Guest network for wired devices

  • ATTENTION! As of November 1, 2020, you will not be able to reply to threads 6 months after the thread is opened. Threads will not be locked, so posts may still be edited by their authors.

toaruScar

Occasional Visitor
I have a device in my network that I don't fully trust but earns me passive income. I want to isolate this device with only internet access. This divece is hooked directly to the ethernet port of my ZenWiFi XT8, and has no Wi-Fi capabilities.
I think a guest network meets all my requirements here except it's only for wireless devices. There're guest Wi-Fi options for each of the 3 bands of Wi-Fi, so I reckon guest network is configured on per-interface basis, and the ethernet port my device is hooked to is just another interface, so in theory could also be easily(?) configured.

Is there a way, for example, some command line magic I can configure a guest network for a ethernet port on the device?

P/s: I tried to search for posts about VLAN here but most of the replies were about using guest network instead. So I decided to ask about guest network here as well, so it sounds like a XY problem now.
 

OzarkEdge

Part of the Furniture
I have a device in my network that I don't fully trust but earns me passive income. I want to isolate this device with only internet access. This divece is hooked directly to the ethernet port of my ZenWiFi XT8, and has no Wi-Fi capabilities.
I think a guest network meets all my requirements here except it's only for wireless devices. There're guest Wi-Fi options for each of the 3 bands of Wi-Fi, so I reckon guest network is configured on per-interface basis, and the ethernet port my device is hooked to is just another interface, so in theory could also be easily(?) configured.

Is there a way, for example, some command line magic I can configure a guest network for a ethernet port on the device?

P/s: I tried to search for posts about VLAN here but most of the replies were about using guest network instead. So I decided to ask about guest network here as well, so it sounds like a XY problem now.
A recent suggestion here was to use a second router in Media (wireless) Bridge Mode to connect its LAN-only clients to your main router's isolated guest WLAN. Only practical if you have an old/spare router on hand that supports Media Bridge Mode.

OE
 
Last edited:

toaruScar

Occasional Visitor
A recent suggestion here was to use a second router in Wireless Bridge Mode to connect its LAN-only clients to your main router's isolated guest WLAN. Only practical if you have an old/spare router on hand.

OE
Thanks for the suggestion, but the added delay is undesirable here. 20ms of delay is a threshold lower than which I try to keep the connection, and the current unsecured setup is already at 17ms.
 

L&LD

Part of the Furniture
@toaruScar, have you already tried it?

Depending on your WiFi Environment, you may be pleasantly surprised. :)

If you have tried it, did you test all available Control Channels for best responsiveness?
 

toaruScar

Occasional Visitor
@toaruScar, have you already tried it?
Thanks for bringing this up.
My esitimation is based on the ping result between two ZenWiFi XT8 nodes that are connected using the 5GHz-2 band Wi-Fi. And the ping result is
Code:
31 packets transmitted, 31 packets received, 0% packet loss
round-trip min/avg/max = 1.395/2.868/5.120 ms
 

L&LD

Part of the Furniture
You're assuming the worst. :)

Besides, two nodes are different from a router in Media Bridge mode.
 

toaruScar

Occasional Visitor
You're assuming the worst. :)
I'm a bit lost here as to how this could be the worst case scenario. Maybe there's too much overhead for the ICMP pakets generated by ping to go back and forth between internet layer and link layer on the routers, so that the result RTTs are not an accurate estimation of the delay in real life situation?

Anyway, I don't have an extra wireless router laying around. So this route does not work here.
 

L&LD

Part of the Furniture
You don't need an 'extra wireless router laying around'. Just pick up an RT-N12 D1 to do some testing with. Connect it to an (isolated) Guest network and let the 'not really welcome, but profitable', device access the internet as it needs to for around $30 or so.
 

K-2SO

Very Senior Member
Just pick up an RT-N12 D1 to do some testing with.
No Media Bridge in stock FW. Only Repeater Mode and it doesn't work reliably. Needs Tomato for Wireless Ethernet Bridge. I have 2 of those in my cottage as APs. Reliable little N300 router, but not ideal for the idea above.
 

JagoUK

Regular Contributor
I have a device in my network that I don't fully trust but earns me passive income. I want to isolate this device with only internet access. This divece is hooked directly to the ethernet port of my ZenWiFi XT8, and has no Wi-Fi capabilities.
I think a guest network meets all my requirements here except it's only for wireless devices. There're guest Wi-Fi options for each of the 3 bands of Wi-Fi, so I reckon guest network is configured on per-interface basis, and the ethernet port my device is hooked to is just another interface, so in theory could also be easily(?) configured.

Is there a way, for example, some command line magic I can configure a guest network for a ethernet port on the device?

P/s: I tried to search for posts about VLAN here but most of the replies were about using guest network instead. So I decided to ask about guest network here as well, so it sounds like a XY problem now.
Do you have any other devices on your modem? Plug it into that and it won't be able to get on your network through the WAN.
 

toaruScar

Occasional Visitor
Do you have any other devices on your modem? Plug it into that and it won't be able to get on your network through the WAN.
My router does the PPPoE to access the Internet, and the modem is in bridge mode. And my ISP does not allow multiple PPPoE connections from one subscriber account. So unfortunately it won’t work.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top