#1  
Old February 12th, 2011, 04:10 AM
gravityz gravityz is offline
Junior Member
NETGEAR User
 
Join Date: Mar 2010
Posts: 101
gravityz is on a distinguished road
Default wireless isolation

after upgrading the firmware i found a new option
wireless isolation.

what does that setting do?
Reply With Quote
  #2  
Old February 12th, 2011, 04:18 AM
gravityz gravityz is offline
Junior Member
NETGEAR User
 
Join Date: Mar 2010
Posts: 101
gravityz is on a distinguished road
Default Re: wireless isolation

sorry what i meant was

this option is available in both guest network and regular wifi network.
there allready was an option to give users access to the local network.
is this option perhaps a bit redundant, at least for the guest network.?

Last edited by Mars Mug; December 3rd, 2013 at 10:06 PM.
Reply With Quote
  #3  
Old February 12th, 2011, 04:31 AM
searay's Avatar
searay searay is offline
Senior Member
NETGEAR Prophet
 
Join Date: Apr 2008
Location: Naperville, IL
Posts: 3,328
searay is on a distinguished road
Default Re: wireless isolation

It blocks wireless connections from connectining to you wired PC's. Does "help" not give an explantion for this?


Enable Wireless Isolation If checked, the wireless client under this SSID can only access internet and it can‘t access other wireless clients even under the same SSID, Ethernet clients or this device. Other clients can‘t access the wireless client, either.
Reply With Quote
  #4  
Old February 12th, 2011, 04:32 AM
NatRay's Avatar
NatRay NatRay is offline
Senior Member
Advanced NETGEAR Expert
 
Join Date: Sep 2010
Location: New Orleans, LA, USA
Posts: 893
NatRay is on a distinguished road
Arrow Re: wireless isolation

Wireless Isolation is a fairly rare feature on home based routers. When switched on, it stops two computers on the wireless network from seeing each other, but still allows you to see computers on the wired network . . .

g00gle for more information . . .
__________________
Best regards,
Nat Ray
_______________________
Cox Communications > SB6120 DOCSIS 3.0 > WNDR3700v1 (4), WNDR3400v2 (2), WPN824v2 (2), R7000, RT-N66R *AP(s) via Wired Backbone* > Ooma Telo / D-Link DGS-1024D > NeoTV-550 (3) . . .** Qosmio-X505 **
DD-WRT v24-SP2 (12/14/11) std. Build 18007
Optimize your network: Disable IPv6 . . . Post responsibly . . .
‘Quality trumps Quantity’
Reply With Quote
  #5  
Old April 3rd, 2011, 07:25 AM
FullBandwidth FullBandwidth is offline
Junior Member
NETGEAR Newbie
 
Join Date: Apr 2011
Posts: 5
FullBandwidth is on a distinguished road
Default Re: wireless isolation

So ray vs. ray ... which is it? Searay says it isolates wireless from wired, NatRay says it isolates wireless from wireless.

I just downloaded the V1.0.7.98NA firmware (pretty much could get nothing on "guest networking" working before that). I setup separate b/g/n and a/n wireless networks, added a Guest network on b/g/n with both "wireless isolation" ON and "Allow guest access to My Local Network" OFF.

My basic network topology is cable modem -> wired router (DHCP provider 192.168.0.xxx) -> multiple wired nodes and wireless routers. The WNDR3700 has a static IP of 192.168.0.71 on the wired (WAN) side, and serves up wireless addresses in 10.10.0.x.

However, when I connect to the Guest network wirelessly (IP address 10.10.0.3 provided by the 3700), I can still ping every device on the wired side of the LAN (e.g. 192.168.0.xyz), in addition to getting to the Internet. This is the OPPOSITE of what I want - I assumed "guest network" + isolation = the guest network can only see the Internet, not be routed to every other node on the LAN.

Incidentally if I plug in a computer into one of the wired ports on the WNDR3700 the behavior is the same - 10.10.0.x address, but can ping anything on 192.168.0.xyz and Internet.

I suppose they figure you only have one wireless router on the network (WNDR3700) and it connects directly to the Internet (i.e. cable modem). By virtue of the wireless router being on the 192.168.0.xxx network, I guess it can't tell the difference between a LAN and Internet address, since the cable modem's providing the NAT.

Any ideas of how I could get a truly isolated guest network in this configuration? I have other reasons for keeping the rest of my network configured as it is; I just wanted to add a guest network using this feature of the WNDR3700.

Thanks
Reply With Quote
  #6  
Old October 14th, 2011, 02:01 PM
hemp hemp is offline
Junior Member
 
Join Date: Oct 2011
Posts: 1
hemp is on a distinguished road
Lightbulb Re: wireless isolation

You are able to ping the wired devices on the network, that's true. However, you will notice if you try that you can't do anything else.

The guest isolation this router uses amounts to blocking all ports to pretty much everything except the LANs DNS and DHCP services. All other ports, on all other machines, are blocked by the router.

So it doesn't give you obfuscation (hiding what's there), but it does give you a pretty decent firewall.
Reply With Quote
  #7  
Old October 14th, 2011, 03:48 PM
Simon0 Simon0 is offline
Senior Member
NETGEAR Expert
 
Join Date: Apr 2010
Posts: 891
Simon0 is on a distinguished road
Default Re: wireless isolation

Wireless isolation was commonly used for securing guest networks from accessing one's internal network/client/servers from a SINGLE shared router... but different manufacturer will implement it slightly different from one another. It is not often used as this single point of failure can allow an intruder to access your main router and/or other connected "trusted" routers' devices.

Noways, it is better to have a good router/intrusion detection/captive portal system, and stick one or more cheap/recycled router on a separate channel for your "guests/subscribers/etc". VLANs can be used to further enhance security in such a setup.
Reply With Quote
  #8  
Old October 14th, 2011, 04:51 PM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: wireless isolation

That is why like guest gate , guestgate,com which has layer 3 switch , wifi with good amount setup you can as addo-on unit to any existing network
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 06:20 PM.