3 RT-AC68U's: AP Mode or AiMesh?

[darkgiants]

For me, having all wifi routers running the same FW is the key value of using Merlin FW on both the main and AP units. Then I only need to watch for FW updates from one source (Merlin). Similarity of GUI among all the routers is another reason, although routers running in AP mode only have a small subset of the features of routers running in "main" mode. However for the features that are running that are available, everything is going to look the same on the main and AP devices if both are running Merlin FW. And having Merlin on the APs is needed for setting up isolated guest/IOT networks.

Keep in mind that in AP mode, there is no factory means to isolate Guest/IOT networks on APs from the primary networks. If this is a big deal for you, there is a simple and a more complex way to create isolation. The easiest approach is to have separate IP address ranges for guest/IOT devices and known safe devices and then use firewall commands to prevent guest/IOT devices from talking to the known safe devices. I do this by limiting the DHCP address range to a subset of the full range of addresses and use manual DHCP address assignment for all my safe devices. The other approach is to create a Guest/IOT VLAN. This is actually pretty easy too, but it does take a bit of effort. If you want help, I can point you in the right direction.

Thanks for sharing this information and apologies for the late reply! I want to set up a VLAN/guest network primarily for my IOT and POE devices. Would you mind sharing the right resources for doing so on the RT-AC68U? I assume it also means the primary router and all APs should be running Merlin to enable this, correct?