Hmm, I was assuming the access would be limited to just devices on the same SSID. This stuff is tricky to nail down!rich126 wrote: ↑Wed Nov 04, 2020 1:38 pmI can't answer your question but I saw the same thing. The stuff I saw was kind of confusing because it was worded poorly. The problem is if you allow "intranet" access from a guest network that means (I think) the device can access anything it wants on your network. From a security perspective it isn't something I would want to allow considering how terrible security is on most smart home devices.xb7 wrote: ↑Wed Nov 04, 2020 12:34 pmOkay, so I just looked and indeed --- for each ASUS guest network there's an "Access Intranet" setting, which looks like it defaults to "disable". So I guess I could enable that for a separate IoT guest network so that devices could connect with each other, but not have any access to my primary network. Sounds good. It's a PITA to change the SSID for a variety of IoT devices, so I'll probably give this a try --- a SOME point !xb7 wrote: ↑Wed Nov 04, 2020 12:30 pm Sounds reasonable. When you look for the words "isolate" or "isolation" along with "asus guest network" in a search you turn up various things, certainly to include some discussion of what I'm talking about. For example, in this article, jump down to the bold subheading "Isolation From Each Other": https://www.computerworld.com/article/3 ... works.html
Maybe what I should do is create a separate guest network (ASUS allows up to three) just for IoT stuff, and maybe a couple of them for different IoT stuff (?), and for this/those, and look to see if ASUS offers an "Access Intranet" setting. I'll look into that sometime ...
If anyone knows for sure if this is (or is not) a good idea, I'd appreciate a heads up before I go to the hassle.
As an example of that, I am contemplating setting up another router as an access point, and read somewhere that "Access Intranet" isn't available on guest networks for an ASUS router set up as a WAP. I haven't verified this, but I guess that would mean that my Iot devices would have to connect strictly to my router and not the WAP --- but giving a more solid signal to some peripheral IoT things is a big part of why I'm contemplating adding the WAP. Such puzzles to solve.