What's new

Securing Home Network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

wReq1mNVfg_d

New Around Here
Hi, I've got a new home and am interested in getting some smart devices, but don't want to put these on my main wifi where anyone with the wifi password can see or access these devices or give the devices access to the internet at all if not necessary. I've searched for guides and gear recommendations, but haven't gotten very far: any suggestions for equipment and setup that would allow me to put some devices behind something (maybe wireguard?) so I can control them from all my main devices without exposing them to other people? I currently have an Netgear Orbi RBR750 and an ASUS RT-AC68u at my disposal.
 
It all depends on your chosen network hardware. If you chose a router which is capable of VLAN management, then you can seperate your network in more advanced way. if you have stupid cheap router then look for one which has separate network due to "guest-network" and "Normal network" which will have different SSIDs and most of the time different network ranges.

You could also configure a small SBC (like Raspberry pi) to act as DHCP, DNS server and there you can do all the magic too.

I guess may be there are more ways but those are which pop right out of my head.
 
The VLAN option sounds appealing. Will research more. I think the Asus router I have could be setup that way, but the Orbi I have doesn't seem like it'll help so I'll be looking to replace it with something else. Any recommendations for equipment that could improve my situation? I have about $400 to spend right now and would like to add something which I can setup with the VLAN, wireguard and ideally supports a mesh-like system. An RT-AX88u and a pi-hole are my current leaning, but if something else would be simpler or more suited to the situation I'm all ears.
 
I think your choice isn't that bad with the RT-AX88u. May be someone with that device could give some information or suggestions.
But if you can live with one antenna less then go for the RT-AX86U which is great peace of hardware for its price. But may be you should first do some research if the AX86U really satisfies your setup whish.
 
The RT-AX86U has 'one antennae less' only for the 2.5GHz band (3x3:3). The 5GHz bands are both 4x4:4 with internal antennae in the RT-AX86U.
 
The VLAN option sounds appealing. Will research more. I think the Asus router I have could be setup that way, but the Orbi I have doesn't seem like it'll help so I'll be looking to replace it with something else. Any recommendations for equipment that could improve my situation? I have about $400 to spend right now and would like to add something which I can setup with the VLAN, wireguard and ideally supports a mesh-like system. An RT-AX88u and a pi-hole are my current leaning, but if something else would be simpler or more suited to the situation I'm all ears.
FreshTomato have GUI capabilities when it comes to VLAN.
Merlin also have some workaround based on IPTV tagging + CLI iptables (quite painful unless you're a pro).

If you want something quick, I'd go for FT firmware: it allows up to 3-port VLAN, 4 bridges. Eventually, add something like this and you can manage slightly more ports.
Otherwise, you may invest around 90 USD for this and you're done, you'll have enterprise alike router/switch/etc management interface (demo here). Still, with quite a high learning curve due to the massive amount of options available.
 
What about OpenWRT and loading it? It has VLANs? I am not sure how it compares to Tomato?

I ran Tomato when it first came out back in the old days on a Linksys.
 
An RT-AX88u and a pi-hole are my current leaning

No custom firmware with VLAN's support for this router.

FreshTomato have GUI capabilities when it comes to VLAN.

Fresh Tomato is excellent for your AC68U, but works best with no NAT acceleration. If your ISP speed is below 250Mbps, you get VLAN's, ad-blocker (good for phishing, malware, crypto etc. blocking as well), IP traffic monitoring, Traditional and Cake QoS (up to 200Mbps), Bandwidth Limiters, VPN server/client, captive portal, web server. All with fresh new GUI as option, better than 10-years old now Asuswrt GUI. Try it before you spend more money on hardware.
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top