Guest network for IoT

fatpikachu · May 4, 2021, 7:47pm

I have router TP-LINK Archer C6 which doesn’t support VLAN. The good news is that at least Guest Network is supported.

Is it possible and safe to put all IoT devices to Guest Network and using ‘Main Network’ for personal devices?
Another way is that I could also plug in my old router into current Archer C6 and then maybe it will be correctly separated?

Sorry for newbie questions but I would like to start my adventure with HA safely.

exxamalte · May 5, 2021, 12:22pm

The configuration options for that TP-Link router are very limited. Putting IoT devices onto a separate WiFi network is a good idea, until you would then need to communicate with those devices. Maybe it works without allowing access from the guest network into your main network, but if not, then you may need to open up access from the guest network into the main network which makes the separation less useful.
Also, what you normally want to do is to cut off IoT devices from “calling home”, i.e. restricting their Internet access, which does not seem to be possible on that TP-Link router.

There is a good 3-part series about building a secure and reliable network including VLANs, starting here: https://youtu.be/ufJ3dPAgFiM

aussie1497 · August 27, 2022, 12:44am

I have a Deco M5 system, same issue. It appears with my iot on the guest, nothing can access them. My HA cannot ping them, so I can’t use localtuya on them.

It sounds like my choices are

no localtuya, use cloud which is really slow, slower than tuya’s own app
put all my iot on the main network - can I trust them with access to my nas etc?

I’m definitely not buying unifi or other extra hardware. Is this right?
I’m letting iot “calling home” now anyway. Just worried some rogue device gets hacked, then hacker can access my whole network.

sndrod · May 25, 2024, 10:01pm

Hi, did you resolve this with your Deco? What about using the guest network for the devices and HA on a VLAN?

NathanCu · May 25, 2024, 10:04pm

Asking someone to return two years later likely won’t yield a result…

That said. For what you really want to do you need a router that supports custom rules between vlans. The deco just puts up a hard wall between the guest network and the main network.

(read: it will be pretty much impossible to get the HA box in main to see anything in guest because guest is sequestered.)

So, basically… Bad idea.

aussie1497 · May 26, 2024, 1:36am

Deco is Rubbish throw it away. I got an Asus router that can cover the whole two-story townhouse just as well as the three set of deco can

stevemann · May 26, 2024, 2:33am

How?

Can anyone point to a verified instance of this happening? Or is this only in the movies?