search

derekperrin / rt-n56u

Automatically exported from code.google.com/p/rt-n56u
0 stars 0 forks source link

Guest AP not isolated #387

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.Turning on guest AP
2.
3.

What is the expected output? What do you see instead?
guest AP without access to my home network . Connecting through guest AP still 
can access all my Network 

What version of the product are you using? On what operating system?

1.1.2.1-004  on windows xp
Please describe the problem as detailed as it's possible.
If you have connection problem, then syslog file is required. (please do
attach it as a file)
Note that if there will be a poor problem description the issue status will
be changed to 'Invalid'!

Original issue reported on code.google.com by lamad...@gmail.com on 25 Jul 2012 at 4:15

GoogleCodeExporter commented 9 years ago 
Isolating guest AP is mean of:
- Isolating between clients of guest AP
- Isolating between clients of guest AP and main AP.

Clients of guest AP has access to internet, to router host and to LAN hosts.

Original comment by andy.pad...@gmail.com on 26 Jul 2012 at 9:23

GoogleCodeExporter commented 9 years ago 
Is there a way to allow guest AP to only access internet? I thought thats what 
a guest AP was for, to isolate them from other WLAN and LAN clients, not just 
WLAN clients. Thats how other router's i've had work

Original comment by dwheim...@gmail.com on 26 Jul 2012 at 8:17

GoogleCodeExporter commented 9 years ago 
Hi Andy,

You could make as an option:
- To allow only traffic to Internet or not. That would generate the respective 
firewall rules on the LAN/WiFi.
- Choose a DHCP pool (like you have for VPN - VPN Clients IP Pool)
- Ability to choose DNS Server, like for example one server connected on the 
LAN. That would generate the firewall rules to only allow UDP 53 port to that 
IP Address.

I believe all this options would make a huge improvement on this GUEST option 
that you've implemented.
Hope to hear news regarding this.

Thank you,
Goncalo

P.S.: Thank you for you last FW 006 update.

Original comment by gjbarra...@gmail.com on 1 Aug 2012 at 11:02

GoogleCodeExporter commented 9 years ago 
Thanks for the great firmware!
I agree with the requesters above.  I would like to be able to prevent those 
connecting via the guest AP from having access to my home network.  That is the 
way my Netgear router manages the guest network.  
Anyone connecting to my guest network only needs access to internet, not the 
internal network, printers, storage, etc.
Thanks

Original comment by ctrie...@gmail.com on 11 Aug 2012 at 1:55

GoogleCodeExporter commented 9 years ago 
да, былоп неплохо, есип оно только в 
интернет выходить давало. иначе вообще с 
трудом понимаю какой в нём смысл

Original comment by 1000Hz.r...@gmail.com on 18 Sep 2012 at 10:31

GoogleCodeExporter commented 9 years ago 
I am also requesting this feature, since I see this thread has been along for 
quite some time now without being implemented into the firmware. This should be 
a standard action of a guest network. Allow internet only connection via the 
guest SSID. Guests should not be able to access the main network. Thank you

Original comment by JamieW...@gmail.com on 11 Nov 2012 at 1:50

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
This feature has been implemented partially with the latest version available 
3.0.3.0-025. It works but as I have a DHCP server, I'm not using the router as 
DHCP for the LAN, the GUESTS can't get an IP from my server. That's why I made 
a request for the following:
- To allow only traffic to Internet or not. That would generate the respective 
firewall rules on the LAN/WiFi - DONE
- Choose a DHCP pool (like you have for VPN - VPN Clients IP Pool)
- Ability to choose DNS Server, like for example one server connected on the 
LAN. That would generate the firewall rules to only allow UDP 53 port to that 
IP Address

Let's hope Padavan can implement this soon.

Great work Padavan, keep going!!!

Original comment by gjbarra...@gmail.com on 11 Nov 2012 at 1:59

GoogleCodeExporter commented 9 years ago 
I dont use the router DHCP so the guest function will not work for me. You 
should add documentation that states that in order to use the guest ap and 
isolation from the lan you need to use the router's dhcp server.

It would be great to be able to turn on the router dhcp just for the guest AP's 
and assign another subnet for an added layer of security. 

Thanks so much for your firmware!!

Original comment by tlamm...@gmail.com on 22 Nov 2012 at 5:23

GoogleCodeExporter commented 9 years ago 
Agreed with the above, unless the DHCP Server service can be enabled for the 
Guest AP clients it is unworkable at the moment for those of us who use a 
separate DHCP server. I have no idea if this is possible though, given the 
Guest AP is already outside the scope of the base firmware.

Keep up the good work!

Original comment by adamtmit...@gmail.com on 5 Dec 2012 at 9:35

GoogleCodeExporter commented 9 years ago 
I use a pair of N56U's as access points in my house with a separate 
router/firewall. What would be really useful for me would be to put the guest 
clients on a VLAN. This way I can have a separate DHCP pool for the guests and 
filter the guest traffic based on VLAN ID.

Thx.

Original comment by infomedi...@gmail.com on 6 Dec 2012 at 12:53

GoogleCodeExporter commented 9 years ago 
I am using the latest 3.0.3.1-27 firmware with AP isolation turned on. Although 
clients on Guest AP cannot access LAN, they can still access all the services 
on the router itself. i.e. the file shares, printers, telnet/ssh, even the 
router admin login page! Isn't that a security hole?

Original comment by bfg1...@gmail.com on 2 Jan 2013 at 9:01

GoogleCodeExporter commented 9 years ago 
Asus firmware has full guest network isolation, but this one isn't. Sorry no 
free wifi for my neighborhoods. :-( Traffic shaping for guest network would be 
great addition also.

Original comment by azh...@gmail.com on 4 Apr 2013 at 12:02

GoogleCodeExporter commented 9 years ago 
>Sorry no free wifi for my neighborhoods.
maybe it's even better. what if they involve into child pornography and you 
will have to pay for that? better keep your internet access for yourself.

Original comment by 1000Hz.r...@gmail.com on 4 Apr 2013 at 12:05

GoogleCodeExporter commented 9 years ago 
My guest AP had a firewall with a WAN IP filter option so I used that to block 
access to the other subnets. Not perfect but a non-standard username on the 
admin console for the guest AP made it _secure enough_ for my needs.

Original comment by a...@darthandy.com on 5 Nov 2013 at 7:37

GoogleCodeExporter commented 9 years ago 
Is this still not possible? If not, I might consider going back to Asus 
firmware if that supports it. Another question that really does not belong here 
is. 

Can you do DHCP reservation based on mac-address? 

Cheers!

Original comment by e2zippo on 24 Sep 2014 at 12:37

GoogleCodeExporter commented 9 years ago 
It think this is possible now.  There is a choice to isolate between the guest 
AP and the LAN.  I don't use this router with a guest AP, so have never tried 
it.

Original comment by ctrie...@gmail.com on 24 Sep 2014 at 10:54