G+_Golden Retriever Posted March 14, 2017 Share Posted March 14, 2017 Did any router manufacturers ever put the 3 dumb router principal concept into practice in a single hardware package? Link to comment Share on other sites More sharing options...
G+_Gary Parks Posted March 14, 2017 Share Posted March 14, 2017 Everyone I've seen always has UPNP turned on. Link to comment Share on other sites More sharing options...
G+_Golden Retriever Posted March 14, 2017 Author Share Posted March 14, 2017 Gary, I'm referring to Steve Gibson concept of separate IOT and main traffic routing so that rogue IOT hardware cannot discover any of our lan side information from your main device side. Your UPNP comment is confusing me. Link to comment Share on other sites More sharing options...
G+_Akira Yamanita Posted March 14, 2017 Share Posted March 14, 2017 Tod Sage Business class firewalls do that. I'm not aware of any personal class routers that can do that. That said, considering that some have guest wireless features and VLAN separation, it's probably just a matter of time. Depending on your needs, you could probably reduce the router count (without going up to business class) by getting one with more features. For example, a Ring video doorbell could be placed on a guest wireless zone with client isolation. That keeps it from communicating with anything locally but it doesn't matter because it just needs Internet access. However, that wouldn't work with AirPlay on an Apple TV. Link to comment Share on other sites More sharing options...
G+_Benjamin Webb Posted March 15, 2017 Share Posted March 15, 2017 Guys your thinking of vlans when you just need a guest wireless network. Most people are just trying to watch Netflix with a smart TV. Asus has it on much of its stuff and you can do it with third party firmware as well. I have 5 different wireless networks with my home made router running openWRT. AC, Guest AC, N, Guest N, and legacy (stupid G printer from Epson). My monstrosity is running 3 radios with 8 antennas. Link to comment Share on other sites More sharing options...
G+_Golden Retriever Posted March 15, 2017 Author Share Posted March 15, 2017 I actually own an ASUS and I remember Steve gushing about how on the Ubiquiti Edge Router X each of the 5 ports are a separate interface much like a VLAN. But I don't recall him ever saying that the Ubiquiti Edge Router X superseded the need for the three dumb router concept Link to comment Share on other sites More sharing options...
G+_Benjamin Webb Posted March 15, 2017 Share Posted March 15, 2017 Tod Sage You can't beat the security of using physically separated devices but a guest wireless done correctly should limit them just to internet. I cannot vouche for implementations I have not tested though. Everybody is allowed their own different levels of paranoia. I believe this implemtation to be sufficient but there could always be some undiscovered security hole in the future. Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted March 15, 2017 Share Posted March 15, 2017 Multiple VLANs seems like it should be adequate to replace the "3 dumb routers" - if it's setup correctly. If the APs are done correctly, there's probably not any reason one AP can't be used for both the IoT devices and the trusted devices. I talk about the Ubiquiti APs a lot, but they do allow 4 SSIDs and a separate VLAN for each SSID. The guest network idea isn't terrible either - unless you're going to use it for guests. If you're light bulbs infecting your computers, do you really want to subject your "guests" to that insecurity? Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted March 15, 2017 Share Posted March 15, 2017 Benjamin Webb has a crazy awesome router and it sounded like a fantastic project. OpenWRT or DD-WRT on a decent router should open the user up to lots of possibilities though. Link to comment Share on other sites More sharing options...
G+_Fr. Robert Ballecer, SJ Posted March 15, 2017 Share Posted March 15, 2017 Several higher end routers (at least the ones from Asus & Synology) have guest networks that are VLAN'd not only from the primary network, but from other devices on the guest Network. Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted March 15, 2017 Share Posted March 15, 2017 Fr. Robert Ballecer, SJ ah, very nice. I typically avoid guest WiFi when I go places and only join if I'm bored. I almost always find many other devices when I scan the network. Last time I was able to "see" other devices, but all ports were blocked so I guess Buffalo Wild Wings did something right... Link to comment Share on other sites More sharing options...
G+_Golden Retriever Posted March 15, 2017 Author Share Posted March 15, 2017 Ben Reese I don't get guests, it's an open network on the guest side so any IOT devices would only effect a nabor jacking my guest stuff, it's also de-prioritized and slows more when my main WiFi is in use. Link to comment Share on other sites More sharing options...
G+_Benjamin Webb Posted March 15, 2017 Share Posted March 15, 2017 Tod Sage At least on mine I have a password for the guest network and an isolation flag set so they can't talk to each other. Link to comment Share on other sites More sharing options...
G+_Fr. Robert Ballecer, SJ Posted March 16, 2017 Share Posted March 16, 2017 Answer will be in this coming Monday's episode. :) Link to comment Share on other sites More sharing options...
G+_Golden Retriever Posted March 16, 2017 Author Share Posted March 16, 2017 Episode of know how? Link to comment Share on other sites More sharing options...
G+_Golden Retriever Posted November 12, 2017 Author Share Posted November 12, 2017 Fr. Robert Ballecer, SJ what show / episode, your on a few. Link to comment Share on other sites More sharing options...
Recommended Posts