Asus ZenWiFi BT10s. VLAN segregation?

[sjw]

Hi all, first post, great to be here....
I'm getting a twin pack of BT10s later today (UK) that I'll be setting up with wired backhaul. I chose the BT10s after I think being misled on their capabilities but I have 30 days to see if they're what I need, or I can 'get away with it.'
My initial need was better WiFi speeds around the house and I'm assured that's almost a given.
My second need was to set up a few SSIDs and have a main network and one for my IoT devices such as Smart plugs, dehumidifier etc. I understand that although they're connected to WiFi that they are actually controlled by 'going out' and then back in again.
However, I have a couple of devices I'd like to have segregated off to this VLAN - but with a small element of granular control from a device on the 'main' SSID/network. eg allow xx IP address access to this IP address/subnet on 'this' port. I was told this was quite easy using Merlin firmware - but today I learned that actually, Merlin isn't available for the BT10s.. I assume it's highly unlikey too?
I have a few questions on the BT10s if anyone's able to answer?
I understand there are a couple of key settings when creating the new networks.
'Use same subnet' - as it suggests, actually uses the same IP range for separate SSIDs but can still isolate them based on their MAC? Is this for maybe some older devices where the want to see the same gateway or similar?
The 'Allow intranet' option. This allows or disallows SSIDs to communicate, yes? Or is it between the 'Master' and easy child VLAN?
Are there any other ways of firewall control between SSIDs/VLANs, similar to the more granular option I described earlier?
How are ethernet devices directed to a specific network - is it just tied to the network port on the BT10? Thjs would allow ether ET devices to be on the same subnet as WiFi devices of the same VLAN?
Thanks!

 

[Tech9]

This set is from Smart Home Master series, it has VLAN separated Guest Network options, but no VLAN to LAN port options. No Inter-VLAN routing options, your isolated IoTs have to be controlled or accesses over Internet. The rest of your questions - see the User Manual, get yourself familiar with the GUI, experiment. You have ordered the set already, have some patience. When it arrives see what it does and if it covers your needs and expectations. If it doesn't - don't miss the return window, send it back. Good luck!

 

[Poul Bak]

This set is from Smart Home Master series, it has VLAN separated Guest Network options, but no VLAN to LAN port options.

That's correct, but for completement:
If you can set VLAN id on a device (wired or not) then you can connect that to the guest network with the same VLAN id so you can get VLAN on a port, if the device supports it (most IOT devices do not).

But what you heard about BT10's wi-fi is true, mine controls all my wifi:

Stop being ASUS's unpaid Beta Testers! Wi-Fi 6 is the real King

"I’m tired of seeing people throwing $800 - $1000 at Wi-Fi 7 or Wi-Fi 8 'AI' routers only to come here and cry about bugs. Let me educate you: The 'AI' Scam: You guys saw the GT-BE96_AI and thought it’s the future? Look at the facts! The NPU is literally dead weight. You try to run a local LLM...

www.snbforums.com

 

[Tech9]

If you can set VLAN id on a device

Yes, I've seen folks experimenting with managed switches and wireless bridges connected to guest networks. It works, but both methods require additional hardware. Network to port functionality is not built-in.

 

[sjw]

Thanks for the replies all.
I set up the units last night and had a play around. Speeds are incredible all over the house, 900Mb+ in each room (wired backhaul).
I can't find a way to connect a wired device to a user created network though. I tried with a few of the templates but can't see a way.
I've heard that one option I have to get much better firewall control is to get a router (such as the RT-BE88U) and I can install Merlin on that - and add the two BT10s as AiMesh nodes. This would give me the coverage, the aesthetics I need for the nodes and the inter-VLAN control I want. Is that true? Use the router as the brains but still get the seamless roaming of the BT10s too.

 

[Tech9]

I can't find a way to connect a wired device to a user created network though.

As mentioned already the product doesn't have this functionality. Just use the set as it is and don't plan additional complications less than 24h after turning it on. The features available are more than enough for home network and the firewall is more than adequate for the application. Keep it simple and don't play with settings too much. You and your family members will be happier.

 

[Poul Bak]

Yes, I've seen folks experimenting with managed switches and wireless bridges connected to guest networks. It works, but both methods require additional hardware.

That is only partly true. As I said, if you can set a VLAN id in the device's settings, you are good to go, no additional hardware required.

This is actually how it works in my network: The access point controls the wireless isolation and sets the VLAN id. Now on the router I also create an isolated guest network on a different subnet (and the same VLAN id) and now my IOT devices are totally isolated from main network.

I also just tested my nas, which is wired to the router and supports setting the VLAN id. Now it connects to that subnet and in fact locked me out of it's GUI - isolating a nas is not a good idea

But you're right that it is kind of a discount subnetting, if the wired device can't set the VLAN id - like my (wired) Android tv - then you can't isolate it - without a managed switch or something.