I have a TP-Link Deco X55 Pro Mesh home Wifi, and it offers an isloated Guest Wifi network. There is a single DHCP pool for both the main and guest networks, so the DNS servers set in DHCP have to be reachable from both the main and guest networks. If I simply connect the Pi to my main network, and set DHCP to use its IP as primary and 1.1.1.1 as secondary, then I have to go and disable all the secure DNS settings in Chrome and Firefox and Android or they all ignore my local Pi DNS and use 1.1.1.1. The guest network is wifi only, so I configured the Pi’s wpa_supplicant to connect to the guest wifi SSID. The wlan is connected, but it’s only reachable from devices on the main network (which it should not be), and not by other devices on the guest network (which it should be). All devices on the main network can reach the wired lan interface just fine, as the should.
I’m a bit confused about the state of wlan configuration though:
baron@pi-1:~ $ sudo wpa_cli status verbose
Selected interface 'p2p-dev-wlan0'
wpa_state=DISCONNECTED
p2p_device_address=da:3a:dd:c3:02:e0
address=da:3a:dd:c3:02:e0
uuid=ec1c452b-43b7-5991-b133-24ebb761a051
baron@pi-1:~ $ ifconfig wlan0
wlan0: flags=4163 mtu 1500
inet 192.168.68.76 netmask 255.255.252.0 broadcast 192.168.71.255
inet6 fe80::27a:d770:dd35:568f prefixlen 64 scopeid 0x20
ether d8:3a:dd:c3:02:e0 txqueuelen 1000 (Ethernet)
RX packets 138327 bytes 10181404 (9.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1782 bytes 310865 (303.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
So even though my /etc/wpa_supplicant/wpa_supplicant.conf only has the SSID and PSK for the guest network, I can’t actually confirm it via wpa_cli.
So the iwconfig command is what ultimately showed me the connected state of the wlan0 interface, confirming that it was connecting to the correct SSID.
I did some a bunch of NC/map tests between the Pi and devices on both the main and guest networks, and have determined that the Deco X55 Pro is decidedly too consumer-grade (despite the Pro branding) to work for me. The guest network is using device isolation, so guest network devices can’t see each other.
So I’m looking for alternative routers with multi-Gig lan and wan connections that will let me and will run the Deco nodes in AP mode.