Posted: Tue Jun 08, 2021 10:23 Post subject: Create isolated IoT Network
Hello there, I'm having some trouble accomplishing this one.
I'm thinking of adding some IoT devices to my home, but as far as I know, it's a good pratica to have a separated network for those devices. So currently I have my ISP router and an old TP-Link WR841Nv9 with DD-WRT on it, working as an extender to my ISP Router.
I've created two VAP, one to wireless extend my private network and the other one for the IoT devices. As it is right now I can access Internet on both SSID's, but as I said earlier I want to isolate the IoT devices from my private network and control them even when I'm connected on main router or the extender.
How can I achieve this with DD-WRT? I will leave some details about my current setup below.
Main Router
-------------
IP: 192.168.1.1
DHCP Pool Start: 192.168.1.100
Do you have an error in typing... you have the IoT Network as IP 192.168.100.1, but the server is 192.168.1.1? this could happen if you are using a /16 netmask instead of /24, but just checking.
Based on the OP's description, I assume the extender is patched LAN to LAN wrt the primary router. And as such, the IoT network should be configured by the extender, NOT the primary router. IOW, if the IoT network is 192.168.100.0/24, and the IP assigned to ath0.1 on the extender is 192.168.100.1, then clients of the IoT network should be configured by the DHCP server on the extender and have a default gateway of 192.168.100.1. You'll then need to either NAT the IoT network over the private network …
… or else define a static route on the primary router that points to the extender's IP (192.168.1.2) as the gateway to the 192.168.100.0/24 network.
Finally, IoT devices need access to the private network in order to reach the WAN of the primary router for internet access, but denied access to specific resources on that private network.