Guest network on Surf SOHO

Jarid_Petermann · September 28, 2015, 5:45am

Essentially Layer 2 Isolation will not block MAC-Addresses/anything layer 2 related.
Guest Protect allows for blocking at Layer 3.

Michael234 · September 29, 2015, 1:53am

So, to sum up, the Surf SOHO can not create a WiFi network that gives clients Internet access but isolates them from all other LAN devices. True?

Michael234 · September 30, 2015, 3:13am

Perhaps the VLAN functionality can restrict users of one SSID such that they can’t see Ethernet connected devices on the LAN?

TK_Liew · September 30, 2015, 4:26pm

Hi Michael,

Below is the suggestion.

Create new Vlan for guest. For example Vlan 2. Then disable Intervlan Routing for Vlan 2.
Assign staff SSID to Untagged Vlan (default Vlan).
Assign guest SSID to Vlan 2.

Hope this make sense.

Michael234 · December 8, 2015, 6:26am

Finally, got around to testing this. I am a bit out of my league with VLANs and the Surf SOHO manual is no help. In a nutshell, my question is: does the new VLAN get assigned its own IP subnet? That is, if my existing LAN is 192.168.50.x, then should I use 10.10.10.x for the new VLAN? And, if so, then should I assign the router a new private IP address on the 10.10.10.x subnet? And, what is the “name” of LAN? Is it just a comment for my own use?

Thanks in advance.

sitloongs · December 8, 2015, 10:20am

Hi,

Please refer to the settings below:

VLAN settings

Defining Guest VLAN & LAN

Details Guest VLAN setting

Details LAN setting

WIFI SSIDs setting

WIFI LAN SSID

WIFI Guest SSID

Thank you

Michael234 · December 9, 2015, 4:02am

Wow, thanks for taking the time to make the screenshots.
I see now that the network name is just a comment for my personal use and that the VLAN can (should? must?) use a different subnet and that the router does indeed get a different internal IP address on each VLAN/subnet.
Thank you.
Michael

Michael234 · December 10, 2015, 1:52am

I tried this and it works, so thanks again.
In the screen shot of the LAN configuration

I see that Inter-VLAN routing is enabled. Any particular reason for that, if the Guest VLAN has it off?

TK_Liew · December 10, 2015, 11:15am

Hi Michael,

Inter-VLAN routing is to allow communication between the Vlans. If this was disabled at Guest Vlan, any communicates with Guest Vlan will be blocked.

pepuserjj · December 25, 2015, 2:23am

Hey all…

I’m not seeing the option to create additional vlan’s on my surf soho rev 2 firmware 6.2.1. Is this functionality available on the surf? My guest wireless clients still have L3 access to my wired devices (confirmed with nmap).

Regards,

JJ

pepuserjj · December 25, 2015, 10:33am

Finally figured out to access the VLAN menu you have to enable “Advanced” menus via the help “?” button. Have guest isolation working now. Very cool!!!

JJ

Michael234 · December 27, 2015, 2:19am

The user interface for enabling the VLAN feature is much more confusing than it should be. Not sure why its hidden out of the box. That said, it is documented to work this way in user manual.

Edward · December 27, 2015, 1:09pm

Thank you for the great explanation, @sitloongs!

trabas · June 7, 2017, 8:56pm

Hi i need some help when i do this the other SSID cant be found by my devices. The only one available is the guest SSID. What do you think could be wrong?

Michael234 · June 8, 2017, 11:59am

Nothing about creating an isolated SSID on the Surf SOHO hides the SSID itself. There is an option in most routers to hide the SSID but most people don’t think this is a worthwhile thing to do. Perhaps you hid the networks by mistake?

Another explanation of creating a “guest” network on the Surf SOHO is here

trabas · June 8, 2017, 4:10pm

The thing is i had both ssids working and for some reason the primary one doesnt work. When i disable the guest network the primary one now comes up. i have not enabled the option to hide the SSID

Michael234 · June 8, 2017, 5:49pm

The term “doesn’t work” for an SSID is vague. Can clients logon to the network at all? If not, maybe its a password issue. Or, can they logon to the SSID but not get to the Internet? If so, it might be a firewall rule issue.

As for why disabling one SSID would impact another SSID, I have no guess at all.

If you open a problem ticket, you may be able to upload a file with all the settings of your router to Peplink to have them review it.

trabas · June 8, 2017, 8:52pm

Ok more detail. i have setup the guest network exactly as described in the post above. So the names for the different networks are the same

So i have created Guest VLAN 10 and disabled intervlan routing then i have gone to AP and created a new SSID linked to Guest VLAN 10 as described above

Once i do that the LAN SSID is no longer seen by any of my devices even though when i go to the dashboard its still listed

i have to delete the Guest SSID for the LAN SSID to be seen by my devices. Both cant be seen at the same time.

Im at my wits end

sitloongs · June 8, 2017, 9:50pm

Can you please open a support ticket here for support team to check ? This is not the expected behavior.

Michael234 · June 9, 2017, 11:27am

You are going to have be more detailed in your description of the problem for anyone to be able to help.