ARCHER AX55 - Guest and IoT Wi-Fi Networks are not Isolated
Hello,
I have a main router that provides my local network 192.168.3.x and to which Starlink is also connected.
The ARCHER AX55 is also connected to this network in router mode.
I chose router mode because I want to set up an Easy Mesh network with the AX55.
The AX55 now provides a Wi-Fi network 192.168.7.x.
I have now set up a guest Wi-Fi network and an IoT Wi-Fi network on the AX55.
When I connect to these two networks with my mobile phone, I can still access my NAS devices, which are on the local network.
This shouldn't be possible.
Conversely, my NVR, which is connected to the local network, no longer sees my Wi-Fi cameras, even when I enter the correct IP address of the camera.
My questions are:
How can I isolate the guest and IoT Wi-Fi networks?
Is it possible to move the guest and IoT Wi-Fi networks to a different subsegment, e.g., 192.168.8.x and 192.168.9.x?
How can I then access my Wi-Fi cameras if they are connected to the IoT Wi-Fi network?
Thanks.
Ok, if the network layout is as in the picture below, then the behavior you see is as expected. The AX55 cannot somehow "instruct" the main router how to handle (e.g. isolate) certain traffic.
One method of blocking known clients connected to the AX55 from accessing certain resources on its WAN side (i.e. in your case the main router's network) would be via the AX55's Parental Controls, like shown in the screenshot below. Of course this would only help for client devices whose MAC address you already know. And this might only block certain protocols, but not all.
By the way, what you mentioned earlier about the NVR on the main router not being able to access the cameras on the AX55 is also as expected. You would either need to setup some advanced port forwarding stuff or resort to "Access Point Mode" on the AX55.