The Internet is full of tutorials that explain how to use some routers Multiple SSID feature to create a guest network. These tutorials often mention that if the guest SSID is set in a separate subnet, the guests will not have access to your home/corporate network.
I just experimented with Actiontec GT784WN (firmware version NCS01-1.0.8).
My main network subnet is 192.168.1.0/24.
I set up a guest SSID in its own subnet, 192.168.2.0/24.
And while indeed a guest computer could not reach any hosts on the main subnet that got their IP assignment through the routers DHCP, the static IP hosts on the main subnet were reachable from the guest subnet.
I can kind of see why the router manufacturers did this. Devices like printers use static IPs, so routing to static IPs on the home/corporate network would allow guests to use printers, what have you.
But printers and such are not the only devices that may use static IPs. Your company file server may also be configured using a static IP address, for example; and, unless properly firewalled, the file server will now be wide open to guests.
The dynamic routing on my router is turned off and there are no manual entries in the static routing table. Could somebody familiar with Multiple SSIDs chime in, if the observed behavior is industry standard or simply a mistake in the particular router implementation?
What do you think is going on?
Thank you
I just experimented with Actiontec GT784WN (firmware version NCS01-1.0.8).
My main network subnet is 192.168.1.0/24.
I set up a guest SSID in its own subnet, 192.168.2.0/24.
And while indeed a guest computer could not reach any hosts on the main subnet that got their IP assignment through the routers DHCP, the static IP hosts on the main subnet were reachable from the guest subnet.
I can kind of see why the router manufacturers did this. Devices like printers use static IPs, so routing to static IPs on the home/corporate network would allow guests to use printers, what have you.
But printers and such are not the only devices that may use static IPs. Your company file server may also be configured using a static IP address, for example; and, unless properly firewalled, the file server will now be wide open to guests.
The dynamic routing on my router is turned off and there are no manual entries in the static routing table. Could somebody familiar with Multiple SSIDs chime in, if the observed behavior is industry standard or simply a mistake in the particular router implementation?
What do you think is going on?
Thank you