YazFi or Aimesh?

[banz]

I'm currently using YazFi and I have 1 router + 1 access point.

Yazfi doesn't seem to support the second access point so I'm having problems with IOT devices switching between different subnet when they roam between the router or AP. My second access point uses the built in guest network and it doesn't support a second vlan.

Would using asus aimesh get around this problem? I read somewhere that aimesh only supports the guest network on the first column. So I guess as long as I have only 1 guest network, then it should be okay?

Basically what I need is that IOT devices should all be on an isolated vlan and not on my primary one. Also it needs to be on 2.4G since some of these devices does not support 5G.

 

[eibgrad]

Why would any of your IOT devices be *roaming*? That sounds more appropriate for a laptop or smartphone.

Now if it's just a matter of some IOT devices performing better depending on the choice of SSID/AP between the two devices, and they remain locked to their preferred SSID/AP permanently, then I get it. And AiMesh becomes irrelevant.

Frankly, it may be easier and prove to be a better architecture if you didn't use the stock or Merlin firmware for the secondary router. Something like FT (FreshTomato) could prove a much better match since these firmwares support user-defined VLANs and bridges in the GUI! You also prevent this problem of having the IOT/guest network share the same ethernet segment and IP network as that of the private network. IMO, the ASUS guest network solution is messy and NOT implemented very well. I'd much prefer to use something like FT for these purposes. Granted, your router would have to be compatible. But far too many users get "locked" into only considering the stock or Merlin firmware to solve this kind of problem. And sometimes it's just not the right choice.

FWIW, here's an example of someone I recently helped establish a secondary AP w/ FT which supports both the private (br0) and guest/IOT (br1) networks, and where each is completely isolated from the other.

Segmented Guest/IOT network with R7000 configured as an AP?

Semi-networking noob here and I can get the network built but no internet access is happening. My setup is as follows (1 router on each floor) with the ASUS doing the DHCP for the home network and the DNS (going through a pihole): I configured the Nighthawk using a post I can no longer find...

www.linksysinfo.org

 

[kernol]

You don't say which routers you have - but I can say that my 2 x RT-AX86U's in an Aimesh config with Guest1 WiFi running on a separate subnet [192.168.101.0 - does this automagically] routed through a separate VPNClient for internet connectivity [with Merlin firmware 386.3_2 on both] - achieves the object of keeping the Guest1 WiFi away from the home network and yet connected to the internet through its own tunnel.
I do not use "Smart Connect" and have 2.4Ghz and 5Ghz WiFi channels separated.

 

[banz]

Why would any of your IOT devices be *roaming*? That sounds more appropriate for a laptop or smartphone.

Now if it's just a matter of some IOT devices performing better depending on the choice of SSID/AP between the two devices, and they remain locked to their preferred SSID/AP permanently, then I get it. And AiMesh becomes irrelevant.

Frankly, it may be easier and prove to be a better architecture if you didn't use the stock or Merlin firmware for the secondary router. Something like FT (FreshTomato), or even DD-WRT, could prove a much better match since these firmwares support user-defined VLANs and bridges in the GUI! You also prevent this problem of having the IOT/guest network share the same ethernet segment and IP network as that of the private network. IMO, the ASUS guest network solution is messy and NOT implemented very well. I'd much prefer to use something like FT for these purposes. Granted, your router would have to be compatible. But far too many users get "locked" into only considering the stock or Merlin firmware to solve this kind of problem. And sometimes it's just not the right choice.

FWIW, here's an example of someone I recently helped establish a secondary AP w/ FT which supports both the private (br0) and guest/IOT (br1) networks, and where each is completely isolated from the other.

Segmented Guest/IOT network with R7000 configured as an AP?

Semi-networking noob here and I can get the network built but no internet access is happening. My setup is as follows (1 router on each floor) with the ASUS doing the DHCP for the home network and the DNS (going through a pihole): I configured the Nighthawk using a post I can no longer find...

www.linksysinfo.org

My IOT devices is roaming because it's right at the edge of coverage for the router and AP. I placed an AP and a router in the middle of each floor. I kinda wish they won't roam but unfortunately they do due to having similar signal strength to both devices. I stopped having scheduled daily reboot and that made it much better.

I came from ddwrt/pfsense and I kinda want something more simpler and just work. Which for a long time asus merlin satisfied my needs but now with so many IOT, I'm a little concerned with security. Already do enough IT troubleshooting at work. Colleagues recommended ubiquiti but I really don't think I need to shell out that much just for having a network with 2-3 vlans. I don't even need POE, QOS or any other fancy features.

 

[banz]

You don't say which routers you have - but I can say that my 2 x RT-AX86U's in an Aimesh config with Guest1 WiFi running on a separate subnet [192.168.101.0 - does this automagically] routed through a separate VPNClient for internet connectivity [with Merlin firmware 386.3_2 on both] - achieves the object of keeping the Guest1 WiFi away from the home network and yet connected to the internet through its own tunnel.
I do not use "Smart Connect" and have 2.4Ghz and 5Ghz WiFi channels separated.

I have a AC86u and AC68P.

Same I don't use SC.

Most likely I'll just need 1 primary network for all my secured devices. 1 subnet for IOT and another subnet for guests + unsecured devices.

I'll probably give aimesh a go. If it works well then I might consider buying a few more aimesh capable devices.

 

[kernol]

AiMesh seems to have settled down nowadays - had troubles to begin with.
Worthwhile having a go since setup is easy and management even easier.

I used to use YasFi but don't need to anymore with the AiMesh Guest1 WiFi now working well [for me].
You can still use YasFi for additional Guest WiFi within your home and keep those guests away from you home LAN with the YasFi features.

 

[bennor]

Yazfi doesn't seem to support the second access point ...

As a reminder, right from Jack recently in another thread about YazFi and AiMesh nodes:

YazFi doesn't work on Aimesh nodes. The guest network on the node will be unrestricted

 

[bennor]

I used to use YasFi but don't need to anymore with the AiMesh Guest1 WiFi now working well [for me].
You can still use YasFi for additional Guest WiFi within your home and keep those guests away from you home LAN with the YasFi features.

Note, its YazFi, not YasFi.

 

[heysoundude]

I have a AC86u and AC68P.

Same I don't use SC.

Most likely I'll just need 1 primary network for all my secured devices. 1 subnet for IOT and another subnet for guests + unsecured devices.

I'll probably give aimesh a go. If it works well then I might consider buying a few more aimesh capable devices.

Don't forget to think in 3 dimensions when placing routers in a mesh ;-) each radio is a "bubble" and you want the bubbles to cover your home/property where devices are located and get used. a slight location change can make a world of difference: routers/radios in tandem with each other can make for some rather surprising/pleasing wireless coverage in the 5Ghz band if they're ~10-15m/30-50ft Line-of-sight equidistant from each other and aren't fighting physical obstructions (2.4GHz band has less of an issue with penetration, depending on construction materials), and WiFi Radar can be a big help carving out your space/staking a claim to your part of your neighbourhood's ether

 

[MarcoPolo]

AiMesh seems to have settled down nowadays - had troubles to begin with.
Worthwhile having a go since setup is easy and management even easier.

I used to use YasFi but don't need to anymore with the AiMesh Guest1 WiFi now working well [for me].
You can still use YasFi for additional Guest WiFi within your home and keep those guests away from you home LAN with the YasFi features.

I tested this solution (Guest Network 1 / 2.4 Ghz / Intranet Access = Disable / Aimesh Node = All) but I personally see 2 drawbacks:
1/ the devices connected to this network do not "see" each other anymore. Impossible to ping them as if "Set Ap Isolated" was On (but this is not the case in the settings)
2/ response times of all 2.4 Ghz devices (on this isolated network or on the main network) drop drastically. The pings go from 2/10ms to 300/1,5s (via PingPlotter from a computer connected with an RJ45 cable).

YazFi can fix the 1/ but the problem persists for 2/ (and is problematic).
But... YazFi dosen't work with AiMesh node...
So, no good solution: My IOT devices went back to the main 2.4 wifi (because it is well managed by AiMesh) at the expense of security...

You don't notice this on your side ?


Master AiMesh router: AX88U
AIMesh node= AC68U
Last merlin firmware (386.3_2)

 

[kernol]

I tested this solution (Guest Network 1 / 2.4 Ghz / Intranet Access = Disable / Aimesh Node = All) but I personally see 2 drawbacks:
1/ the devices connected to this network do not "see" each other anymore. Impossible to ping them as if "Set Ap Isolated" was On (but this is not the case in the settings)
2/ response times of all 2.4 Ghz devices (on this isolated network or on the main network) drop drastically. The pings go from 2/10ms to 300/1,5s (via PingPlotter from a computer connected with an RJ45 cable).

YazFi can fix the 1/ but the problem persists for 2/ (and is problematic).
But... YazFi dosen't work with AiMesh node...
So, no good solution: My IOT devices went back to the main 2.4 wifi (because it is well managed by AiMesh) at the expense of security...

You don't notice this on your side ?


Master AiMesh router: AX88U
AIMesh node= AC68U
Last merlin firmware (386.3_2)

I'm sure you are correct in identifying shortcomings for your own setup - in my case I am using guest wifi for genuine periodic guest wifi access and I have no interest in guest devices being able to ping each other - or for that matter ping my secured LAN devices.