Multiple SSID

T

TObject

n00b
Joined
Feb 10, 2012
Messages
7
The Internet is full of tutorials that explain how to use some router’s Multiple SSID feature to create a guest network. These tutorials often mention that if the guest SSID is set in a separate subnet, the guests will not have access to your home/corporate network.

I just experimented with Actiontec GT784WN (firmware version NCS01-1.0.8).

My main network subnet is 192.168.1.0/24.
I set up a guest SSID in its own subnet, 192.168.2.0/24.

And while indeed a guest computer could not reach any hosts on the main subnet that got their IP assignment through the router’s DHCP, the static IP hosts on the main subnet were reachable from the guest subnet.

I can kind of see why the router manufacturers did this. Devices like printers use static IPs, so routing to static IPs on the home/corporate network would allow guests to use printers, what have you.

But printers and such are not the only devices that may use static IPs. Your company file server may also be configured using a static IP address, for example; and, unless properly firewalled, the file server will now be wide open to guests.

The dynamic routing on my router is turned off and there are no manual entries in the static routing table. Could somebody familiar with Multiple SSIDs chime in, if the observed behavior is industry standard or simply a mistake in the particular router implementation?

What do you think is going on?

Thank you
 
I imagine there should be an option somewhere to unbridge guest network from normal network? though I know nothing about that router or firmware
 
Its going to vary router to router and quite frankly most routers do not support multiple SSIDs in that fashion. I actually find it very odd it will work with static IPs across the network as there is no easy way for the router to tell what are static IPs.

Usually multi-SSID routers I have used just bridge the guest SSID to the WAN connection directly.
 
I am sorry; there is no network protection for the DHCP addresses ether. I made a mistake in my yesterday test – it was antivirus software on the host computers that was dropping packets from the guest network subnet, not the router.

I think what we learned here is the following.

If you router does not have a proper Guest network feature, but provides multiple SSID functionality, the multiple SSIDs may not necessarily provide you with adequate security. Just because your guest network is in its own subnet it does not, on its own, mean that your guests cannot access your home/corporate network.

Thank you
 
You must log in or register to reply here.
Back
Top