Separate wifi network for internet enabled devices?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Nearly A Moose
Posts: 892
Joined: Fri Apr 22, 2016 5:28 pm

Separate wifi network for internet enabled devices?

Post by Nearly A Moose » Wed May 02, 2018 5:02 pm

I've seen a few threads where this comes up but haven't found one recently directly on point (open to correction here). Over the past year or two, the number of Internet-enabled devices in my house has skyrocketed, and I'm not even really doing the whole "connected home" thing. Right now, everything is sitting on my primary wireless network. I know there are security concerns with that setup, and I think I've hit the tipping point where I should give some thought to adjusting the setup to isolate the devices from my computers. That, or I'm just looking for an excuse to buy a fancy new router.

Questions:
1. Is this worth doing?
2. If so, what's a reasonable setup?

I'm looking for something practical. I've accepted I'm not able or willing to live a completely Internet-isolated life at this point. I've read a few places that I should just create a guest network and put all Internet enabled devices on that. But I'll confess I only know enough about networking to be dangerous (I learn what I need to know but don't feel like learning everything about it anymore, if that makes sense), so I don't know, for example, if an Internet-enabled device on one wifi network can talk to a device on another or to a device that's connected to my network via Ethernet.

Here is a rough listing of the types of Internet-enabled devices I can think of in my house. I'm sure there are more:
-Laptops/phones/ipads
-Network attached storage (attached to router with an Ethernet cable)
-Amazon FireTV for main TV (attached to router with an Ethernet cable)
-Amazon FireTV for a secondary TV plus another Internet-enabled auxilary TV (wifi)
-Several Amazon Echos (wifi) - these need to be able to control other devices, including the FireTVs and Thermostat
-Logitech remote control system for main TV (connects to app via wifi; controls TV, devices, and remote using IR and other magical radio waves)
-Smart Thermostat
-Nest Cameras
-Arlo Cameras
-Misc things (e.g., AeroGarden indoor garden)
Pardon typos, I'm probably using my fat thumbs on a tiny phone.

Easy Rhino
Posts: 3267
Joined: Sun Aug 05, 2007 11:13 am
Location: San Diego

Re: Separate wifi network for internet enabled devices?

Post by Easy Rhino » Wed May 02, 2018 5:42 pm

What's your current router?

Lots of routers allow a guest network to be set up. This should allow access to the internet for those things, but not to other machines on your network.

So for instance don't use it if you want to stream video from your phone to your TV.

Wired ethernet connections don't use a guest network, they would use a VLAN. I don't know how to set those up and lots of consumer routers wouldn't support it. but generally, if you're plugging it in with ethernet it should be somewhat trustworthy, right?

Things I have on my guest network (because they only talk to "the cloud"):
* ecobee thermostat
* samsung vacuum
* solar panel monitoring
* electric car charger monitoring

I don't know how Echo's actually work, but they might be all cloud based as well.

Nearly A Moose
Posts: 892
Joined: Fri Apr 22, 2016 5:28 pm

Re: Separate wifi network for internet enabled devices?

Post by Nearly A Moose » Wed May 02, 2018 7:33 pm

Easy Rhino wrote:
Wed May 02, 2018 5:42 pm
What's your current router?
ASUS RT-AC66U (also listed as ASUS AC1750). I think it does do guest network, need to check again. Doing the switch with all devices is a nuisance enough that I want to think it through fully first before making a change. also, I guess ideally you’d have theee networks, right? Main, devices, and true guest? Do any consumer routers even support that? (I also have just enough of a dead spot in the master bedroom that I’m tempted to chase a little more range with one of the newer ASUS models (the ones that look like stealth fighters...))
Pardon typos, I'm probably using my fat thumbs on a tiny phone.

Easy Rhino
Posts: 3267
Joined: Sun Aug 05, 2007 11:13 am
Location: San Diego

Re: Separate wifi network for internet enabled devices?

Post by Easy Rhino » Wed May 02, 2018 7:44 pm

ASUS firmware is generlly pretty robust. It will definitely support a guest network.

But probably not two. Maybe, but probably not. Two probably wouldn't help you much anyway. either you want a client to chit-chat with other clients in your house... or you don't.

A bigger router with more antenna (the current hotness from ASUS is the RT-86U) might get you a bit more useful range. Might. However, to fill in dead spots, you may need to add an access point or extender. (using wired or wireless connection back to the main router).

smallnetbuilder.com has way more info than you would ever want on the subject.

You could always set up the guest network and then just switch one device over to it to ensure it works. Doesn't have to be all rolled out at once.

arf30
Posts: 271
Joined: Sat Dec 28, 2013 11:55 am

Re: Separate wifi network for internet enabled devices?

Post by arf30 » Wed May 02, 2018 7:52 pm

Most routers support guest networks with AP isolation (prevents devices from seeing other local devices). Any device that doesn't need to print or talk directly to anything else on the local network can go on the guest network.

hakujin
Posts: 1
Joined: Wed May 02, 2018 7:39 pm

Re: Separate wifi network for internet enabled devices?

Post by hakujin » Wed May 02, 2018 8:07 pm

There's the easy way: all-in-one router that supports a guest network (ASUS makes solid consumer routers with good firmware update history), and the fun way: wireless access point(s) that support multiple SSIDs on separate VLANs trunked back to a managed switch and a separate router. With the "fun" approach you gain total control of everything happening on your network, will learn a ton, and will spend about three times more money.

Good starter "fun" gear:
Ubiquiti UAP-AC-Pro Access Point
Ubiquiti USG Router
Ubiquiti 8 Port Managed Switch
Ubiquiti Cloud Key

Demo of the management interface:
UniFi
[link fixed by admin LadyGeek]

Not affiliated. I run Juniper and Ruckus gear in my house, but the UniFi stuff was a gateway into the hobby.

TravelGeek
Posts: 2362
Joined: Sat Oct 25, 2014 3:23 pm

Re: Separate wifi network for internet enabled devices?

Post by TravelGeek » Wed May 02, 2018 8:40 pm

Easy Rhino wrote:
Wed May 02, 2018 5:42 pm
What's your current router?

Lots of routers allow a guest network to be set up. This should allow access to the internet for those things, but not to other machines on your
My Linksys Router with its stock firmware has a guest network, but it uses a web-based login page which isn’t very suitable for IoT stuff.

When I got a newer router recently, my Carrier thermostat was no longer able to connect to the cloud. That motivated me to keep my old router in service as my IoT network. I am slowly migrating stuff over to it.

User avatar
MP123
Posts: 769
Joined: Thu Feb 16, 2017 3:32 pm

Re: Separate wifi network for internet enabled devices?

Post by MP123 » Wed May 02, 2018 9:20 pm

IoT thingies always seem to want to talk to others of their kind or to mobile devices like smartphones. Isolating them in a guest network with just internet access would be limiting I would think.

I'd love to hear some tips on this though, they're taking over our house!

TravelGeek
Posts: 2362
Joined: Sat Oct 25, 2014 3:23 pm

Re: Separate wifi network for internet enabled devices?

Post by TravelGeek » Wed May 02, 2018 9:27 pm

MP123 wrote:
Wed May 02, 2018 9:20 pm
IoT thingies always seem to want to talk to others of their kind or to mobile devices like smartphones. Isolating them in a guest network with just internet access would be limiting I would think.
It really depends. I have a thermostat that I can reach over the cloud from my smartphone. I am sitting here three feet away from it and my phone is on a different WiFi network, but it doesn’t matter, as it is designed to be reachable when I am not at home.

The same is true for my web cameras.

My Google Home device, on the other hand, needs to be on the same network. For now I am keeping it on the main network, but I might experiment with putting it on the IoT network and use a separate older Android phone to manage it/stream to it.

My smart TV is on the main network as well, and probably has to stay there if I ever want to stream videos from my NAS via Plex.

KlangFool
Posts: 10389
Joined: Sat Oct 11, 2008 12:35 pm

Re: Separate wifi network for internet enabled devices?

Post by KlangFool » Wed May 02, 2018 9:37 pm

OP,

Your WiFi router supports both 2.4Ghz and 5 GHz. You should separate them into 2 networks by using separate SSIDs. For example, networkA and networkA-5G. This should improve the performance and isolation of your home network. If you want to go further and buy a new WiFi router, you should start more SSID: networkB and NetworkB-5G.

With multiple SSIDs, you can isolate your network and make sure that your devices are connected to the right network.

KlangFool

Post Reply