VLAN VS Multiple SSID

[Mister Craft]

I'm trying to secure my network and I can't seem to find a way to set up VLANs within Merlin. I'm probably overlooking it but I see you can set up guest networks (which is what I have set up now.) Wouldn't this constitute as multiple SSIDs? My question is which would be more secure? I am wanting to have my main devices on my main network and then my IoT devices on another network that can't connect to the intranet.

I also want to set up Security Onion to monitor the network and I see the Asus routers support port mirroring but I was wondering if anyone had any experience with this? I'm thinking it would be to resource intensive on the router. Would it be better to get a switch like this, link below, to set up the port mirroring and VLANs? Thanks in advance.
https://www.amazon.com/dp/B00K4DS5KU/?tag=snbforums-20

 

[stevef9432203]

I'm trying to secure my network and I can't seem to find a way to set up VLANs within Merlin. I'm probably overlooking it but I see you can set up guest networks (which is what I have set up now.) Wouldn't this constitute as multiple SSIDs? My question is which would be more secure? I am wanting to have my main devices on my main network and then my IoT devices on another network that can't connect to the intranet.

I also want to set up Security Onion to monitor the network and I see the Asus routers support port mirroring but I was wondering if anyone had any experience with this? I'm thinking it would be to resource intensive on the router. Would it be better to get a switch like this, link below, to set up the port mirroring and VLANs? Thanks in advance.
https://www.amazon.com/dp/B00K4DS5KU/?tag=snbforums-20

Sadly, that is one feature never enabled by Asus or Merlin

 

[Mister Craft]

Sadly, that is one feature never enabled by Asus or Merlin

So short of getting a switch and running VLANs that way my only option is to use the guest network for my IoT devices? What switch would you guys recommend? I've got less than 20 devices most are on wifi. I'd need a switch and another AP for the IoT devices right?

 

[Martineau]

So short of getting a switch and running VLANs that way my only option is to use the guest network for my IoT devices? What switch would you guys recommend? I've got less than 20 devices most are on wifi. I'd need a switch and another AP for the IoT devices right?

My multiple VLAN switch topology

 

[Mister Craft]

My multiple VLAN switch topology

So this is what I have and what I am thinking about doing. What do you think?

Current Gear -

- Asus Rt-AC88U as my main router.

- Linkysys 10/100 16-Port Workgroup Switch (Model EZXS16W)

- Cisco Linksys E1550 that I could use as an Access Point for the IoT devices. My thought was something like this

ARRIS Modem > Asus Router (for main network) > Switch > Cisco Router (for IoT devices)

OR

ARRIS Modem > Asus Router > Switch Configured with VLANs (not sure how to do that but I could figure it out with some research)

 

[Martineau]

So this is what I have and what I am thinking about doing. What do you think?

Current Gear -
- Asus Rt-AC88U as my main router.
- Linkysys 10/100 16-Port Workgroup Switch (Model EZXS16W)
- Cisco Linksys E1550 that I could use as an Access Point for the IoT devices. My thought was something like this

ARRIS Modem > Asus Router (for main network) > Switch > Cisco Router (for IoT devices)

OR

ARRIS Modem > Asus Router > Switch Configured with VLANs (not sure how to do that but I could figure it out with some research)

If you are to invest in additional switches then you should at least future proof yourself and use Gigabit switches that are also VLAN aware and also include other features such as port mirroring etc. that may be important to you.

So it really depends on your budget and the Netgear and TP-Link switches I bought were 'mid-range' and whilst I'm not familiar with the Linksys switch product line...... a quick Google brings up Linksys LGS308 8-Port Business Smart Gigabit Switch

However, I'm sure you would get better advice in the Switches forum
e.g.
Best Router Switch for ~$100?
Please help me troubleshoot duplicate ACKs and missing packets on home network

 

[Mister Craft]

If you are to invest in additional switches then you should at least future proof yourself and use Gigabit switches that are also VLAN aware and also include other features such as port mirroring etc. that may be important to you.

So it really depends on your budget and the Netgear and TP-Link switches I bought were 'mid-range' and whilst I'm not familiar with the Linksys switch product line...... a quick Google brings up Linksys LGS308 8-Port Business Smart Gigabit Switch

However, I'm sure you would get better advice in the Switches forum
e.g.
Best Router Switch for ~$100?
Please help me troubleshoot duplicate ACKs and missing packets on home network

Thanks, I came across this and it may be a solution but I'm not sure as I don't know what I'm looking at. Is this saying it will separate the guest network onto a different vlan?

https://gist.github.com/the-darkvoid/c6a1c112603cc33e68a7