Securifi Community Forum
Securifi Products => Almond+ => Topic started by: tt4me on December 20, 2016, 10:22:10 am
-
Posted this in the Nutcrackers section, but it received little to no recognition. Maybe someone over here has a comment.
No idea if this should work or not, but I've been chasing my tail for a few days and thought that I would post, just in case anyone else was curious.
OK, so long story short, my network essentially is laid out like this:
Cable Modem
-> pfSense Router
-> Wired LAN
-> TP-Link AC3150 in AP mode (to be used as an internal Wifi network)
-> Almond+ in AP mode (to be used as a Guest Wifi network)
Everything worked except for the A+ in AP mode. The clients were receiving an IP from the pfSense, but they couldn't access the network or Internet. Chased my tail only to find out that it was the fact that I had to uncheck Enable Wireless Client Isolation.
Once I did that, all is working as expected/hoped.
Does anyone know if this is expected operation?
Or if it's something that will be fixed?
Software Version: AP2-R089-L009-W016-ZW016-ZB005
-
Just to make sure of your network... Is the Almond+ connected to the pfSense router vua the wired LAN or is the TP-Link in between? It is the Almond+ using Wireless WAN?
The isolation feature should prevent wireless clients from seeing each other, not prevent them from seeing wired clients.
-
Each of the TP-Link, Almond+ and a wired switch are connected to separate LAN ports on the pfSense (1 WAN + 3 LAN).
So for each it's as such:
Cable Modem -> pfSense (LAN) -> Wired LAN
Cable Modem -> pfSense (OPT1) -> TP-Link (no wired access)
Cable Modem -> pfSense (OPT2) -> Almond+ (no wired access)
I am aware that isolation will NOT prevent the clients from seeing wired clients. This is being handled by the pfSense. My issue is that the wireless clients on the A+ are able to see other wireless clients on the A+.
I want the A+ to be a true guest network in that when you connect, you can't see anything other than the A+, the pfSense, and the Internet.
FWIW, each of the LAN ports are on separate subnets. DHCP for each subnet is handled by the pfSense. LAN and OPT1 can see each other, and OPT2 can't see anything outside of OPT2 with the exception of the 2 printers on LAN. This is all working as desired.
-
Does the problem still happen with R090? I see it said R089 originally.
-
Does the problem still happen with R090? I see it said R089 originally.
I asked in the R090 thread if it was addressed, but no one responded.
I have not yet taken the time to test it myself.
-
Ah.
-
@ tt4me,
Please do update the firmware first and then enable the Wireless client association back and then reboot the Almond+ manually, let us know, if you are still facing the same issue.
-
@ tt4me,
Please do update the firmware first and then enable the Wireless client association back and then reboot the Almond+ manually, let us know, if you are still facing the same issue.
Still a no go.
-
Well... It was worth a shot I guess. Wish I had another recommendation...
-
Well... It was worth a shot I guess. Wish I had another recommendation...
Thanks.
Just glad that I got it for $95 as a backer. Still a little expensive for a Zigbee gateway, but it is what it is.
-
I guess if the networking does not meet someone's needs, using it for the ZigBee and Z-Wave is a positive view. Still not sure why it is not working for you though... But nothing really stands out to me as a "there's your problem..." Sorry.
-
@ tt4me,
Still a no go.
We have tested the same at our end, and it does seem like Wireless Client Association seems to be working fine. Could you please provide us a bit more information or an example using 2.4 GHz or 5 Ghz or Guest network, so that accordingly, we can try the same.
-
Using 2.4 and not the guest network, and nothing else.
I used this as my primary router/AP for some time, but then decided to migrate away from that, and turned on the AP setting, let my pfsense box handle IP distribution, and then tried to turn on client isolation.
AP2-R090-L009-W016-ZW016-ZB005
The following information is mostly from memory as I'm not on the network and can't directly verify.
AP Mode = On
2.4Ghz = On/PSK2/WPA2/11G/US (Client Isolation On)
2.4Ghz Guest = Off
5Ghz = Off
5Ghz Guest = Off
All other details (I believe) are in 1st and 3rd post in this thread.
-
@ tt4me,
Thank you for providing the information. Let me recheck, so any wireless client which is connected to Almond+ 2.4 GHz is able to access another client, which is connected to the same Almond+ 2.4 GHz network, is that correct?
-
When I enable Client Isolation, the clients receive an IP from the pfSense, but they can't access anything on the network or Internet.
In other words, Client Isolation appears to isolate the clients from everything.
-
@ tt4me,
When I enable Client Isolation, the clients receive an IP from the pfSense, but they can't access anything on the network or Internet.
In other words, Client Isolation appears to isolate the clients from everything.
We just tested it at our end, and got no issues. Is it possible for you to try in Router mode and also, connect Almond+ directly to pfSense and let us know the status.
-
@ tt4me,
We just tested it at our end, and got no issues. Is it possible for you to try in Router mode and also, connect Almond+ directly to pfSense and let us know the status.
As stated in the 1st and 3rd post, the Almond+ is wired directly to the pfSense: Cable Modem -> pfSense (OPT2) -> Almond+
What is the reasoning for trying in router mode? I may give that a try tonight, as I just arrived to work.
-
@ tt4me,
Sorry about that and yes, just to check the functionality, if we are facing the same issue in Router mode, because for us there is no issue.