Deco X50 Mesh Guest network
Hi all,
Not of great importance, but I'm asking out of curiosity to see if I can get around it.
My setup is:
ISP modem/router -> Firewalla Purple (bridge mode) -> Unmanaged switch -> Deco X50 mesh (x3 in AP mode)
This all works great - full throughput, monitoring etc. - no issues at all.
I noticed there is a Guest Wifi on the Deco X50, which offers 'Device Isolation'. If I enable that, the mesh seems to do something clever with packets - by the looks of things, it drops any packets not from the gateway device (in my case the ISP modem/router).
It's not possible to see other devices on the network with that enabled.
However, I've noticed that DNS doesn't work properly for guest Wifi clients when Device Isolation is enabled. I'm thinking that this is because my Firewalla is intercepting DNS requests, and possibly replying from its IP address - which, as it is different from the gateway address, the replies are being dropped. I'm only guessing on this, but it seems to make sense.
The guest Wifi doesn't use a different subnet or VLAN.
I have Ad Block running on my Firewalla, which is likely intercepting DNS requests.
I've tried to tshark the DNS requests on my Firewalla, but I don't see them - might these packets be intercepted before tshark sees them?
As I say, it's not critical at all, but I wondered if anyone had any thoughts.
Many thanks, Dean
-
After some more research with Wireshark, I think the guest wifi device isolation is filtering at layer 2 (MAC address).
I can see that the DNS responses are being sent correctly on the network from the gateway's IP address (in my case 192.168.0.1), but they have the Firewalla's MAC address.
Hence when device isolation is enabled on the Deco, the DNS response is being filtered by the Deco and won't reach the client.
Please sign in to leave a comment.
Comments
3 comments