cancel
Showing results for 
Search instead for 
Did you mean: 

Guest Network Not Allowing Internet Traffic Without Intranet Access - Fixed by Merlin

RouterOnFire
Level 8
I have a GT-AX6000 that I just purchased last week, and I have three 2.4 Ghz and one 5 Ghz guest networks setup, all four of them were restricting intranet via the setting "Access Intranet" = disable in the guest network GUI. This is the basic purpose of the guest network concept, to allow devices internet access without having access to your devices on your LAN. I did make sure I was running the latest firmware.

The 2.4 Ghz guest networks are not allowing the connected devices to access the internet, however, unless I set "Access Intranet" = enable. Which defeats the entire purpose of the guest network. Interestingly, the 5 Ghz guest network operated as expected.

In the end, I installed the latest version of Merlin, and now the guest networks all work as expected. This is troubling though, why would such a basic bug exist on the stock firmware when a group of programmers has made an open source project that has fixed those bugs. Why doesn't Asus just copy their work into AsusWRT? Does anyone know of a fix other than Merlin? I noticed in another post about AsusWRT bugs that someone said they just installed Merlin and never looked back since it fixed "95% of my issues". It seems like I'm going to be doing that also.


Just in case you only read this far to find out why I have four guest networks. Basically, it's all just to protect my LAN by isolating untrusted devices which are going to be connected to my LAN for internet connectivity.
One of the 2.4 Ghz SSIDs serves guests, and I have this moderately bandwidth limited so they don't take too much.
The second 2.4 Ghz SSID serves IOT type devices that I don't care to have poking around in my LAN, and which don't need much bandwidth so I have it severely limited.
The third 2.4 Ghz SSID serves devices like TVs which don't need LAN access since they can WiFi Direct for screen shares, with no bandwidth limiting.
The 5 Ghz SSID serves our work PCs, and I don't care to let our employers have a device on the LAN side of my firewall either. No bandwidth limiting, obviously.
1,758 Views
6 REPLIES 6

jzchen
Level 14
That makes sense in your work environment. I guess I'm lucky as this is our home, and the only reason I tried to set up a guest network was to see how the AXE16000 responds to one, to share on here. Exactly what you experience, I could connect to the guest network but no internet connectivity. Since I didn't really need it I didn't try to diagnose it further I'm afraid....

btrach144
Level 7
Well snap, that’s it! I’ve got a AXE16000

I had guests over this weekend and was trying to figure out why internet wouldn’t work.

ASUS really is buggy. And slow to patch.

My issue with Merlin is how do I know it’s not some Russian asset building the firmware? (No offense to the creator). Or how do I know that their firmware hasn’t been meddled with?*

I agree with your concerns. Lots of people will say that it's open source so if there was malicious code, it would be found. But I don't think any of those people ever went looking through the thousands of lines of code in an open source project, auditing for malicious code (which they probably wouldn't recognize if they even saw it).

In the end, Asus is a foreign (Taiwanese) company, and is possibly just as likely as the Merlin people to put malicious code into routers that are used around the world.

At least Trend Micro is a third party company whose software is provided for protection:

https://www.asus.com/support/FAQ/1012070
https://www.asus.com/support/FAQ/1008719

I think Trend Micro is another issue though, when I read through their privacy policy it made clear that they will collect your data including sites visited, metadata about what clients you have on your own LAN, application behaviors, your network architecture/topology, information from 'suspicious emails' and 'suspicious' attachments. All of that is required for the services from Trend Micro, sure. But the privacy policy doesn't say they won't save it, and it does say they will use it in support of their own interests, aka they may use/sell it commercially.

In a privacy policy it sounds good when it has some language like 'we will protect your data and only use or handle it securely'. But whatever the policy says, when they add a vague sentence somewhere about how they will use the data and it says something like 'we may also use it for our own business purposes', that's them saying 'but forget everything else, we're gonna do whatever we want to do'. 😄

https://www.trendmicro.com/en_gb/about/legal/privacy-policy-product.html

Saltgrass
Level 13
Well, my AXE16000 seems to work as you would expect. When I am connected to the Guest network, no devices on my local network are shown in File Explorer-Network devices.

I will say, when an AiMesh configuration is involved, it might get complicated. There is a setting for allowing the Guest network to one or more Mesh Nodes, so perhaps that setting would help.

Edit: This was before the firmware I just got. After the Update, the Guest Network still appears to work. But when the update was finished, I got a message I had entered an incorrect password 5 times and could not log back in until after a time break. I had not tried to enter a password during this period.
Maximus Z790 Hero,
Intel i9-13900k
Intel BE200