Guest network on TL-WPA8630P Wi-Fi extender does not isolate its clients

Guest network on TL-WPA8630P Wi-Fi extender does not isolate its clients
Guest network on TL-WPA8630P Wi-Fi extender does not isolate its clients
2019-08-30 12:30:05
Model: TL-WPA8630P-KIT
Hardware Version: V2
Firmware Version: 2.0.3 Build 20171018 Rel.36564

Our home network consists of a TP-Link Archer C7 Wi-Fi router ("router") and a TL-WPA8630P Powerline Wi-Fi extender ("extender").

 

We use the guest network feature on the router to protect our main Wi-Fi network. This works very well. Clients connected to the router's guest network can access the internet, but cannot see other devices connected to the router.

 

Yesterday I added the extender to the network. I configured it using the WPS ("WiFi clone") method. Both main networks (2.4 GHz and 5 GHz) were replicated on the extender, but not the guest network. So I switched on the extenders guest network manually.

 

I noticed however that clients connected to the extender's guest network are not isolated from our main network. For example I can ssh into a Raspberry PI connected to the router from an Android phone connected to the guest network of the extender. It seems that the router has no way to distinguish clients connected to the extenders main networks from those connected to the extenders guest network. This of course defeats the purpose of a guest network.

 

The security settings for the extender's guest network are as follows:

 

Allow guests to see each other - unchecked

Do not allow guests to manage my network - checked

Automatic disable after - unchecked

(There are no other options.)

 

How can I extend the guest network so that guests connected to the extender are isolated from clients connected to the router?

 

 

1
1
#1
Options
3 Replies
Re:Guest network on TL-WPA8630P Wi-Fi extender does not isolate its clients
2019-09-02 08:45:00

@AndreasR 

 

Thanks for your requesting.

 

We are confirming whether the guest network and host network of the TL-WPA8630P kit can be isolated from each other or not with our engineers now.

 

Any updates, we will let you know immediately.

 

Best regards. 

 

0
0
#2
Options
Re:Guest network on TL-WPA8630P Wi-Fi extender does not isolate its clients
2019-12-27 08:34:52

Hello guys,

 

I am in the same position.

 

I plugged the powerline in one of my wifi router's ports and this way I have very good wifi in another room through the extender.

 

However I use a guest network on my router for my IoT smart home devices and when I created the same guest network on the extender with the same settings as said above every device connected to the extender's guest network sees all devices connected to the router's and to the extender's wifi and wired non-guest networks. It's like the AP isolation on the extender doesn't work or it works but the guest network is bridged to all other interfaces on the extender which puts all devices in the same network and so they see each other which is not good when using a guest network. I tested network visibility with multiple port scanner apps for Android and Windows and when connected to my router's guest network I see only the router and myself as it should be. On the extender's guest network I see 15 other devices, I can scan their ports, etc. which is bad :(

 

For now I disabled the guest network on the extender and use a guest network only on my main router but my IoT devices have weak signal in the other room.

I will appreciate if you guys check this and fix it.

 

Thanks!

 

0
0
#3
Options
Re:Guest network on TL-WPA8630P Wi-Fi extender does not isolate its clients
2020-01-02 00:08:43

@AndreasR 

I have also just discovered the same problem with my WPA-8730.

The Help in the Guest Network section states:

"The Guest Network allows you to have a separate wireless network name (SSID) and password that guests can use to access the internet".

You might assume that, in common with guest networks on most routers, this would not give access to the local network.

So it is rather alarming to discover that all the devices on my local network are also visible to my guests.

Is this really the expected behaviour? If so, there doesn't seem much point in having a guest network setting.

Actually it is worse than that, because it is giving you a false sense of security when giving passwords to guests.

 

1
1
#4
Options