Guest and IoT Network Configuration

[NismoZ]

For Asus routers, what is the strategy for fancing off Guest and IoT devices?

Does we throw both of those types of devices onto the same Guest network?

When you create a guest network, do you have to assign it a specific band in 2, 5 or 6 GHz and then those devices can only use that band? Reason I ask is because often times IoT devices are only 2.4Ghz and sometimes guest come over and may benefit from the 5Ghz band capacity and less interference.

I watched a video on Asus guest network creation, and it seems like you can create a guest SSID in each band.

 

[bennor]

It may help if you include your router model and firmware version to add context. Are you asking about Guest Network Pro found in the 3.0.0.6.x firmware? Or are you asking about basic Guest Network WiFi?

Generally when setting up a Guest Network you select the WiFi band to use.

Which WiFi band a IoT device (or Guest WiFi device) connects to will depend on the capabilities of that device. More than a few IoT devices are 2.4Ghz only. They won't physically be able to connect to the 5Ghz or 6Ghz band.

One of the reasons to setup a Guest Network is to segment clients and prevent clients on that Guest Network from accessing the main LAN (i.e. accessing the intranet).

 

[Crimliar]

I've been playing around today, trying to see if an IOT setup is any more successful than it was last time I tried. Some of the smarts I have certainly work better when segmented off than they used to, but here at least it's still 50/50, which if I want everything to be smooth isn't really good enough. There are more options that I could try, but I'm leaning towards the possibility of a totally separate network.
*Did I really need that Internet connected kettle????
**I really like the idea, but so far the implementation just isn't there

 

[bennor]

It ultimately depends on the IoT devices. Some just don't play nice on a segmented Guest Network. For some other IoT devices, people want LAN clients to have local network access to the IoT client(s) on the Guest Network. Some IoT devices are 2.4Ghz limited. Others are not. Fortunately most of my IoT devices play nice on the Guest Network. Only two that didn't (because I run Pi-Holes on the local network) were Amazon Echo type devices. Its what lead me to using YazFi. If one isn't using AiMesh and is running Asus-Merlin, YazFi is worth a look for the flexibility and configurability it opens up for Guest Network's and their clients.

Gave up on stock 3.0.0.6.102 firmware's Guest Network Pro due to lack of configurability it offers along with some other quirks it has. Good amount of Guest Network Pro discussion in other posts/threads here.

 

[RandomUser777]

I keep all my home, personal, and IoT devices on the same network so that they can communicate to each other as needed. The "guest network" is just for guests.

To isolate any device from accessing the internet and dialing home, you have a couple VERY EASY options to add to your firewall-start script:

To block a range (cidr) from a specific WAN interface (in this case, eth0):

iptables -I OUTPUT -s 192.168.50.64/26 -o eth0 -j DROP
iptables -I FORWARD -s 192.168.50.64/26 -o eth0 -j DROP

To block a device from a specific WAN interface (in this case, eth0):

iptables -I OUTPUT -s 192.168.50.128 -o eth0 -j DROP
iptables -I FORWARD -s 192.168.50.128 -o eth0 -j DROP

To block a device from any outgoing comms:

iptables -I OUTPUT -s 192.168.50.128 -j DROP
iptables -I FORWARD -s 192.168.50.128 -j DROP

These are just a couple examples. Replace the interface or IPs with yours.