Hello everyone
I have an interesting question on Steve’s 3 dumb router
Here is the situation
I have a few IoT devices
As well as home automation from Amazon Google and Apple
Plus cell phones laptops pcs etc
And may wanna start home automation server (home assistance)
And i have a cable modem
a mesh router (not sure if it can do vlan)
a normal router
My questions
1- If I should like to separate IoT devices network
2- if so then how us the best way to do so
a- add a switch and connect 2 routers individually
b- use the regular router on bridge mode and connect IoT devices to that WiFi network including the Apple TV?
c- use the mesh router in bridge mode but connect IoT devices to the regular router?
d- daisy chain 2 routers
e- do nothing and just use the mesh router
Please note that i do need more ethernet ports that what is available on mesh router
IoT devices frequently tend to be cheaply made (although rarely cheaply acquired) and fairly infrequently does the manufacturer update them to keep them secure. It would be an unfortunate disaster if someone’s funky IoT device allowed the complete compromise of their whole network, or the installation of crypto-malware, or similar.
The safest approach would therefore be to completely isolate your IoT stuff from everything else. This is the safest if you believe they might become compromised and a vector into your network. This also the least friendly way to use IoT devices, because now you need to send any packet from one of them or to one of them into some weird route, say out the cloud and back in. If you’re considering something like Home Assistant, then it seems likely you want to de-cloud your life, not add additional dependencies on it.
So the compromise, is to install all your IoT stuff into something like a VLAN or a physically isolated LAN, and then put a firewall (or two) between the IoT LAN and the home LAN. Sounds easy, and doing the physical wiring is fairly easy, but the firewall configuration is a chore. You need to research your IoT devices and figure out which ports to allow through for which device, etc. If you’re lucky, and everything can be controlled by your Home Assistant, then maybe you can just punch a hole for it in your firewall, and that would be your easiest approach.
Remember that most IoT devices are wireless, and so, if you want proper isolation, you need separate Access Points for each network. This means many “locate my device” type features fail, because they rely on “broadcast messages” which won’t cross a firewall or Access Point.
As ever, it’s the compromise between security and convenience. If you pursue this project, I wish you good luck. It will be a struggle but you’ll probably learn a lot.
Just to recap
For the start easy step for me,
Would that make sense to just put my second touter in bridge mode and connect it wired to my mesh router
Just to have a separate ssid for my iot devices?
Or that adds nothing
And as I mentioned i just need the second router for the lan ports it adds to my network vs the mesh touter i have
My mesh touter is netgear nighthawk mr60 with 1 main + 1 satellite
My second router is netgear nighthawk r6400
The simplest way would be to use the Guest Wi-Fi just for IoT devices, but that depends on whether you regularly have guests who need Wi-Fi as well.
The next step up would be to segregate them on their own router. You could also then route specific traffic from your network into the IoT, but not back.
If you have only local IoT devices (non-cloud ones) that use Matter or HomeKit, for example, you will have to put a Matter bridge device in the IoT network as well, such as an Apple Home Pod Mini in the network.
The “high end” solution would be to use switches, access points and a router with VLAN capabilities, then you can dynamically split the ports on the switch (for cabled devices) and use multiple SSIDs, but a bit of networking knowledge is required for that type of solution.