IOT security question: Seperate a Smart TV from rest of network.

[Bussand]

I hope can explain this correctly. My goal is to separate a Smart TV IP Address from the same IP range as the rest of our home network.

Currently I have an ADSL modem that is acting purely as a bridge to the ISP provider and that is all it does. Then I have a consumer router (Netgear r6250) connected to the modem which is configured with all the ISP credentials (PPoE) required for the home's wireless devices to receive internet. It has 2.4ghz and 5ghz capability and both bands are used by various devices. The router can only create one SSID for each of the bands. The smart TV is connected to the 5ghz band on a guest network I created, but it still has an IP address in the same range and subnet as all the other devices connected. My question is, therefore, whether it is possible to separate this TV to another IP address away from the other group i.e. 192.168.1 10 to, 192.168.5.10 (just a random IP address example)?

Would this be possible through some sort of smart switch configuration with VLAN capability. although I don't believe a layer 2 switch could separate out IP or MAC addresses from the router connected to one port. Maybe a layer 3? However, that would likely be expensive and overkill? Of could a separate firewall achieve a similar outcome? Or am I way off ;-).

The Guest SSID on the router the TV is connected to has an option to disallow access to the rest of the network which I have checked, but it bothers me that it still sits on the main IP range that all the other clients have.

The plan is that should there be an issue with the TV's privacy etc. as an IOT type device it will not affect the rest of the network if there's a breach of some kind.

Hope that makes sense, and thanks for any advice in advance.

 

[CaptainSTX]

I don't know if having a different LAN subnet for your TV would add any additional security vs. the guest network which restricts the TV's access to your LAN.

If you go with an inexpensive Smart Switch with VLANs it will still give the TV an IP in the same subnet as your primary LAN. The advantage to this approach is if you can connect your TV using Ethernet your streaming experience would likely be better and by reducing wireless bandwidth use by your TV other WiFi connected devices would have less competition for air time.

If you have a router that can be flashed with tomato it will allow you to have up to three VLANs with their own subnets and each of these additional subnets can be associated with both LAN ports and Virtual APs (guest networks). VLANs can be setup using the GUI.

 

[Bussand]

Thanks for your input. The idea about connecting a smart switch to the TV's physical port is interesting. However, the TV is not close to the router and also your point about whether that would give us better security, seeing as it would still be on the same subnet, is probably more relevant as it would appear this setup wouldn't achieve the original goal of heightened security.

Maybe the guest network is sufficient to keep security at an acceptable level, although, I'm not 100% sure about that.

The Tomato idea is also a consideration. In a similar vein, I am aware that DD-WRT firmware is able to create VLANS.