Anyone have issues with ring camera’s? I had my ring cameras working fine with a separate vlan using AltaPass but they quit working. They are still pulling a DHCP address but looks like they keep connecting and disconnecting. When I move them to the default vlan they work fine. I tested my IOT vlan with other devices and they work fine.
I also had trouble with IOT devices using AltaPass, so I ended up creating a separate SSID for them.
1 Like
Were you attempting to connect to them from within the IOT network type or from outside?
It’s possible they simply won’t work within an IOT network due to the restrictions of the firewall rules at the AP level.
I tried removing all firewall rules and just left a wide open rule and they still didn’t work.
I just tested one of the cameras in my IoT vlan with a different SSID and it worked flawlessly.
There might be a misunderstanding here. The network type you select may have firewall rules enabled at the AP.
Standard Network
- Security level: Low
- Filters: None Unoptimized type for small networks only. Since most networks fall into this category, and since it does not cause any discovery compatibility issues, this is the default type.
Large Network
- Security level: Low
- Filters: All broadcast/multicast traffic, except for MDNS, ARP, and ND Optimized for medium- to large-sized networks with hundreds to thousands of wireless devices. Discovery compatibility issues may arise if discovery protocols other than MDNS, IPv4 ARP, and IPv6 ND are utilized.
Internet-Only
- Security level: Very High
- Filters: Includes large network type filters, but also filters all LAN traffic
- Optimized for all networks where Internet access is the only communication necessary.
IoT (Internet of Things)
- Security level: High
- Filters: Includes Internet-only network type filters, but allows communication with some LAN devices
- Optimized for all networks where IOT devices are not necessarily trusted with full access to the network. Blocks all LAN connections by default, but if another device on the LAN attempts first to connect to this device, communication between the two devices will be allowed.
Guest
- Security level: High
- Filters: Includes Internet-only network type filters, but allows communication with IOT devices.
- Optimized for all networks where Internet access is the primary method of communication, with access to a printer or a streaming/casting device also allowed.
With the IoT network type, devices outside the IoT network can reach devices inside the IoT network but devices inside the IoT network can’t reach devices outside the IoT network (unless it’s an established connection from outside the network).
Typically, when setting up a device, there’s a wide variety of ways that communication can happen and it’s possible that the IoT device will try to reach back to the device that is setting it up, but that may be blocked.
You may also be conflating the IoT Network type with your IoT VLAN. It’s not the VLAN, in this case, that’s the issue, but rather the network type.
What network type was the SSID that you had success with?
Apologies, I have them all set to standard. The one designated for “IoT” is tagged with a VLAN which is routed with pfsense. Initially, it functioned well for a few days but then stopped working. I still have other devices connected to this and they are still working its just the ring camera’s that quit.
When I looked at the web interface it was hopping back and forth between my two access points but would never stay connected.
I resolved the issue by establishing a separate SSID instead of utilizing the Altapass, and it now operates seamlessly with the tagged VLAN.
I’ve just had this same issue with a Ring doorbell (but not cameras it seems) and had to create a new hidden SSID just for it with a single password (no AltaPass).
Happy to assist with some debugging / testing if this is something Alta want to look at.
1 Like
Could you share a screenshot of both the working configuration as well as the non-working configuration, please? (Of course, blur/mask passwords as needed)
1 Like
Yup, here are two screenshots - one shows the SSID with AltaPass in use and the other an SSID with just a single password.
AltaPass:
Single Password:
The other settings are identical between the two.
Happy to give you access to the site if you want a look further, I still have some Ring devices on the “with AltaPass” SSID to try to see how often they have a problem before moving them to the single password SSID.
Thanks
Yes, please shoot over an invite. It’s odd because technically every SSID is AltaPass, it’s just a question of 1 or >1 password. I’ll DM you my email address.
You said this is only affecting the cameras? The doorbell(s) are fine?
Invite sent and emailed you the site name too.
I initially thought this was just with doorbells but also having it with cameras now as well.
I made a tweak to the SSID without “IOT” in it. However, after making that change and monitoring the Ring devices, I noted that all 6 of your APs are on channel 11.
I then did a scan from the “AP - Core” and you have some very closeby poorly configured 2.4GHz SSIDs that start with “DH417”. They’re on channel 11 and using 40MHz channel widths. Any idea what these are?
With how bad the 2.4GHz environment is, it would be pretty beneficial to try and eliminate anything 2.4GHz you have control over and channel plan around the rest.
1 Like
I’ve done a “Auto Channel Replanning” a few times in the past week - not sure why they’ve all ended up on channel 11 though, any ideas? These were full Auto Channel Replanning too.
DH417 - yup these are some inverters, I’m working with the manufacture to get the ability to turn off it broadcasting it’s own SSID, but no timescale on that sadly.
Would Auto Channel Replanning not sort the channels out, but set them all to 11 for some reason?
Thanks for the help, appreciated.
Auto channel replanning is going to try to coordinate amongst all APs in range and choose the least congested channel. However, it’s no 
and can’t defy physics, of course. It choosing channel 11 with those nearby SSIDs is definitely an odd case. Channel 6 for that AP appears to be the better choice but that’s still 2 nearby SSIDs at -73 and -78.
With 6 APs and the RF environment being what it is, this is likely going to be one of those corner cases where manual channel planning will be required. There are only 3 channels (20MHz wide) usable in 2.4GHz assuming everything around you is properly configured; 1, 6, and 11. A single SSID at 40MHz wide in that mix leaves you with an absolute maximum of one usable channel but that can even be shot if that 40MHz network is on, for example, channel 3.
This is likely why we’re seeing IoT brands starting to implement 5GHz into their gear because 2.4GHz is simply not usable in some cases in 2025. I’ve seen some really gnarly scans in densely populated areas like New York City.
Thanks Matt.
I believe the channel situation is separate to that of Ring devices not staying connected when AltaPass is in use, but putting them on an SSID with a single password has them stable. Any thoughts on that?