Deco Guest Network / VLAN / home wired lan issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Deco Guest Network / VLAN / home wired lan issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Deco Guest Network / VLAN / home wired lan issue
Deco Guest Network / VLAN / home wired lan issue
2021-01-02 08:34:37
Model: Deco M4  
Hardware Version: V2
Firmware Version: 1.4.3

Hi everyone and Happy New Year!

 

Just installed a pair of M4 in my apartment replacing older tp-link wifi router (Archer C3150). It is still active as I have ipsec tunnel that I cannot migrate to M4 as it does not support it.

 

I was doing experiments with guest network and I am a bit challenged how to setup everything as I want.

 

Let's start: I have a home wired lan (default VLAN 1, ip 192.168.0.0/24) with NAS, printer, some other wired devices and few desktops

 

Now I've added those two M4 (in router mode, ethernet backhaul, back-to-back, no switch in between) with new wireless ip 192.168.68.0/24. Main M4 is connected to the LAN side of C3150 so it will obtain address from 192.168.0.x as it's WAN address.

 

So I have also two DHCP servers - C3150 on lan side and now main M4 on wifi side.

 

If I enable guest network I understand that those two M4 will create a separate VLAN 591 only between them and pass traffic from guest wifi to VLAN 591 and from main wifi to (untagged) VLAN 1, effectively isolating main from guest wifi.

 

But, I did a packet sniff from desktop PC (connected to C3150 therefore on the internet side of M4) and outside of main M4 I do not see those tagged packets so I presume they are only passed between M4 devices on the backhaul eth link. Please note that those two M4 are directly connected back-to-back, no switch in between...

 

Issue here is that guest clients can access my wired lan devices, which I do not want... And I presume it is a normal behavior as M4 consider those ip addresses to be on it's wan side...

 

I came to following conclusions / solutions and I would like your opinion on them:

 

1. wait for new firmware to be released so M4 can work in AP mode and have guest lan isolation so I can assign different ip subnet to main and guest wifi

 

2. put C3150 inside the M4 network, disable it's dhcp and manually setup clients which need to pass thru ipsec tunnel to have C3150 as default gateway

 

3. suggest tp-link devs to enable separate dhcp server on M4 for guest wifi clients and have a separate outside nat address for them so we can do ip filtering on the router (C3150 or whatever) outside and prevent access to wired lan segment or alternatively leave tagged M4 wan packets from guest wifi clients

 

4. what's your suggestion?

 

Thanks!

 

MiskoR

 

 

  0      
  0      
#1
Options
1 Reply
Re:Deco Guest Network / VLAN / home wired lan issue
2021-01-04 06:07:59

@MiskoR 

Good day,

Thank you very much for your detailed information.

The current firmware 1.4.3 is already supported guest network on the access point mode which would separate the host network and guest network.

So the first solution would be acceptable and you could put the M4 into the access point to have a look;

Thanks a lot and wait for your reply.

  0  
  0  
#2
Options