Home Network IoT Security

[NetworkHound]

I've been reading a lot about network security and IoT. One suggestion that keeps coming up is to segregate all IoT devices on their own network or VLAN.

I currently use a consumer router with a guest network and a main network. I could dump all the IoT devices into the guest network, but then I don't have a network for friends to use.

Is there another way to segregate networks or should I be looking for some kind of router that can do VLAN groups? I was thinking I could find a router, use my current consumer router as an AP, and then get an additional AP.

Am I missing something?

 

[Rifter]

no you are on the right track. You need a router that can do Vlans. Thats what i just did, built a Pfsense box to use as a router/firewall and then used my old netgear R7000 as a AP only.

 

[NetworkHound]

Alright, so it sounds like doing VLANs is the way to go.

So theoretically I need a router that can setup VLANs on the LAN ports. I can use my current router as one AP. If I need a total of three wireless networks (secure, guest, internet-of-things) then I need two more APs, each attached to different LAN ports with different VLAN tags. Or I need one more AP that can handle multiple VLANs and multiple SSIDs. Correct?

Any recommendations for routers and access points? I want to put my current router to good use, so I guess I'll use it as one AP.