Deco M9 Plus Guest network is allowing local network
I have 3 x Deco M9 Plus. I would like to enable the guest network for visitors but I found that the users are able to access my local network. Does anyone know how to disable this? I would like to allow internet access only. Thanks!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
You can connect the IOT devices to the guest network, and then get their IP address.
In the meantime, please connect your computer to the main network and try to ping the IP of the IOT device.
Please show us the ping result,
Good day.
- Copy Link
- Report Inappropriate Content
@Kevin_Z Ok, sorry, my mistake which was was caused by the fact that the same IP has been assigned to units on the isolated networks. Hence the confusion. I.e 192.168.0.108 was assigned to a IOT unit on the guest_network and the same 192.168.0.108 to a PC on the main network. Great ping results and a confused user behind the keyboard 🤓
- Copy Link
- Report Inappropriate Content
@Kevin_Z Maybe it would be a good idea not to provide and assign IP from the same range? If this is the cause of all threads about deco not isolating guest_network, you will be haunted by future postings and loose potential business.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
That's exactly the problem. This issue hasn't been fixed for months now. :(
I am currently using an Asus accesspoint to provide a real separate guest network.
I feel sad that TP-Link is taking so long to address security issues like this.
I can't recommend any Deco unit to anyone this way.
- Copy Link
- Report Inappropriate Content
It has been said several times, guest network works properly only when deco in router mode.
@wtf if your M5 are in AP mode, and you connect through them, it is to be expected that guest network is not isolated...
FYI, working in AP mode AND having guest network isolated at the same time is technically a bit tricky to say the least, as by default, you are not supposed to route anything in that mode.
To be completely honest, I even doubt that this can be achieved without requiring some rules on the front/isp router, or having the guest network connect privately to a Tp-link managed external gateway...
A bad implementation would be to simply disable access to private ip addresses classes.
- Copy Link
- Report Inappropriate Content
Different IP ranges would not fit the requirement of isolation. This would most probably make it more difficult to reach internal network as users would have to fiddle with network mask, but would not achieve proper isolation.
- Copy Link
- Report Inappropriate Content
My deco in router mode, and still, I get access to the local device in my network.
what i do wrong?
- Copy Link
- Report Inappropriate Content
Are all your devices behind the Deco?
Can you please give some details on your network topology?
- Copy Link
- Report Inappropriate Content
"Are all your devices behind the Deco?" - I think no, only Wireless devices.
"Can you please give some details on your network topology?" -
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 10089
Replies: 28
Voters 0
No one has voted for it yet.