Any benefit to using a separate router for IOT network segmentation/isolation vs. using a guest wifi on my main router?

[Waylo]

For the purpose of network isolation for my IOT devices, my current practice is to have a guest wifi on my Asus router set specifically for this. These devices have access to the internet but no access to each other or other elements of the LAN.

The same router also puts out wifi networks for:
1. my LAN @ 2.4hz with full interconnectivity
2. my LAN @ 5ghz with full interconnectivity
3. A separate guest wifi for actual house guests with the same network isolation as the IOT
4. Another IOT network where the devices can communicate within that VLAN. Some media devices, for instance, need to see each other.

As my home's IOT devices have increased, I have wondered if there is any benefit to using a separate router just to serve the isolated IOT devices.

Would there be any difference in speeds, etc? Would there be the potential for more network congestion?

 

[L&LD]

No.

Depending on ISP speeds (both up and down), network usage, and client devices used (other than IoT).

 

[HTBruceM]

I agree with L&LD. IMO, the separate router does provide more robust isolation between the IoT devices and your main network. You would have completely separated networks, as opposed to the Guest Network where your isolation comes from some firewall rules.

But is the overall benefit of a separate IoT router (i.e. 3 dumb router design) worth the extra cost & effort? Doubtful.

I have Asus routers. Not only do they implement the typical isolation features, they also use separate subnets for each Guest network. Nice! (This might be a Merlin FW feature, I can't remember).

 

[Waylo]

Appreciate the commentary. I happen to have another of my same RT-AC68U sitting around unused, running john's LTS build, so was considering this as a "why not?."

But if the router is perfectly capable of transmitting these multiple VLANs to dozens of IOT devices without performance issues, won't be necessary.

 

[HTBruceM]

Appreciate the commentary. I happen to have another of my same RT-AC68U sitting around unused, running john's LTS build, so was considering this as a "why not?."

But if the router is perfectly capable of transmitting these multiple VLANs to dozens of IOT devices without performance issues, won't be necessary.

Well technically the guest network provides similar functionality to a VLAN but it's not really equivalent to true a 802.11Q standard VLAN. And remember that the guest network is WiFi only - so you can't connect an ethernet device to it without using a bridge.

99% of the IoT devices use very little bandwidth, with the exception of display devices that can do Chromecast. Even the speakers are fairly low bandwidth utilization. While IoT devices may be "phoning home" to their company servers quite often, they are likely transferring very little data in the process - more like a simple "is there anything I need to do" message.

Either way, every device in your house is contending for your internet access, no matter whether you separate them internally on VLANs, their own routers, or on your guest network. Whether they aggregate traffic at your WAN or at some point downstream in your network, it's still going to occur regardless.

 

[tgl]

I came across this thread while considering a similar question: whether to set up my guest network as a second SSID on my main wireless AP (currently a Zyxel NWA210AX) or to repurpose my previous-generation wireless gear (currently some Netgear Orbi AX units) as dedicated hardware for the guest net. ISTM the discussion above didn't address two important points:

1. The Orbis would presumably pick different channels from the Zyxel (or if they didn't I'd whack them till they do) so it seems like the aggregate wireless bandwidth available would be about double what it is for the single-AP solution. My ISP connection is gigabit fiber, so there's at least some room for passing more data than a single AX channel can handle.

2. It's not clear to me what the overhead is for an AP to broadcast the availability of additional SSID names, when those names aren't in active use. Can't be zero.

I'm not sure how to trade all this off --- and if I'm honest, performance of the guest net isn't a huge concern; most of the time it won't be in use, and the overhead implied by point #2 would be a bigger deal. I'd like to arrive at the conclusion that the Orbi gear is surplus and I should resell it, but I can't quite convince myself that that's not leaving something on the table.

These two solutions have different security implications as to how the guest net is isolated from the main house net, but I understand those details. What I'm not very clear on is the RF details.

 

[CaptainSTX]

There was a calculator that was posted in 2018. Creator shown on file is Andrew von Nagy.

It was an Excel spreadsheet which I can't attache to a post on this forum. PM and I will see if I can send it to you.