Two Routers and Iot

[kylet]

I am looking to separate my Iot devices from my main network.  I am doing this at a private residence with no business needs.  I am also trying to keep every as inexpensive as possible.  I came across the linked video and was wondering if this was actually a wise way to separate IoT devices? 

 

Current set-up:

• I am on a Fiber network with only one LAN connection. 

• My current router is a Linksys WRT3200ACM so the firmware is almost useless. 

Initial Solution

• I tried using DD-WRT but my wireless switch for the garage door opener would not connect. 
  • It has no problem connecting with the standard Linksys firmware. 
  • All my other IoT devices linked without issue to DD-WRT.
• Trying DD-WRT so I could set up multiple wireless vlan's and separate these devices but since I can't use the firmware I am SOL. 

 

My potential solution after watching this video

• Add a second, cheap router, to my network as described in the video and move all devices to their own non-broadcast SSID. 
  • I would do this by connecting the cheap routers WAN port to a free port my my WRT3200ACM

Issues I'm concerned about

• Is this truly a secure way to setup IoT?
• Will I have issues accessing my printer if it's on the IoT network or should I leave it on my main network?
• Will my IoT devices truly be isolated from my major devices such as my home workstation?

 

I feel I'm low risk of being hacked but hate having these cheep Chinese devices on the same network as my workstation with lots of person data. 

 

YouTube "Using A Second Router For IoT Devices"

[Alex Atkin UK]

It will prevent broadcasts from crossing the LANs but that's about it.  The IoT devices can still access your entire LAN, because the second router just performs NAT to your LAN the same way the main router performs NAT to the Internet.  (they are routers after all, their job is to pass traffic between different IP ranges)

 

Without some hackery you won't be able to access the printer on the second LAN because that second router is isolating it, the same way the main router is isolating you from people on the Internet.  Its not worth the hassle.

[Donut417]

I think the proper way of doing this is with Vlans. But you probably not going to find those options on consumer grade gear. PFsense would also provide an option as well. 

[boarder2k7]

Correct, you would need VLANS to have isolated networks, 2 APs doesn't do anything other than giving you two SSIDs. If you can put one of the ports on its own VLAN you can then have your IOT devices "outside" the network. You would not put your printer on this however, as you need to be able to talk to it from your regular home VLAN. Broadcasting or not broadcasting the SSID doesn't really do anything for your security, so just do whichever is easier to get your IOT stuff hooked to.

 

A quick google found this, it should help you with this https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199