I know it's heresy, but about the Apple Extreme Base Station...

[RAMd®d]

Awhile back I wanted to put all my Mac and iDevices on one band and all my Hue and TP-Link stuff on another.

The theory is WiFi goodies are more easily hackable than computers and phones, according to various IoT people. I have no actual knowledge of that, myself.

I tried doing just that with my Last Flat AEBS, and as jcd and maybe somebody else mentioned, no joy. Even though they are assigned to different networks, it seems I can still access them from one network to another.

So I'm going to get Last Mohican AEBS and use two separate routers. This prompts the inquiry— how do I connect two routers to one modem?

In addition, the modem is also a router, so when I connect my current AEBS, it defaults to Network > Router mode: Off (Bridge Mode).

I assume they can be daisy chained somehow, and there's no need or advantage to buying a switch.

A cheaper option that does ac might be a consideration, but I can't argue with the ease of setup with Apple kit, if limited compared to a third party router.

[space-time]

I am very interested in this topic. I also have a few IoT things and I would like to keep these separate from my main network. I have a thermostat, washer and dryer, some smart-switches, some Amazon Echo/Alexa devices and I have some surveillance cameras coming.

IIRC my 2009 model AEBS has 2 networks, one is setup for my household (strong password) and one is set up for guests (easier to type password).

Now from what in remember, in Airport Utility (under Snow Leopard), there is an option to keep the 2 network separated. This means the guests cannot see your shared devices, printers, network drives and so on. My guess is that I could move all those IoT to the guest network. I may have turned down that options at some point, I do not remember.

I do not recall if the modern Airport Utility has all those awesome features, I think they tried to simplify it (dumb it down). It has been a very long time since I had to look at my AEBS. If those features were removed, I would need to find an older Machine running 10.6 or make a temporary boot drive for that purpose.

[Gilbert]

In order to have the segregation you mention, you would need three routers, in a Y formation - one main router and then two routers connected to it. The main router doesn't need wireless capabilities, just the ability to set up two separate networks.

I wanted a similar setup but ended up choosing to do with a single router that handle multiple VLANs and internal switches. So I have a VLAN for our regular wired and wireless home network, a second VLAN for IOT, and a third VLAN for Guest. The setup was a bit more complicated, but it is working for us.

This article is dated, but I believe the information is still correct:

https://www.pcper.com/reviews/General-Te...Insecurity

[NewtonMP2100]

....it's all about 'da base.....bout 'da base.....no treble......

[richorlin]

You can't use just one router and two bands. Both bands will be on the same network so they are not segregated. Gilbert's solution is the correct one: two separate networks. But I think the secondary routers will still be vulnerable through the primary router unless you firewall them.
The only way to keep something totally secure is to keep it off the internet. LOL

[Article Accelerator]

richorlin wrote:
You can't use just one router and two bands. Both bands will be on the same network so they are not segregated. Gilbert's solution is the correct one: two separate networks.

…and that's a cinch to do with the AEBS—just enable the guest network.

[RAMd®d]

You can't use just one router and two bands.

Well, you can, but performance suffers on the Guest network, so that I idea is out.

Gilbert, thanks for the link. I'll check it out.

Aha! It's about Steve Gibson's methodology for IoT security.

He is why I'm pursuing this course in the first place. I'll get that episode of Security Now!

Gilbert, is your router of choice a secret?

[Gilbert]

Happy to share but the setup is a bit convoluted. I am using equipment by Ubiquiti for the router and the wireless access point. The router I am using was also recommended by Steve Gibson and then I came across a post on the Ubiquiti forum of a person who has written an extensive guide available on GitHub and covers how to configure the router, its firewall and the WAP. I would have been lost without the guide. I also ended up replacing all of our unmanaged switches with managed switches by TP-Link that are VLAN-aware but that isn't necessary unless you want to pass VLAN traffic over the wired network.

The router I am using is called the EdgeRouter X. I paid around $50.

https://www.ubnt.com/edgemax/edgerouter-x/

The WAP I am using is the Unifi AP AC Pro. It supports up to 8 SSIDs per radio and it is strong enough to cover our house which is about 3400 sq ft. I paid around $130.

https://www.ubnt.com/unifi/unifi-ap-ac-pro/

The guide is available here and is quite extensive. I had to go through the process a couple of times as it is complicated as I previously said. But now that it is set up, the network has been rock solid.

https://github.com/mjp66/Ubiquiti

Where I used to have to reboot our Airport Extreme Base Station every couple of weeks, I have gone months between reboots of the system and the only reason I reboot is as part of the process to apply firmware updates.

Good luck!

[RAMd®d]

[RAMd®d]

After looking at the Gibson Method, and reading some of the comments, I'm looking at the Pepwave Surf SOHO, mainly based on what I've read here.

One piece of gear, and a UI that I can probably navigate. The one question is output power/range. There's no real mention of that.

Most routers have upped their WiFi strength in the last few years. The last AEBS is significantly more powerful than my pancake version.