to devices connected to my regular network, namely my NAS drive and my printer. This totally defeats the main purpose of having a "guest network."

Does anyone have a solution before I go out and buy a new router that supports a true "guest network"?

Thanks,
Jeff

Re: Can't Isolate the Guest Network

Posted: Wed Jun 19, 2019 3:23 pm
by ngufra
I don't know the router you are using so just general comments.

After logging out off the admin page and logging in again, do you see the boxes checked the way you wanted?
Some routers have an "apply settings" button.

Have you tried rebooting the computer? Maybe there are some routing that is persisting.

Re: Can't Isolate the Guest Network

Posted: Thu Jun 20, 2019 3:10 pm
by ewhac
ngufra wrote:Have you tried rebooting the computer? Maybe there are some routing that is persisting.
That should not matter. The client's netmask is a local optimization; the router is the final arbiter. Even if the local netmask says I can talk to a given subnet, the router should still refuse to pass the traffic. (Otherwise I could manually set my netmask to zero and talk to everything.)