What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Setting up IoT networks using 3006 firmware?

XIII

XIII

Very Senior Member
If I understand the new 3006 IoT networks correctly:
  • when using the same VLAN as the main network, devices on the main network (PCs, phones, tablets) can see IoT devices (and vice versa)
  • when using a different VLAN than the main network, devices on the main network cannot see IoT devices (and vice versa)
Is there also an easy way to let devices on the main network see IoT devices, but let IoT devices not see devices on the main network?

Or even a layered setup:
  1. Main network (PCs, phones, tablets); can see devices in layers 1, 2, and 3
  2. IoT "orchestrators" (HomeKit hub, Homey, etc.); can see devices in layers 2 and 3
  3. IoT sensors/actuators (smart bulbs, smart plugs, temperature sensors, etc.; can see devices in layer 3 (or even not devices in layer 3)
How to do this using the 3006 firmware?
 
XIII said:
How to do this using the 3006 firmware?
Click to expand...

Good question... I setup a custom 2.4 IoT VLAN (3 Wyze cams, 2 on MoCA2.5 wired node) and stopped to wait for the next VLAN release.

My non-default custom 2.4 IoT VLAN settings:
WPA2/WPA3-Personal
Access Intranet disabled
DHCP Server enabled (192.168.53.*)
VID 53
AP Isolated enabled
on all nodes

I eventually want to include some node LAN ports but not sure if the VLAN will work across my MoCA uplink(?)

Ping from Windows desktop on LAN to a cam IP address times out, no response.

Wyze app on mobile on main WLAN can access cams on IoT VLAN, but I believe this is by way of the Internet/Wyze cloud.

OE
 
XIII said:
Is there also an easy way to let devices on the main network see IoT devices, but let IoT devices not see devices on the main network?
Click to expand...
There are several past discussions on trying to emulate YazFi's one way to guest under the 3006 firmware (likely requiring the use of IPTables entries) with mixed success:
https://www.snbforums.com/threads/yazfi-lite-with-router-in-ap-mode.75121/page-3#post-948055
www.snbforums.com

Allowing main network to access guest networks

Hi everyone, Running on the 3006 firmware version, I have 3 guest networks that are isolated from everything. I'd like to have the main network (192.168.0.0/24 on br0) be able to reach one-way to those 3 guest subnets. I currently achieve this with a firewall-start script that runs the...
www.snbforums.com www.snbforums.com
www.snbforums.com

YazFi - Allowing cast traffic from guest network to IoT (media) network

Hi, new to AsusWRT-Merlin and YazFi! (Not to mention iptables.) I'm trying to allow my "true" guest network (wl0.1, wl1.1) one-way access to my "media" guest network (wl0.2, wl1.2). The intent being to allow house guests to be able to cast music/video to my speakers/TV. Per Google's help page...
www.snbforums.com www.snbforums.com
Edit to add: Another discussion referencing a firewall-start script file.
Edit to add2:
Probably something like the following in a firewall-start script file with the GN/VLAN IP subnet examples 52, 53, 54:
Code: 
#!/bin/sh
iptables -I FORWARD -i br0 -s 192.168.0.0/24 -d 192.168.52.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -s 192.168.0.0/24 -d 192.168.53.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -s 192.168.0.0/24 -d 192.168.54.0/24 -j ACCEPT
Not running the Asus-Merlin 3006 alpha on my RT-AX86U Pro so cannot test. Waiting for the Asus-Merlin beta firmware.
 
Last edited:
bennor said:
Probably something like the following in a firewall-start script file with the GN/VLAN IP subnet examples 52, 53, 54
Click to expand...
Thanks.

Might experiment with that some day, but I first want to see whether the current setup (IoT on same VLAN as main network) is finally stable.
 
Have also asked on several posts as well.

GT-AC2900 is having issues and want to replace, maybe with an AX-88u Pro, if I can get the same “1-way to guest” working, ideally without much script-tinkering.

Otherwise, I may have to jump ship to UniFi or Synology.
 
You must log in or register to reply here.

Similar threads

J
Guest Network Pro on RT-AX88U Pro IoT VLAN Setup with TP-Link TL-SG1008 Unmanaged Switch
Replies
8
Views
603
jerry6
jerry6
M
RT-BE88U - How to remove or prevent creation of IOT VLAN (3006 firmware)
Replies
1
Views
326
RMerlin
RMerlin
R
Q on ASUSWRT 5.0, AX86U Pro Guest Network Pro IOT Network
Replies
3
Views
699
bbunge
bbunge
W
RT-BE88U - Guest and IoT not working with USB 3.0
2
Replies
20
Views
1K
snevs
S
R
Your rules have reached the maximum - Looking for Alternative ways to do MAC filtering on Wifi.
Replies
3
Views
403
SeriousFamily
SeriousFamily
Similar threads
Thread starter Title Forum Replies Date
R WAN DNS setting ignored due to pppd - 386.13 on Asus AC68u Asuswrt-Merlin 14
Smokindog WPA2 compatibility issue with WPA2/WPA3 Setting Asuswrt-Merlin 6
Xruptor Confused on Adapative QoS Bandwidth Setting, option for Automatic Setting? Asuswrt-Merlin 6
G Setting up new ASUS RT-BE86U. Found worrying items in System Log. Can you reassure me? Asuswrt-Merlin 9
junior120872 Solved Setting channel on 6ghz doesn't seem to stick. Asuswrt-Merlin 1
outlaw78 OpenVPN Setting Merlin AXE-16000 Asuswrt-Merlin 1
TexasDave WAN Setting - WAN Connection Type Asuswrt-Merlin 2
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
Siff Setting dnsmasq on Asuswrt-Merlin Asuswrt-Merlin 8
Panic Button Wireguard client optional DNS Server setting Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 597 (members: 24, guests: 573)
Back
Top