What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

IoT Network basics

David Cavalli

David Cavalli

Regular Contributor
Those who have recently updated to 3006, like me, are making many posts about the "IoT Network" addition. Unfortunately for me, I don't have the basic background to understand IoT and other posts on the subject seem to assume a basic understanding. My Google research only gives me a basic idea. If I understand right, the purpose is to isolate certain devices from your main network, so if/when they are ever compromised, they are limited to their own subnet. Also, if I understand the purpose, this smaller sub-network isn't given access to as much as my main network. In my own world, I use two Guest networks (2.4 and 5) so that when people come over to the house, they don't need my main infrastructure one, nor access to the intranet. I assume IoT is another "guest" type network, that has some other features that make it IoT. (... or is it just a guest network that has a convenient alternate naming convention?) If IoT has other "features", would love to understand what, over "guest".

So everything is working on my main infrastructure network right now, but I see the potential long-term security benefit from putting them on this new IoT sub-network. Here's the list of things that strike me as obvious to add to the IoT: Feit lights, Kasa on/off switches, Ecobee thermostat, Kwikset front door deadbolt, Ring chimes / video doorbells. I'm also assuming that I can probably add my Google Nest Hubs, which can control the prior listed IoT devices, but they also control my smart TV devices too. Here's where I'm not sure: Onn 4k TV streaming devices and my Visio smart TV. Those devices need to access my Linux Plex server, which specificially does need intranet/internet access, so it can't be on IoT.

If I IoT the obvious devices alone, is that the best solution? Any suggestions on the TV related clients / servers? Internet telephone on IoT? Printer on main? Do I have the right idea? Thanks in advance for any/all feedback.
 
If you haven't done so already, see how Asus explains the whole Guest Network Pro feature, and what the IoT profile setting is.

Generally people will recommend putting "IoT" (Internet of Things) devices onto their own network and isolate it from the main network (main LAN). The reasons vary, including mitigating possible security risks from those IoT devices.

It really comes down to your use case. Do you need to segregate your devices into different networks? If so, do you need those different networks to communicate with each other?

PS: One can setup multiple Guest Network Pro profiles to create one segregated network for guests who need WiFi access, another segregated network for IoT devices and so on. It all depends on one's use case and what they're trying to achive.
 
One suggestion I have is you may still want to be able to directly access some of your IoT devices from the main network (I have a security camera NVR and and a Hubitat device that can be managed through web interfaces that I don't want to expose to the outside world). If that's the case you can put a line in your firewall-start script located in /jffs/scripts/ that looks something like this:

iptables -I FORWARD -i br0 -s 192.168.1.0/24 -d 192.168.53.0/24 -j ACCEPT # Added for access to IoT network from main network
(Note: Replace 192.168.1.0/24 and 192.168.53.0/24 above with whatever you LAN and VLAN IP ranges are)

In my case I made the entire .53.x VLAN accessible from the entire main LAN but you can do it on an individual device basis by just having a line for each device instead of the entire .53.0/24 subnet, including limiting access to specific IPs on the main LAN instead of the entire .1.0/24 subnet.
 
David Cavalli said:
Perfect answer! That's exactly what I needed to get started! Thanks!
Click to expand...
There are other past discussions that may help understand Guest Network Pro. Like the following:
www.snbforums.com

Trying to understand Guest Network Pro limitations

Using an AX-86U Pro on FW 3006.102.4_beta1, I'm experimenting with Guest Network Pro and VLANs and I must be missing something. I've created a VLAN (tagged as 3) and set ethernet port 3 as an access port tagged with that VLAN. I've then created a new guest network with that same VLAN, turned on...
www.snbforums.com www.snbforums.com
In particular there is my following post that explains how to use a firewall-start script to handle certain things like having intranet access disabled but allowing access from the Guest Network Pro Profile to a specific main LAN client. Along with other examples.
https://www.snbforums.com/threads/t...st-network-pro-limitations.94438/#post-952345
 
Last edited:
You must log in or register to reply here.

Similar threads

1
Understanding guest network pro
Replies
4
Views
542
visortgw
visortgw
XIII
Setting up IoT networks using 3006 firmware?
Replies
8
Views
1K
sebid
sebid
M
Allowing intranet traffic for single host to guest wifi network
Replies
3
Views
345
mikalcarbine
M
L
Replacing RT-AC3100 with RT-BE88U for ESP based IOT Network
Replies
4
Views
574
lokester
L
gil80
No internet access on guest network
Replies
10
Views
342
gil80
gil80
Similar threads
Thread starter Title Forum Replies Date
L Replacing RT-AC3100 with RT-BE88U for ESP based IOT Network Asuswrt-Merlin 4
J Guest Network Pro on RT-AX88U Pro IoT VLAN Setup with TP-Link TL-SG1008 Unmanaged Switch Asuswrt-Merlin 8
W3Wilkes RT-AX86U IoT (guest network) Intranet Question Asuswrt-Merlin 15
M Any workaround to expand Guest Network 'features' on Mesh for IoT Devices | AX86U Asuswrt-Merlin 2
U Need Help Setting Up 3 VLANs (Home, Guest, IoT) on ASUSWRT-Merlin (RT-AC86U) Asuswrt-Merlin 9
XIII Setting up IoT networks using 3006 firmware? Asuswrt-Merlin 8
M RT-BE88U - How to remove or prevent creation of IOT VLAN (3006 firmware) Asuswrt-Merlin 1
W RT-BE88U - Guest and IoT not working with USB 3.0 Asuswrt-Merlin 20
C DOT & IoT Devices Asuswrt-Merlin 3
R Guest Network Pro in FW 3006 - different default DNS Server than in FW 3004? Asuswrt-Merlin 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 6,014 (members: 17, guests: 5,997)
Back
Top