I have my main network (10.x.x.x) running happily (AX88U router, AX58U Aimesh node) - my thanks to everyone on this forum who have helped me get this far.
My next thought is to add various IOT devices (security cameras, light switches, etc.) and as I have an old AC87U, I thought I could use this for the job, rather than clutter up the existing machines. I will admit that I am not sure if this is a good idea at all, or if it is how I should best configure it.
What I want to do is allow the IOT devices internet access and if necessary to be able to talk to each other, but not the the devices on the rest of the 10.x.x.x. network.
So far I have updated the AC87U with the latest (last) merlin firmware, connected it via the wan port, setup a new subnet (192.168.x.x) and ssids and then routed any traffic going through routers WAN IP (its LAN IP on the main network) though VPN5 on the AX88U - using browserleaks.com it all looks good. IPv6 is enabled on the main network, but disabled on the AC87U to prevent this type of leakage.
However when I look at Tools > Network, although I can see the WAN port connected as VLAN2 I also see Last Device Seen cycling through MAC addresses of the other devices on the main network.
What I would like to understand is
My next thought is to add various IOT devices (security cameras, light switches, etc.) and as I have an old AC87U, I thought I could use this for the job, rather than clutter up the existing machines. I will admit that I am not sure if this is a good idea at all, or if it is how I should best configure it.
What I want to do is allow the IOT devices internet access and if necessary to be able to talk to each other, but not the the devices on the rest of the 10.x.x.x. network.
So far I have updated the AC87U with the latest (last) merlin firmware, connected it via the wan port, setup a new subnet (192.168.x.x) and ssids and then routed any traffic going through routers WAN IP (its LAN IP on the main network) though VPN5 on the AX88U - using browserleaks.com it all looks good. IPv6 is enabled on the main network, but disabled on the AC87U to prevent this type of leakage.
However when I look at Tools > Network, although I can see the WAN port connected as VLAN2 I also see Last Device Seen cycling through MAC addresses of the other devices on the main network.
What I would like to understand is
- what are the security issues, this is a home network, but my wife and I also connect to our work networks?
- what can I do to improve matters / mitigate the risks?