Reply
Highlighted
Posts: 3
Registered: ‎11-26-2017
Accepted Solution

Guest mode not isolating wired devices

Just setup 3 nodes to an office lan & turned on guest mode. Guest wifi users can access devices on office lan - which i cannot allow.

So velop guest only isolated wifi users from each other? I see separate vlans for each wifi - how can i limit guest wifi vlan from office/wired vlan?

Thx
Moderator
Posts: 124
Registered: ‎08-08-2017

Re: Guest mode not isolating wired devices

The guest network shouldn't behave that way, chieftaing. Can you share with us more details about how file sharing on the Office Lan is configured? There might be other configurations that may have allowed a computer to have access to the files from there which shouldn't be since it is a separate network.

Jo-Ann - 21744
Linksys Technical Support
Posts: 3
Registered: ‎11-26-2017

Re: Guest mode not isolating wired devices

Office lan on 192.168.5.0/24
Internet router at 192.168.5.1
File server on 192.168.5.5
Velop on office lan.
Main wifi on 192.168.2.0/24 created by velop
Guest wifi on 192.168.3.0/24 created by velop

Velop wifi can both get to internet no problem.

Laptop on guest wifi can open files on \\192.168.5.5

That's bad
Posts: 352
Registered: ‎01-07-2012

Re: Guest mode not isolating wired devices

I *think* you’ll find it’s the main router (5.1) that is doing the routing. Are you running the Velop in bridge mode? If you you’ll need an ACL on the main router to prevent cross-subnet traffic.
Posts: 3
Registered: ‎11-26-2017

Re: Guest mode not isolating wired devices

Turns out guest mode DOES work in bridge mode.  The nice Linksys chat person said it would not.  I wish they would simply say they don't know instead of guessing.

 

In bridge mode, the main Velop wifi gives staff wifi access to file server, printers, and internet - perfect.

The guest wifi gets a different subnet - thanks Velop - and gets only internet - perfect!

 

I'm going to stick with this.  I don't really need the stuff you loose in bridge mode like parent controls or device prioritization.

 

The other config that I thought of trying (but didn't) is to put the internet router cable into one Velop port and then the office lan into the other port.  That might put the office gear on one of the subnets served by the Velop - with the staff wifi - and then the guest wifi would be isolated.  I might need to put the intenet router on its own subnet for the Velop to do its routing and isolation thing.  This is all just (educated?) guess - I did NOT try this and since guest wifi works in bridge mode - I'm all set.

 

So, overall, the setup took us about 6 hours total, figuring out best placement, switching to bridge mode, etc.  The coverage is excellent and now our entire church is bathed in wifit for both staff and properly isolated guests/members.  Great job Linksys.