....VLANs, but that is not at all straightforward on this firmware and certainly not for the fainthearted.
Actually, I too was wary, but I found VLANs on the RT-AC68U is pretty trivial to set up (5 commands, not including Firewall rules) but to support wired VLANs naturally requires your infrastructure to support the VLAN traffic.
I also read the article regarding IoT isolation and despite the scaremongering journalistic articles warning that potentially "my toaster/fridge" could end up killing me if I didn't do something about it, I find other priorities in life take precendence, although the following story :
e.g.
http://www.networkworld.com/article...-smart-light-bulbs-and-5-000-iot-devices.html made me smile!
So over the last few weeks (when I'm 'bored') I've been having a little tinker with IoT VLANs.
I have VLANS 5,10,15,20 & 200 daisy chained, currently off port 4 on the router to different rooms via:
Code:
1 x Netgear GS108PEv3 8-port switch (4 POE ports)
1 x Netgear GS-108Ev3 8-port switch
1 x Netgear GS-108Ev2 8-Port switch
3 x TP-Link TL-SG2008 8-Port switches
VLAN 200 is bridged (via br1) to Guest 2.4GHz Client 3 to VPN Client 1 - surprised myself when I plugged in a laptop to a VLAN200 port and
https://ipleak.net showed I was in NY!
I have the BG Hive Hub isolated, and it seems fine, and so too the Samsung TV - I picked the easiest first!
NOTE: Obviously (by convention) each VLAN has its own subnet and I chose to ensure they use external DNS i.e. OpenDNS/Google hybrid.
I haven't yet isolated the Wifi stuff - LIFX lights,ROKU,Chromecast and Echo dots etc. - basically not sure how best to control their management apps.
So technically IoT isolation does work on Asus routers, it's just a headache (for me at least) designing the topology and ultimately managing the devices on the VLANs - clearly they don't show up in the Network map, so I guess that APs will need to be installed or use RaspberryPis etc.? as
management portals.
Suffice to say, I agree with your answer that SSID/VLANs may be the solution for the OP (unless a few simple firewall rules would suffice), but for home use it could be expensive - both in time and money.
P.S. I found this article which helped me to see how others were using VLANs in the home:
https://nguvu.org/pfsense/pfsense-router-on-a-stick-with-netgear-gs108/
