Question Why are SOHO routers adding advanced features like Wifi Guest Networks, Wired VLAN, and even Dual-WAN, but no "Wired Guest Network"?

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,585
10,225
126
Like dual-WAN, it would use VLAN support of the wired switch chip, to create one or more ports of an "Isolated VLAN", that couldn't access your LAN resources (like a NAS), but could only access the WAN. Possibly, it would have it's own WIRED GUEST DHCP/IP subnet too.

Basically, the wired equivalent of a Guest WIFI w/client isolation. Not quite the same as a true DMZ port, as it would still utilize NAT and SPI.

This would be a godsend to those of us working on relative's PCs, that might have viruses on them that could spread over the network.

Edit: They could also promote that setting as for "Smart TVs", such that, if hacked, couldn't be used as a staging platform to attack the rest of your network. Of course, by the same token, playing videos off of the NAS would also be off-limits to a Smart TV plugged into "Guest WIRED port".
 
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
39,745
20,315
146
Really tho, if PC work is your thing, having a VLAN'd network is the way to go. Ditch the consumer junk and get something you can isolate traffic with.

I use Ubiquiti, ER-X and a LR WAP, found a guide that helped overall:

help.ubnt.com

EdgeRouter - How to Create a Guest\LAN Firewall Rule

Overview Readers will learn how to create firewall rules that protect the router and limit traffic between multiple Local Area Networks (LANs). NOTES &amp...
help.ubnt.com help.ubnt.com

I modified parameters to fit my config, and created a isolated guest wifi and an IoT wifi (for Nest devices).

Before I configured the firewall rules, I confirmed with ping that traffic could flow between VLAN's.

After I set firewall rules, the isolated networks can't do anything but access internet.

All I would need to do is set a port to the same isolated vlan VID to make it work the same way now.
 
Last edited:
MtnMan

MtnMan

Diamond Member
Jul 27, 2004
9,400
8,790
136
It needs to be on every router, at least those that offer guest WiFi.
Best practice is to run all of your IoT devices on the guest network separate from your main network, and since many are WiFi devices, easy enough. However some connect via Ethernet, so I've got about 8 - 9 devices on the guestwifi, but one for security cameras on the main network.
Just allow a single LAN switchport to be assigned to the same VLAN/subnet as the guestwifi.
 
  • Love
Reactions: VirtualLarry
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
39,745
20,315
146
MtnMan said:
It needs to be on every router, at least those that offer guest WiFi.
Best practice is to run all of your IoT devices on the guest network separate from your main network, and since many are WiFi devices, easy enough. However some connect via Ethernet, so I've got about 8 - 9 devices on the guestwifi, but one for security cameras on the main network.
Just allow a single LAN switchport to be assigned to the same VLAN/subnet as the guestwifi.
Click to expand...

It goes back to post #2 in the thread. Market segment. If / when a big SOHO maker makes this an option, it won't be across the board. It will be a feature on a router that's premium and priced as such.
 
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,585
10,225
126
ch33zw1z said:
It goes back to post #2 in the thread. Market segment. If / when a big SOHO maker makes this an option, it won't be across the board. It will be a feature on a router that's premium and priced as such.
Click to expand...
I'm really hopeful, that with modern router chipsets and switch chips, that almost certainly support VLANs, that Router mfgs would make it a "standard feature", such as "Wireless AND Wired Guest LANs", just like they did with "Simultaneous Dual-Band". (*Remember, it wasn't always simultaneous, and always-on on both bands. Those were the "bad old days", and IMHO, these days are the "bad old days" with Guest Networks, with so many IOT things popping up, that should be segregated, whether wired or wireless, onto a VLAN that can "only" access internet.)
 
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
39,745
20,315
146
VirtualLarry said:
I'm really hopeful, that with modern router chipsets and switch chips, that almost certainly support VLANs, that Router mfgs would make it a "standard feature", such as "Wireless AND Wired Guest LANs", just like they did with "Simultaneous Dual-Band". (*Remember, it wasn't always simultaneous, and always-on on both bands. Those were the "bad old days", and IMHO, these days are the "bad old days" with Guest Networks, with so many IOT things popping up, that should be segregated, whether wired or wireless, onto a VLAN that can "only" access internet.)
Click to expand...

It's possible, I just don't see SOHO manufacturers doing this on all their devices anytime soon
 
MtnMan

MtnMan

Diamond Member
Jul 27, 2004
9,400
8,790
136
ch33zw1z said:
It's possible, I just don't see SOHO manufacturers doing this on all their devices anytime soon
Click to expand...
But on their higher end devices there is no reason to not offer this function.

I wouldn't even expect them to have the feature on low end/entry level devices.
 
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
39,745
20,315
146
MtnMan said:
But on their higher end devices there is no reason to not offer this function.

I wouldn't even expect them to have the feature on low end/entry level devices.
Click to expand...

I can see your point, it may or may not happen as a SOHO level. There's other vendors out there who provide low cost solutions, I wouldn't mind seeing one from Linksys or Netgear, but not gonna get my hopes up.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom