Segregating IoT devices using Asus routers.
14 August 2021, 04:50 PM
#1
Segregating IoT devices using Asus routers.
I'm getting to the stage of finalising my home network (wired cat6 everywhere), and got to the stage of actually needing to buy equipment.
Currently on VDSL, hopefully may switch to FTTP, or maybe 5G if/when it appears (4G is a bit slow round here). Using a BT homehub 6.
What I want:
Wifi 6 (AX), built in VPN server, wired backhaul to APs on the same SSID and possibly another wireless backhaul to the far reaches of the garden maybe using a exterior AP or aerial as its 60metres and I currently lose all signal at 30metres.
Segregate IoT devices that include Somfy, Heatmiser, The ovens, Google, Alexa and loads of Chinese Wifi switches. The Somfy and Heatmiser hubs are wired not Wifi. There's also the IP CCTV, and would like to avoid a double NAT situation for VPN stuff.
Now I thought I could do this by setting up some VLANs and use multiple SSIDs tied to the relevant VLANs. Should also allow me to trunk CCTV stuff though a shared cable. Seemed simple in my head.
Then I find my ideal brand of routers/modems; Asus RT-xxAX doesn't natively support VLANs and multi-SSIDs, only guest networks and they are available on wifi not wired. Not without writing custom script in a CLi, I'm not going there.
So I'm posed with trying to find something to fit the bill. Replace the modem, give Wifi6 mesh and VLANs with a GUI and documentation in a decent level of English (one reason I like Asus is the GUI just works for me). With future compatibility with FTTP and 5G.
First thought is Draytek, got a 28xxvn something at work which also handles the Voip traffic (purely a user; an IT company 'manages' it), but I think the Wifi range is inferior to Asus, the GUI is still a bit antiquated and not that intuitive and the wifi momentarily 'hangs' on some websites like some sort of QoS or traffic management/firewall is blocking it (I switch off the wifi and go to 4G when this happens and page then loads instantly). So for this reason I'm put off from in investing in Draytek kit.
Alternative I guess is to actually have two physically separate networks via a managed switch? And using separate wireless APs for each network.
Then I wonder if I'm being over the top by segregating the iot?
Currently on VDSL, hopefully may switch to FTTP, or maybe 5G if/when it appears (4G is a bit slow round here). Using a BT homehub 6.
What I want:
Wifi 6 (AX), built in VPN server, wired backhaul to APs on the same SSID and possibly another wireless backhaul to the far reaches of the garden maybe using a exterior AP or aerial as its 60metres and I currently lose all signal at 30metres.
Segregate IoT devices that include Somfy, Heatmiser, The ovens, Google, Alexa and loads of Chinese Wifi switches. The Somfy and Heatmiser hubs are wired not Wifi. There's also the IP CCTV, and would like to avoid a double NAT situation for VPN stuff.
Now I thought I could do this by setting up some VLANs and use multiple SSIDs tied to the relevant VLANs. Should also allow me to trunk CCTV stuff though a shared cable. Seemed simple in my head.
Then I find my ideal brand of routers/modems; Asus RT-xxAX doesn't natively support VLANs and multi-SSIDs, only guest networks and they are available on wifi not wired. Not without writing custom script in a CLi, I'm not going there.
So I'm posed with trying to find something to fit the bill. Replace the modem, give Wifi6 mesh and VLANs with a GUI and documentation in a decent level of English (one reason I like Asus is the GUI just works for me). With future compatibility with FTTP and 5G.
First thought is Draytek, got a 28xxvn something at work which also handles the Voip traffic (purely a user; an IT company 'manages' it), but I think the Wifi range is inferior to Asus, the GUI is still a bit antiquated and not that intuitive and the wifi momentarily 'hangs' on some websites like some sort of QoS or traffic management/firewall is blocking it (I switch off the wifi and go to 4G when this happens and page then loads instantly). So for this reason I'm put off from in investing in Draytek kit.
Alternative I guess is to actually have two physically separate networks via a managed switch? And using separate wireless APs for each network.
Then I wonder if I'm being over the top by segregating the iot?
16 August 2021, 06:48 PM
#2
I segregate most things personally, guest, iot, main, security, business, all are on separate vlans where certain vlans can and can't see each other depending on the case.
If your router supports ddwrt (most do including both of my old Asus routers) just flash that to your router and your good to go, it supports vlans and much more. Only reason I moved from that with 2 Asus routers is it just wasn't powerful or fast enough for my needs anymore.
Edit: As for your WiFi needs, I'd look into mesh networks, there's loads about from Asus and the like, will serve you better for connectivity, its highly annoying when you go out of range of one access point and have to wait for your device to connect to the new nearest one, it's much better with mesh and easier to extend range
If your router supports ddwrt (most do including both of my old Asus routers) just flash that to your router and your good to go, it supports vlans and much more. Only reason I moved from that with 2 Asus routers is it just wasn't powerful or fast enough for my needs anymore.
Edit: As for your WiFi needs, I'd look into mesh networks, there's loads about from Asus and the like, will serve you better for connectivity, its highly annoying when you go out of range of one access point and have to wait for your device to connect to the new nearest one, it's much better with mesh and easier to extend range
Last edited by MrRtm; 16 August 2021 at 06:51 PM.
17 August 2021, 02:05 PM
#3
Wifi 6 APs will be meshed with wired backhaul for the main network that has portable devices. I wanted Asus as their wifi hardware is the best (IMO) with the best GUI, sticking dd-wrt ruins the latter plus security updates etc can become a manual chore. So would rather get something does it out of the box rather than mess about with custom firmware.
I was hoping to get a single box solution, but after looking into it I think this is going to end up with something that's a jack of all trades master of none. Some of Drayteks APs do support mesh and multiple SSIDs on separate VLANs, but well, I may need to re-read the instructions a few more times before clicking the buy button; https://www.draytek.co.uk/support/guides/kb-mesh-vlan
So I'm going spec/price up the following off the top of my head:
BThub6 replaced with new VDSL2 modem (probably Draytek) or cut the aerials on the BThub
Two sets of Wifi APs to each provide a SSIDs on its own VLAN/subnet. One set will use a cheaper low cost mesh APs just give internet access to the IoT stuff. And a better quality set of APs for the main network.
Maybe some TP-Link decos or Ubiquiti unifis for the IoT; So long as they have signal, speeds not an issue.
At least two Asus RT-AX55 for the main devices and guest wifi within the house.
Outdoor exterior access point. Probably have to be a AC as AX is pricey so one Ubiquiti POE exterior AP to get down to the back of the garden.
16port managed switch, probably a Prosafe, maybe PoE as that's always handy.
May need a few more managed switches for the garage and shed to run CCTV and Internet traffic down the same cable.
Right where's the paracetamol...
I was hoping to get a single box solution, but after looking into it I think this is going to end up with something that's a jack of all trades master of none. Some of Drayteks APs do support mesh and multiple SSIDs on separate VLANs, but well, I may need to re-read the instructions a few more times before clicking the buy button; https://www.draytek.co.uk/support/guides/kb-mesh-vlan
So I'm going spec/price up the following off the top of my head:
BThub6 replaced with new VDSL2 modem (probably Draytek) or cut the aerials on the BThub
Two sets of Wifi APs to each provide a SSIDs on its own VLAN/subnet. One set will use a cheaper low cost mesh APs just give internet access to the IoT stuff. And a better quality set of APs for the main network.
Maybe some TP-Link decos or Ubiquiti unifis for the IoT; So long as they have signal, speeds not an issue.
At least two Asus RT-AX55 for the main devices and guest wifi within the house.
Outdoor exterior access point. Probably have to be a AC as AX is pricey so one Ubiquiti POE exterior AP to get down to the back of the garden.
16port managed switch, probably a Prosafe, maybe PoE as that's always handy.
May need a few more managed switches for the garage and shed to run CCTV and Internet traffic down the same cable.
Right where's the paracetamol...
Last edited by ALi-B; 17 August 2021 at 02:08 PM.
17 August 2021, 07:21 PM
#4
I recently went with a load of ubiquiti gear and a self built opnsense firewall, although ubiquiti certainly isn't professional hardware it's at least Pro-sumer.
The all in one Web ui for managing all unifi devices is highly convenient and makes it easy to add new devices later, I would try not to buy retail personally, they are slightly overpriced, second hand or returns are a steal for what you get tho.
Having multiple different vendors means you are setting up vlans on each one separately, unifi does it automatically, updates to all devices can be automated which sounds like what you'd want. The mesh system works very well also. There is better stuff than ubiquiti that does all that it does just not at its price range or without yearly licensing fees which no one wants at home.
Can't the bthubs be put into modem mode anymore? Draytek is a fine choice for a modem but the older bt branded modems sometimes work better depending on your exchange.
The all in one Web ui for managing all unifi devices is highly convenient and makes it easy to add new devices later, I would try not to buy retail personally, they are slightly overpriced, second hand or returns are a steal for what you get tho.
Having multiple different vendors means you are setting up vlans on each one separately, unifi does it automatically, updates to all devices can be automated which sounds like what you'd want. The mesh system works very well also. There is better stuff than ubiquiti that does all that it does just not at its price range or without yearly licensing fees which no one wants at home.
Can't the bthubs be put into modem mode anymore? Draytek is a fine choice for a modem but the older bt branded modems sometimes work better depending on your exchange.
Last edited by MrRtm; 17 August 2021 at 07:23 PM.
17 August 2021, 10:25 PM
#5
Cheers, will take another look Ubiquiti. Was looking at multiple vendors to bring costs down, but I hadn't considered opened box/returns etc.
This BT Smarthub (6) is pretty locked down. No modem-only, no guest SSID and whilst I can turn off my Wifi the BT openzone wifi hotspot can't be disabled; Could once do it via the customer login on BT's website, but it re-enables itself every month when the modem does a monthly auto reboot. And now the option has gone entirely.
I'm last on the line to my exchange. Down is survivable at 20-22Mbps. But the upstream is a crippling 1Mbps
4G on the other hand is bit unstable with it below 10Mbps down but can get over 12Mbps up. Would really like modem that could split the traffic so that downloads came via VDSL and Uploads via 4G (until FFTP or 5g comes along).
This BT Smarthub (6) is pretty locked down. No modem-only, no guest SSID and whilst I can turn off my Wifi the BT openzone wifi hotspot can't be disabled; Could once do it via the customer login on BT's website, but it re-enables itself every month when the modem does a monthly auto reboot. And now the option has gone entirely.
I'm last on the line to my exchange. Down is survivable at 20-22Mbps. But the upstream is a crippling 1Mbps
4G on the other hand is bit unstable with it below 10Mbps down but can get over 12Mbps up. Would really like modem that could split the traffic so that downloads came via VDSL and Uploads via 4G (until FFTP or 5g comes along).
18 September 2021, 07:08 PM
#6
Speak to Broadbandbuyer.co.uk they might have something that would suit. I have a Draytek Router from them that does load balancing and you can dedicate up/down sources to different IPs. Different ups/downs would probably be possible though not how I configured it. I was using it as a PTP (ethernet via wireless) router with 4G backup. Draytek also do mesh pretty well too.
Broadbandbuyer was set up by a Scoobynetter & his brother back in the day #interestingfact
Broadbandbuyer was set up by a Scoobynetter & his brother back in the day #interestingfact
19 September 2021, 04:13 PM
#7
Well I didn't know that 
. I've used Broadbandbuyer for various stuff over the years for network and cctv stuff.
I'm going to have ask someone on which model, as Draytek's current router model line up doesn't make too much sense to me due to all the legacy products using the same numbering. I know its probably going to be a 27xxzz or 28xxzz of some sort. And I'm totally lost on their switches.
I've got an old 2820n somewhere, Was ok for the VLAN and WAN sharing, way too old to do anything else; Replaced it with Asus RT-N66 that had way better wifi range and built in VPN server.
. I've used Broadbandbuyer for various stuff over the years for network and cctv stuff.I'm going to have ask someone on which model, as Draytek's current router model line up doesn't make too much sense to me due to all the legacy products using the same numbering. I know its probably going to be a 27xxzz or 28xxzz of some sort. And I'm totally lost on their switches.
I've got an old 2820n somewhere, Was ok for the VLAN and WAN sharing, way too old to do anything else; Replaced it with Asus RT-N66 that had way better wifi range and built in VPN server.
Thread
Thread Starter
Forum
Replies
Last Post
Kevin Groat
Computer & Technology Related
4
29 December 2006 11:52 PM