Accessing 2nd router

[bertradio]

I have an AX86U-Pro and attached an AC68U to one of the LAN ports to use as an isolated net for IOT's. It works well. But I cannot figure out how to sign in to the AC68U from my desktop connected to the AX86U-Pro. The only way I can access the AC86 is by connecting directly to it with an Ethernet cable. Neither the IP set on the AC68U (192.128.1.1) nor the address of the router assigned by the AX86 work. Any guidance would be greatly appreciated.

 

[Tech9]

In default configuration IoTs connected to AC68U still have access to your AX86U-Pro network. They are not isolated. The AC68U firewall is preventing your access to GUI from AX86U-Pro network. You have to open access from AC68U WAN. Why not using a Guest Network for IoTs on AX86U-Pro instead?

 

[ColinTaylor]

On the RT-AC68U you need to enable Web Access from WAN in Administration - System and then use the "WAN" IP address given to it by the AX86U-Pro.

 

[bertradio]

Thanks Colin. That worked.

As for whether a separate router is better than using a guest network. I've seen different opinions. Security guru Steve Gibson says absolutely yes use a 2nd router -- if you have an old router around (which I do). His point is that we don't really know what's happening with the guest network and we definitely know that a separate router is isolated. But based on what Tech9 said, I connected to the IOT router with my laptop and was able to ping anything on the AX86 LAN.

So I've gond back to using a guest network for IOT devices.

 

[ColinTaylor]

FYI Steve Gibson isn't a security guru, despite what he might like people to think. Most his thinking is decades out of date now.

You can use two routers to isolate your IoT devices if they are on the router closest to the internet gateway. Of course this means that your trusted LAN is now behind two NATs. But nowadays most home routers support isolated guest networks so this is not necessary.

 

[drinkingbird]

Thanks Colin. That worked.

As for whether a separate router is better than using a guest network. I've seen different opinions. Security guru Steve Gibson says absolutely yes use a 2nd router -- if you have an old router around (which I do). His point is that we don't really know what's happening with the guest network and we definitely know that a separate router is isolated. But based on what Tech9 said, I connected to the IOT router with my laptop and was able to ping anything on the AX86 LAN.

So I've gond back to using a guest network for IOT devices.

That only works by default if the first router is your guest one, not the second. This is called a DMZ router.

Right now all your untrusted devices have full access to your trusted LAN, as far as it is concerned, they are on the internet/wan. You need to add firewall rules and/or (preferably and) a dummy static route on the second router to block their access to your main LAN subnet.

Steve Gibson needs to be more specific apparently.