# How to turn off router network discovery feature?



## slim142 (Jan 25, 2016)

Simple question.

At home I'm running an ASUS RT-AC3200. It allows me to broadcast up to 3 SSIDs.

What I need to do is block on the SSIDs from been able to discover other computers on the network.

I've seen this feature in Ubiquiti routers where you can do this so you can have guests connect to it and not see any other computer or device on the network (especially in cases where you might have a domain controller or server with sensitive data).

I can't seem to find this function on my RC-AC3200, maybe not looking at it with the right name?

I know I can turn off network discovery, but I need this done at the router level for one specific SSID.


----------



## flmatter (Jan 25, 2016)

http://www.asus.com/US/support/FAQ/1000912
easiest way so I do not have to type it out  There is a drop down box above it that says frequency, there is where you choose the band you want


----------



## slim142 (Jan 25, 2016)

flmatter said:


> http://www.asus.com/US/support/FAQ/1000912
> easiest way so I do not have to type it out  There is a drop down box above it that says frequency, there is where you choose the band you want



I dont want to hide the SSID

I want that SSID to NOT be able to discover other computers.

Let me give you an example. I have SSID "A" and "B"

I want to use my laptop, connect it to "A" and be able to see the domain controller, my desktop computer etc. However, people who connect on "B" should not be able to see my domain controller or ANY other computer or device in neither "A" or "B".

Did I explain myself properly?


----------



## jsfitz54 (Jan 25, 2016)

See page 19 of manual:

Authentication says "open system" or try the drop down for "hidden" and hit apply, Per the band you want to hide from the tabs at the top.

Then see page 22.

22 *3.1.2 Managing your network clients 


*

*To manage your network clients:
*
1. From the navigation panel, go to *General *> *Network Ma*p tab.

2. On the *Network Map *screen, select the *Clients *icon to display your network client’s information.

3. To block a client’s access to your network, select the client and click the open lock icon.


----------



## flmatter (Jan 25, 2016)

slim142 said:


> However, people who connect on "B" should not be able to see my domain controller or ANY other computer or device in neither "A" or "B".


  Then I would read the manual and set up a guest network to isolate people from seeing what you don't want them to


----------



## Ithanul (Jan 25, 2016)

slim142 said:


> I dont want to hide the SSID
> 
> I want that SSID to NOT be able to discover other computers.
> 
> ...



Sounds like you want to do VLAN and subnet.  That way each segment is on its own scope.

Found this, could have the answer you looking for.
http://www.computerworld.com/articl...-to-share-a-look-at-guest-wi-fi-networks.html


----------



## Aquinus (Jan 25, 2016)

slim142 said:


> I know I can turn off network discovery, but I need this done at the router level for one specific SSID.


You can't do that short of making a VLAN with segregated network access because network discovery is up to the machines on the network you're connected to, not the router.


----------



## taz420nj (Jan 25, 2016)

Aquinus said:


> You can't do that short of making a VLAN with segregated network access because network discovery is up to the machines on the network you're connected to, not the router.


Yes he can, that router allows up to 9 additional guest networks (3 per band) on top of the 3 main SSIDs.  The 3 main SSIDs should be locked down, do not use them for guests.  From the main navigation menu go to General -> Guest Networks.  Delete all of your guests at this time and start over.  For the first one, click Enable, then enter an SSID, choose the auth type and access time, then for "Access Intranet" click DISABLE.  This segments the guest SSID onto its own VLAN that only has internet access.  Repeat the process for any other SSIDs you want to create.

Just keep in mind though, even when on a guest SSID, the router will pass your domain info on to the clients during DHCP, so in the Connection Details under "Connection Specific DNS Suffix" - and when you mouseover the wifi icon in the tray - it will still list your domain, but the computers will not be able to access anything on the LAN.

On the domain:







On the guest network:  (edit: realized I didnt black something out lol)






Mine is done with pfSense and separate subnets instead of VLANs but since your router probably has the domain settings, it will handle it in the same way.


----------



## Aquinus (Jan 25, 2016)

taz420nj said:


> Yes he can, that router allows up to 9 additional guest networks (3 per band) on top of the 3 main SSIDs.  The 3 main SSIDs should be locked down, do not use them for guests.  From the main navigation menu go to General -> Guest Networks.  Delete all of your guests at this time and start over.  For the first one, click Enable, then enter an SSID, choose the auth type and access time, then for "Access Intranet" click DISABLE.  This segments the guest SSID onto its own VLAN that only has internet access.  Repeat the process for any other SSIDs you want to create.


Yeah, because it makes a VLAN for the guest network for you by restricting it as you described. I said it can't be done without making a VLAN, regardless if the router is doing it for you or not. A vlan is a vlan is a vlan.

My point is that you can't do it without some mechanism that is going to divvy your network up with VLANs regardless if the router is doing it for you or if you're doing it yourself. 1 network = no go, guest isolation = vlan. So you're not refuting what I'm saying, you're just expanding upon it. I think you misunderstood what I was saying.


----------



## taz420nj (Jan 25, 2016)

Aquinus said:


> Yeah, because it makes a VLAN for the guest network for you by restricting it as you described. I said it can't be done without making a VLAN, regardless if the router is doing it for you or not. A vlan is a vlan is a vlan.
> 
> My point is that you can't do it without some mechanism that is going to divvy your network up with VLANs regardless if the router is doing it for you or if you're doing it yourself. 1 network = no go, guest isolation = vlan. So you're not refuting what I'm saying, you're just expanding upon it. I think you misunderstood what I was saying.



Yeah I realized that after I re-read it.  "Guest Networks" are just an idiot-proof wizard for setting up a VLAN.


----------



## jboydgolfer (Jan 25, 2016)

my netgears always offer that option in black n white, "broadcast ssid"  or "dont"  look around the web user interface, im sure a nice router like that has the feature in its vanilla form.

or you could try renaming your newtworks to "not wireless internet"


----------



## taz420nj (Jan 25, 2016)

jboydgolfer said:


> my netgears always offer that option in black n white, "broadcast ssid"  or "dont"  look around the web user interface, im sure a nice router like that has the feature in its vanilla form.
> 
> or you could try renaming your newtworks to "not wireless internet"



SMH.  Read the thread please, his question has nothing to do with hiding the SSID.


----------



## jboydgolfer (Jan 25, 2016)

taz420nj said:


> Read the thread please,



FYI. I read the OP, and the title. from what i read it seemed like he was trying to turn off the SSID broadcast of a channel on His/Her router. If i am wrong, , well then im wrong, but i read before i post, thanks.

**edit** also, what does "SMH" mean?

This is what i thought was being asked. so it is what i commented on.


----------



## taz420nj (Jan 25, 2016)

jboydgolfer said:


> FYI. I read the OP, and the title. from what i read it seemed like he was trying to turn off the SSID broadcast of a channel on His/Her router. If i am wrong, , well then im wrong, but i read before i post, thanks.



Soooo ok, you read the thread title and the OP, but no further??




slim142 said:


> What I need to do is block on the SSIDs *from been able to discover other computers on the network.*
> 
> I've seen this feature in Ubiquiti routers where you can do this *so you can have guests connect to it and not see any other computer or device on the network *(especially in cases where you might have a domain controller or server with sensitive data).



Maybe I read at a higher level, but there's nothing in the OP that implies he wants to hide the SSID.  It's pretty clear that he wants to do a guest SSID.

Notice I told you to "Read the *thread*"...  Had you done so, you'd have seen @flmatter already suggested how to hide the SSID, to which the OP responded:



slim142 said:


> *I dont want to hide the SSID*
> 
> *I want that SSID to NOT be able to discover other computers.*
> 
> ...



So yeah.  In the future, read the *thread*.  And FYI, SMH means "shaking my head".  It's like a facepalm, but faster to type.


----------



## jboydgolfer (Jan 25, 2016)

wow, I cant say weather You read at higher level than me, Clearly Your an EXTREMELY intelligent human, and I am REALLY sorry that i took Any of your time with my idiotic mistaken input. In the future i will be certain to make no similar mistakes in your presence, again i apologize for my error, and please accept my DEEPEST condolences for any difficulty this may have caused You.


----------



## Aquinus (Jan 25, 2016)

jboydgolfer said:


> wow, I cant say weather You read at higher level than me, Clearly Your an EXTREMELY intelligent human, and I am REALLY sorry that i took Any of your time with my idiotic mistaken input. In the future i will be certain to make no similar mistakes in your presence, again i apologize for my error, and please accept my DEEPEST condolences for any difficulty this may have caused You.


It doesn't take a rocket scientist to figure out what he was saying.


slim142 said:


> What I need to do is block on the SSIDs from been able to discover *other computers on the network*.


It's spelled out pretty well. Now I don't agree with talking down to people but I do agree that you should have read the thread.


----------



## jboydgolfer (Jan 25, 2016)

as ive stated, and i appreciate your input @Aquinus  i Thought i understood the question, i read the OP, and the title, and simply made a basic mistake...Im certainly not perfect, and it shows, but If we all had a dollar for each time we were wrong, we'd ALL be millionaires, i have a great post/thanks ratio because i tend to read into a thread,this time however i assumed I knew what was being asked , and this time i was wrong. I was getting my 3 kids ready for school @ the time, and was busy...mistakes happen, the reason isnt important, I just take exception to a person insinuating i am of lower intelligence, or lack theyre ability to read when said mistakes happen, but a person like that will find out on theyre own from others in time. im done with this matter, and i apologise to the OP for hijacking your thread with all of these responses to a rude comment, and for my mistaken input as well. 

I hope you get the issue resolved if you haven't already,


----------



## chr0nos (Jan 25, 2016)




----------



## taz420nj (Jan 25, 2016)

chr0nos said:


> View attachment 71403


Trying to create a guest network by using AP isolation on the main network will cause nothing but problems because it's all-or-nothing.. And IME some data does still leak through.  Better to just set up a Guest VLAN (which enables isolation on that SSID anyway) and be done with it.


----------



## chr0nos (Jan 25, 2016)

taz420nj said:


> Trying to create a guest network by using AP isolation on the main network will cause nothing but problems because it's all-or-nothing.. And IME some data does still leak through.  Better to just set up a Guest VLAN (which enables isolation on that SSID anyway) and be done with it.



I just pointed what he was looking for


----------



## remixedcat (Jan 27, 2016)

AP isolation on the guest ssid or use vlans and block the vlans with firewalls. Don't make it more complicated than it should be


----------



## Mussels (Jan 27, 2016)

wireless isolation is what he's looking for guys. makes it so anyone on that network only has internet access, no local access.


----------



## slim142 (Jan 27, 2016)

chr0nos said:


> View attachment 71403



A million thanks!

Not going to lie, was about to use the guest SSID feature, but this is exactly what I was looking for.

Thanks again!


----------



## taz420nj (Jan 27, 2016)

Mussels said:


> wireless isolation is what he's looking for guys. makes it so anyone on that network only has internet access, no local access.





slim142 said:


> A million thanks!
> 
> Not going to lie, was about to use the guest SSID feature, *but this is exactly what I was looking for.*
> 
> Thanks again!



No it's not, unless you don't want ANY wireless clients - even your own - to be able to see the LAN or each other.  The Guest SSID is "exactly what you're looking for".


----------



## chr0nos (Jan 28, 2016)

taz420nj said:


> No it's not, unless you don't want ANY wireless clients - even your own - to be able to see the LAN or each other.  The Guest SSID is "exactly what you're looking for".



Let him test each setting and experiment dont try to enforce your opinion on someone, it will make you mad about something trivial.


----------



## Kursah (Jan 28, 2016)

slim142 said:


> I've seen this feature in Ubiquiti routers where you can do this so you can have guests connect to it and not see any other computer or device on the network (especially in cases where you might have a domain controller or server with sensitive data).



From the OP. +1 to what @taz420nj  said...guest SSID not isolation mode. If the OP wants all WiFi isolated...that's what Asus isolation mode can provide. I have tested this on my AC66U. If he wants a guest wireless network that cannot access the LAN then the OP wants to enable a guest network. Pretty simple.


----------



## Mussels (Jan 28, 2016)

modern routers have multiple SSID's and each one has isolation options, guest or not. between my two routers i can have 10 SSID's, with 4 of them being guests and put isolation on any of them.


----------



## Kursah (Jan 28, 2016)

Mussels said:


> modern routers have multiple SSID's and each one has isolation options, guest or not. between my two routers i can have 10 SSID's, with 4 of them being guests and put isolation on any of them.



You might wanna add "some" or even "many" to the beginning of that sentence... 

Don't want folks thinking they can go out and buy any modern router and have all the independent adjustment options for isolation on guest and internal SSIDs do we? I've seen and still see plenty of home-grade routers that don't allow for isolation options on internal wireless networks which is no big deal for most. Better yet though, I see plenty that don't allow more than simply enabling a guest network and adding a password to it, with 0 isolation options so hosts can see each other on a guest network...lame!

Thankfully many use a separate subnet for the guest network to keep it separate from LAN, but it's a free-for-all for all hosts that join the guest network lol. It's quite sad when folks pay so much for crap without knowing any better and then I gotta tell em' to take it back or buy something worth a damn because they ignorantly spent their money on the shiniest wanna-be bug-router.


----------

