Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)NF18ACV modem and WiFi client isolation
agent86

80 posts

Master Geek
+1 received by user: 8


#265725 7-Feb-2020 11:34
Send private message

Hi,

 

I've set up a guest network, but it seems like the option to isolate clients doesn't work.
I'm on firmware version NF18ACV.NC.Vocus-R6B040.EN.
When connected via WiFi I can still see all other connected devices.

 

Anyone else encountered this issue?
I tried disabling then enabling the option and resetting the router, but neither fixed it.

 

Thanks!

 

 

Create new topic
OldGeek
993 posts

Ultimate Geek
+1 received by user: 410

ID Verified
Lifetime subscriber

  #2414142 7-Feb-2020 12:06
Send private message

Can you explain what you mean by 'isolate clients'?  What problem is this the solution to?




-- 

OldGeek.

 

 



agent86

80 posts

Master Geek
+1 received by user: 8


  #2414207 7-Feb-2020 13:16
Send private message

The Netcomm manual says:
Clients Isolation Select to prevent clients on the wireless network being able to access each other.

 

There's more about it on this site:
https://www.howtogeek.com/179089/lock-down-your-wi-fi-network-with-your-routers-wireless-isolation-option/

 

I want to restrict access for my IoT devices and guest devices, so they only have access to the internet and not the other devices on the network.

 

But now that I read it again, maybe the devices on the guest WiFi network can't see each other but they can see other connected devices such as the ones connected via ethernet?
Is that what this option enables, not total isolation from the rest of the LAN? Can anyone confirm please?

 

 

 

Thanks.

OldGeek
993 posts

Ultimate Geek
+1 received by user: 410

ID Verified
Lifetime subscriber

  #2414236 7-Feb-2020 14:18
Send private message

I looked at this some weeks ago and came to the conclusion that 'Client isolation' meant that every device had internet access only - ie no access to other devices on the LAN (wired or wireless).  So this would only work on a LAN if you have no communal devices such as printer/scanner etc.  The use of a 'guest' network allows a second (or more) SSID to be defined and used with devices for which internet access only is enforced.

 

A guest network exactly fitted my needs.  The purposes of this are to ensure that guests can connect but not see any of my devices.

 

As you can configure multiple guest networks, it would seem to me that you could define a 'guest' network (the SSID is configurable) for the exclusive use of your IoT devices (or any device where network use is internet-only and isolated from devices connected to your main SSID(s).  You can turn on 'isolate clients' for each 'guest' network while leaving it off for your main network(s), ensuring that your IoT devices cannot see any other devices on your guest network.

 

Having said all this, this is expertise gained purely from reading the NF18ACV manual augmented with related Google searches.  I do not have any real-world expertise.




-- 

OldGeek.

 

 



sbiddle
30853 posts

Uber Geek
+1 received by user: 9998

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2414291 7-Feb-2020 15:55
Send private message

It's been a while since I've tested that on a Netcomm but on all routers based on that chipset reference design the client isolation only works on the WiFi, it disabling L2 and L3 connectivity between devices connected to that SSID. It does not stop discovery of LAN devices on that same subnet (but did at one point when the feature was broken on a particular Netcomm software release).

 

 

agent86

80 posts

Master Geek
+1 received by user: 8


  #2414355 7-Feb-2020 18:27
Send private message

Thanks for your replies.
sbiddle:

It's been a while since I've tested that on a Netcomm but on all routers based on that chipset reference design the client isolation only works on the WiFi, it disabling L2 and L3 connectivity between devices connected to that SSID. It does not stop discovery of LAN devices on that same subnet (but did at one point when the feature was broken on a particular Netcomm software release).


 


Now that I'm home from work and able to test the behaviour, it does seem to the case. The feature ironically reminds me of the cone of silence in the tv show Get Smart where the Chief and Max can't communicate to each other but everyone else outside the contraption can.
I guess I'll have to look at getting some managed switches to set up VLANs.

sbiddle
30853 posts

Uber Geek
+1 received by user: 9998

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2414370 7-Feb-2020 19:30
Send private message

Isolation between wired and wireless clients is always going to be a challenge because you're having to bridge two different L2 networks so would need to use something such as a split horizon which is well beyond the capabilities of a router such as this.

 

 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright