Guest wireless network, what's it good for?

[Fritz]

I thought that devices connected to a guest wireless network didn't have access to the LAN, only the Internet. I'm currently typing this on a tablet that's connected to the guest network of an Asus RT-N65R router and it has access to my entire LAN and everything that's connected to it. So what is the purpose of a Guest network?

 

[T_Minus]

It probably requires some configuration ?

 

[Netwerkz101]

It probably requires some configuration ?

^^ This

[Guest Network] How to set up Access Intranet

 

[wildchild]

It probably requires some configuration ?

very much so

 

[spazoid]

Probably depends on the product your're using. Guests on the guest network on my Unifi setup can't access anything but the internet, and I've done no configuration besides ticking off a box.

 

[ridney]

Guest network should be in a different subnetwork than your home network.

 

[Fritz]

Got it, thanks.

So a Guest network ain't a guest network until you configure it as a guest network. Clear as mud.

 

[ttabbal]

On consumer stuff, it usually works fine. IF the AP is also the primary router on the network. Out of curiosity, I tried it on an Asus and it did exactly what you saw, full network access. It worked alright when it was the main router though, so for the people around here, it's probably not a good feature.

I seem to remember seeing VLAN options on DD-WRT for the SSIDs, so using that you could probably make it work. I don't remember if my Asus had those options. I could install DD-WRT, but it's just annoying enough on those that I don't want to bother if I don't need it.

 

[Fritz]

OK, had a chance to get back on this.

A little more info. This Asus router is configured as an access port. The main router is a TP-Link Archer C-7. No matter what the settings are in the Asus, the wireless device still has full access to entire network so it appears that Guest mode doesn't work in AP mode. Problem is, I need the AP because I can't get adequate coverage with just the TP-Link. Is PFSense the answer?

 

[ttabbal]

I suspect pfsense would be the way to go. VLAN tag the guest network, have pfsense route it to the internet only.

 

[Fritz]

Think I found a solution. Reconfigured the Asus as a router and give it a different subnet. Plugged the cable into the WAN port and now all Wireless clients are given 192.168.1.* addresses which keeps them from the LAN. No I have to figure out how to make a printer available to them.

 

[Netwerkz101]

Think I found a solution. Reconfigured the Asus as a router and give it a different subnet. Plugged the cable into the WAN port and now all Wireless clients are given 192.168.1.* addresses which keeps them from the LAN. No I have to figure out how to make a printer available to them.

Reconfigured as a router??? What was it before?
Edit: I had my blinders on: AP / Bridge mode were options I guess?

How are your devices connected to the Asus RT-N65R? Wired? Wireless? combo?
Is the printer wired or wireless? Capable of both at same time?

 

[Fritz]

The Asus is only for wireless clients. The TP-Link handles the rest. I have 2 printers that are in reach of the Asus so I'm thinking of plugging them into it. Most other boxes have at least 2 NIC's so one can be asigned to the Asus subnet. The only thing I'm not clear on is how to make the wired boxes grab a IP from the TP-Link. I really need to look into vlans but for one to be useful to me it would have to be based on MAC address and not on switch ports.

 

[Jerry Renwick]

It is known that a guest network uses a different SSID from the wireless network that you and your employees access, which can provide visitors with Internet access while keeping your main Wi-Fi network separate and secure.

It can improve security and privacy, increase convienience, control network usage.

 

[Drewy]

It is known that a guest network uses a different SSID from the wireless network that you and your employees access, which can provide visitors with Internet access while keeping your main Wi-Fi network separate and secure.

It can improve security and privacy, increase convienience, control network usage.

If it's configured/setup correctly, simply running a secondary SSID of "guest" isn't going to do anything to help

 

[lhartje]

The described behavior in the OP is expected when in AP mode [at least on the ASUS routers I've worked with] - the additional SSIDs will have the same access to the network as the primary SSID. Only when the ASUS device is in "Router mode" (and the "access intranet" option is set to off on the guest wireless network configuration) the guest network will be segregated (note: this option is missing when configuring guest wireless networks in AP mode). This only provides the advantage that you can have a different network key/password, so you do not give your primary key/password to a guest (assuming you keep your wireless network running all the time and enable/disable the guest SSID as-needed [or use the built-in timer functionality to disable it after X hours]).

If the rest of your networking gear supports it (primarily switches & firewall) you can vlan tag traffic received on the guest SSIDs when running in AP mode (this how I have my RT-68Us running at home - guest traffic is on vlan4 with its own dedicated firewall rules [basically allow all to the internet, deny all to private network]), but it requires manually editing the config files in order to configure (and enabling startup scripts to restore the configuration on reboots).

 

[Patriot]

Ahem, Guest networks are good for upside down telnet Upside-Down-Ternet