I've recently setup a Vigor 2763ac and am just trying to understand the default VLAN configuration, which I've included a screensnip of below:
Default VLAN Config

The SSID's on the 2.4GHz and 5GHz bands are set to VLAN1 and VLAN2 respectively, everything else is on VLAN0. Now I assume this is because 'Isolate Member' is enabled on both 2.4GHz and 5GHz guest networks. But the subnet's for all three VLAN's are set to LAN1 so are all using the default IP range of 192.168.1.0/24. 
Its probably my lack of understanding, but I would have expected them to use different subnets, so am just trying to understand how this is working. Is it three totally different isolated VLAN networks but they can each use the same subnet rage because they don't communicate with each other, but its not actually the same subnet?

Many thanks.
 

As far as I'm aware the Default VLAN config would show all ports and all SSID's to be in VLAN0 and subnet LAN1, so it seems as if what you show there is not the Default config

Also, as far as I'm aware, ticking "Isolate Member" on an SSID just stops people on that SSID from communicating with each other, I didn't think that it put them on a different subnet - if you had lots of guests you'd soon run out of subnets!

The 'default' VLAN configuration is to NOT be enabled in the first place. So I'm with piste basher on this - you've already made changes. And also the 'isolate member' - this has nothing to do with VLANs - it's just disallowing traffic from different SSID's to talk to each other.

Sorry, maybe I shouldn't have used the word 'default'.
All that I've done is run through the Wireless Wizard, leaving all the settings at default, just setting the SSID names and security keys, and this is how the wizard has configured the VLAN's.
Its tells you during the wizard on the 'Guest AP Configuration' step that "The configured guest AP will not be able to access the LAN network, VPN connections, or communicate with wireless devices connecting to the router's other APs. This AP interface shall be used for Internet access only."
If I then go the wireless network setting I can see that its ticked 'Isolate Member' and 'Isolate VPN', which is why I was speculating this VALN setup from the wizard was how it had achieved he isolation. So I'm just trying to understand this VLAN configuration that it has given me.

Thanks.

I've just dug out an old 2926 and tried setting it up as you have with the wireless wizard (not something I've ever done before as I prefer to know what all my settings are). It does indeed create the guest network SSID's on VLAN1 and VLAN2 as you have found, but with them still on subnet LAN1.

I then connected my iPhone to the "guest" network and was able to access the router login page on 192.168.1.1 with admin credentials.........

So much for the "Guest" network not having access to anything !!!

I suggest that you forget the Wizard and set up your VLANS, SSIDs and subnets manually, so you know what's what.

Hi, as odd as it may seem:

You’ll always be able to get to the router login page, at any of the subnet gateway/router IP addresses under different VLAN subnets, as the router is the central point for them all.

But If you try to access another node from one subnet to another, that you won’t be able to get through to.

The only way to block access to the router’s login page is to configure the ‘LAN Access’ tab in the ‘Management’ section.

If you had 8 subnets, say 192.168.10.0, 192.168.20.0 etc up to 192.168.80.0 and the router is always .1 of each subnet, then a node with the IP address 192.168.40.170 will always be able to access 192.168.80.1 (the router/gateway for a different subnet) or 192.168.30.1, or 192.168.50.1, and so on.

But you won’t be able to access any other node on those different subnets unless you have inter-LAN routing enabled, and no firewall rules blocking the inter-LAN routing.