What's new

ASUS RT-AX88U Network Segmentation (Help Needed)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

raysodyssey

New Around Here
Hello Everyone,

I have been a long-term window lurker on SNB. The forums have been quite helpful in the past. I finally signed up, and have a few questions of my own. Hoping someone could help me achieve the setup I need or just tell me if it is not possible at all.

My hardware includes:
1 RT-AX88U (AiMesh Router/Default Wireless mode)
2 ZenWifi XD5s (AiMesh Nodes)

I currently have 4 SSIDs
Main (192.168.50.0/24)
IoT (192.168.101.0/24, Broadcasted on all AiMesh nodes)
Guest (192.168.102.0/24 Broadcasted on all AiMesh nodes)
Office (192.168.3.0/24 - 2.4Ghz, 192.168.6.0/24 - 5Ghz. Using YazFI)

My goal is to add all my Apple TVs, Smart TVs, and other IoT devices to IoT network and be able to control them using the Main and Guest network. Why from the guest network you might ask? To let my guest control music on my smart devices etc.

Another thing I want to achieve is allowing Devices in my guest network to connect to my NAS server which is on the Main network (192.168.50.0/24). I host a Plex server on my NAS and would like to be able to stream movies and TV shows on my smart devices.

All of my network traffic is routed through VPN connection using VPN Director, except IoT and Office network traffic.

I am not sure if the setup I am looking for is achievable at all with the hardware I have or if anyone has any advice for me on how I should approach this situation.

Any help is greatly appreciated!
Thank you all!
 
Welcome to the forums @raysodyssey.

Just have your IoT network (also) be your Guest network too.

Do not allow Guests to connect to your NAS. If you trust a 'guest' to connect to your NAS, you may as well give them access to the main network. But don't open 'holes' in your network between the main network and the IoT devices. You'll be defeating any security you feel you've put in place.

The KISS principle is recommended when setting up your network optimally. And to test it often to ensure it is operating as you wish.

I'm sure there is equipment that could do what you wish, but the consumer routers that we have are not the place to do it. Sooner or later, an unknown 'hole' will develop in the segregations you set up and the exceptions you want to allow between them.
 
Thank you @L&LD.

My IoT network is one of the guest networks too. What I was hoping for was for my guests to be able to connect to my IoT devices AND only my IoT devices to be able to connect to just one device in my main network. something like in the diagram.

network.png



I understand this might not be possible with consumer-grade devices and as such I might just need to put everything on one network to be able to use them properly. 😞
 
You're welcome @raysodyssey.

With 73 views of this thread since yesterday, if there was a possibility of the configuration you need, it would have probably been posted by now.

However, don't give up yet! There may still be input from one or more users in the next few days.

My concern is that what is needed to make this work today isn't guaranteed to work tomorrow. Possibly losing the functionality in the future isn't the concern. Exposing your main network to online threats is.

Let's sit tight for a few days so all members capable of responding have had a chance to do so.
 
My goal is to add all my Apple TVs, Smart TVs, and other IoT devices to IoT network and be able to control them using the Main and Guest network. Why from the guest network you might ask? To let my guest control music on my smart devices etc.

You need a business class router with native VLAN support and access points with VLAN support to do this. There is no access control with built-in Guest Network in Asuswrt. It uses VLANs internally to nodes with no user settings. What you want to do is not available on home routers. You have to reorganize your network according to what's available on your router.
 
Understood. Thank you both for providing your input. I ended up scrapping my IoT and Guest networks in favor of functionality and simplicity at this point.
 
Understood. Thank you both for providing your input. I ended up scrapping my IoT and Guest networks in favor of functionality and simplicity at this point.

With stock firmware (or merlin firmware) and no scripting, you have two VLANs you can make use of (three if you count the trusted LAN). You would have to stop using Yazfi to take advantage of them though. I posted a tutorial on how to use them a while back, but if you need more than those three VLANs, you can look at the new Pro asus routers, or move up to higher end equipment (Ubiquiti, TP Link Omada, Mikrotik etc).

Your other option is to get into scripting on the Asus but unfortunately on those models it is pretty complex.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top