TL;DR - The G3100 and E3200 use a VLAN to isolate Guest traffic from the primary network. Knowing the VLAN ID allows one to add wired devices to the Guest VLAN. Also, if a Guest device limit is encountered (reported by someone wishing to add a large number of IoT devices), it should be possible to "address" knowing the VLAN ID.
This posting was prompted by an earlier problem I had with a G3100/E3200 pair connected via Ethernet through a switch, and the Guest network. Using the port mirroring feature on my managed switch (Netgear GS716) and Wireshark on my iMac I found Guest packets were tagged with VLAN ID 10.
I configured VLAN 10 in my switch and included the G3100 and E3200 ports as tagged members with PVID = 10. By ensuring all traffic passed between the G3100/E3200 (I think the connection between them is referred to as a "trunk"), wireless devices associating with the E3200 Guest SSID worked properly (else they associated with the AP, but couldn't receive packets). Before making that configuration change, my Guest devices only worked when associated with the G3100, or when the intermediate switch was bypassed (G3100 and E3200 directly connected via ethernet cable).
I configured another port on my switch to be a member of VLAN 10, which allowed me to attach a hardwired device to the guest network.
The G3100 DNS server allocated IP addresses 192.168.200.2-12 (just over the limit of 10 mentioned in another thread -- perhaps no longer a limitation). The Guest netmask is 255.255.255.0 and I confirmed the G3100 properly routed the entire subnet by spot-testing with manually-assigned IP guest device addresses.
As expected and desired, Guest devices were not able to access the primary network (whether wireless or wired), supporting other discussions that the Guest SSID was suitable for IoT devices. (Unfortunately, the new IoT SSID recently added is not isolated -- hopefully an oversight that will be corrected in an upcoming firmware update).
There have been reports that the guest network will only allow 10 devices, but I observed 11 IP addresses dynamically assigned in my testing. I confirmed that all subnet addresses are routed, so presumably manual IP address assignment could work around any constraint imposed by the G3100 DHCP server responding to the 192.168.200.x subnet. Also, knowing the VLAN ID makes it easy to include wired devices as members, and it should be straightforward to repurpose an old router to be a second Guest subnet DHCP server, allocating dynamic IP addresses beyond the max configured in the G3100 DHCP server (if that limitation is still present in latest firmware).
Performance testing (device to/from Internet server) showed no difference between guest and primary networks when the devices were wired (>900 Mb/s). My wireless connections to primary network achieved 500-600 Mb/s, and wireless connections to guest network achieved ~100 Mb/s. I assume this is because the guest network is limited to 2.4GHz (less throughput, better penetration through structures), and I was close enough to use 5GHz radios when testing the primary network. Same speeds observed whether wireless connections were to G3100 or E3200.
I hope someone will recreate my results and confirm or correct my findings. If so, then we might start thinking of the G3100 (with or without E3200) as supporting a high-speed, parallel, isolated network of up to ~250 devices, whether wired or wireless. A separate, managed switch is required unless/until the G3100 UI is updated to expose advanced VLAN/ethernet port configuration options that allow the spare Ethernet ports on the router/extender to be used instead.
Solved! Go to Solution.