XT12 / Dual WAN / nextdns / IOT

[j0ffrey]

hello, I have a duo of XT8 with use of backhaul.

I have around fifteen connected objects that use wifi and matter. My Apple TV 4K serves as a matter bridge and is connected via ethernet.
I also use Google Homes to control them by voice which are necessarily on wifi.

As is often advised, I would like to create a dedicated wifi network for IOT:
- to improve the network performance of smartphones, connected TVs, PCs, etc.
-to improve security by preventing a security breach in an IOT from putting my intranet network in danger (NAS in particular).


I would like to know if it is possible to create a second WiFi 2.4 network (so a priori using the guest network) and that the Apple TV and the Google Homes of my intranet can see and communicate with the iot directly without going through internet but the iot cannot communicate with my intranet network (internet only)

thank you for your advice and explanations

ps: is there any point in switching my firmware to the merlin fork?

 

[sfx2000]

Not to be rude - but this has been asked and answered multiple times...

Search the forums, and you'll get a lot of good advice here...

 

[bennor]

... I would like to create a dedicated wifi network for IOT:

[Wireless Router] How to set up Guest Network on ASUS Router? | Official Support | ASUS Global

[Wireless Router] How to set up Guest Network features to Sync to AiMesh node? | Official Support | ASUS Global

 

[Tech9]

- to improve the network performance of smartphones, connected TVs, PCs, etc.

Creating a Guest Network won't improve the performance of anything. Make sure you don't cut your access to IoTs.

ps: is there any point in switching my firmware to the merlin fork?

Based on your question - stay on Asuswrt. Your TX8 is quite firmware sensitive and if it works properly - don't disturb it.

 

[j0ffrey]

Thank you all.

I finally took the option to upgrade to an XT12 and use nextdns.

Regarding global parameters, my ISP modem offers 5Gbits with fiber but 3 ports (2.5, 1 and 1). I must use this modem with DHCP. So my XT12 nextwork is 192.168.50.xx.
For the moment, I connected the XT 12 to the router on port 2.5 and the IP of the XT12 is in DMZ on the modem. I use a NAS synology so I also have port mapping rules in the XT12 on my synology (80.443. and some other ports). Finally, the XT12 is in bridge mode for IPV6 and all my devices are assigned IPV6 by my ISP.

1) DUAL WAN
First, I'm thinking of using dual wan with load balancing to increase my cumulative internet speed from 2.5 to 3.5.

From what I understand, my XT12 will now have 2 fixed IPs. (192.168.1.24 for 2.5 WAN and 192.168.1.25 for 1 WAN)

So that my Synology ports are always good, I have to force the Synology to always take WAN 2.5. Especially since the Syno is connected in 2.5 to the XT12

on the load distribution, I think to put 2:1 in the parameters

Does this all sound good?


2) Private DNS

Then I will use Next DNS
After some research, I saw that I could use nextdns:

- directly with asus merlin but necessarily in DOT and impossibility of reporting the device names in the nextdns logs

- with a nextdns CLI
- with the CLI control D compatible with next dns

In these last two options I can:
- choose DOT or DOH3
-retrieve device names
-make cache in the XT12

Did I follow correctly so far?

Having a preference for reporting the name of the devices to help me monitor possible false positives, I must therefore switch to a CLI (nextdns or control D). which one would you recommend to me?

3) IOT
Finally, still for the IOT, I finally think of keeping them on the normal wifi network to avoid problems with use in a local network (matter with the Apple TV4 in bridge)

So, I'm going to create a second profile in nextdns that's more restrictive. In this case, is it also possible with both CLIs (nextdns and control D)?

Sorry for all these questions which may seem stupid.

I lack skills even if I learn quickly with the right explanations

 

[bbunge]

Another poor, lost soul reaching for high bandwidth and paying their ISP for services they will never use. And trying to make a complicated home network that will will consume all of their free time figuring out why it does not work right.
The KISS principle works best with SOHO networks....

 

[j0ffrey]

Another poor, lost soul reaching for high bandwidth and paying their ISP for services they will never use. And trying to make a complicated home network that will will consume all of their free time figuring out why it does not work right.
The KISS principle works best with SOHO networks....

I am looking for a high bandwidth because I have at most:

- 4 4K streams in the home, i.e. 25Mb/s*4 with peaks at 40Mb/s*4 - permanently recover the stream from 4 HD security cameras in my business
- data sharing
- my family who some evenings can meet up with 2 or 3 on my emby server on films between 80 and 100Mb/s
- synchronization of 10 members of my family on synology drive + photos

and quite simply because it amuses me to try, to learn, to understand, and to succeed.

Especially since my question mainly concerns data protection + parental protection (dns server and iot risk)

 

[Stepalex]

What speed can you get through the 2.5G LAN port to your Sync, can you test that please?

Re IOT and Kids networks - Asus did that in AsusWRT 5/3006 firmware, but it has been in beta for 18(!) months now, and it seems they've hit some major roadblock for a wide release. At this rate I am losing hope of ever seeing that released, and will likely upgrade to ASUS ZenWiFi BQ16 once they are available.

 

[j0ffrey]

Quelle vitesse pouvez-vous obtenir via le port LAN 2,5G vers votre synchronisation, pouvez-vous tester cela s'il vous plaît ?

Concernant les réseaux IOT et Kids, Asus l'a fait dans le firmware AsusWRT 5/3006, mais il est en version bêta depuis 18 (!) mois maintenant, et il semble qu'ils aient rencontré un obstacle majeur pour une large diffusion. À ce rythme, je perds espoir de voir un jour cette version sortir, et je passerai probablement à ASUS ZenWiFi BQ16 dès qu'elle sera disponible.

Bonjour, a test speed check is 2.5G with a computer 10gbps lan. ( my provider speed in theory is 5gbps up and 1gbps down)