Home Network Community > Deco > Iot Confusion
< Deco

Iot Confusion

Iot Confusion

Iot Confusion
Iot Confusion
Sunday
Tags: #Network Connectivity #IoT Network #Wi-Fi Access Control #Guest Network
Model: Deco XE75  
Hardware Version:
Firmware Version: 1.4.3 Build 20240926 Rel 38336

I don't fully understand how the IoT SSID works.

My set-up - I have 3 XE75's, 1 main and 2 slaves, I have a private network, a Guest Network and an Iot network.

All networks are isolated by MAC filtering, 'Private' IP addresses are 192.168.2.9 to 192.168.2.19, Iot devices are all filtered to 192.168.2.200 and up, guest devices are free to choose what left above 192.168.2.20. I have blocked all vacant IP addresses below 192.168.2.19 with dummy MAC addresses. My Deco units and the ATA use addresses below 192.168.2.9. I have a Synology home sever, with firewalls set up only to allow connection from devices connected to my private network.

 

My Question - On my previous router I set up an SSID specifically for Iot devices (Alexa, Tuya radiator valves, Eufy door bell & Wifi remote switches), and the only way to communicate to any of these devices from my Phone was to logon to the IoT SSID. Now even though I have registered my IoT devices on the IoT SSID network, and isolated them, I can still access any of them from my main private network, and that makes me think can they, if hacked also access my devices on my private network, such as my home server.

 

All thought and comments are welcome.

Thanks

Stu

  0      
 
  0      
 
#1
Options
8 Reply
Re:Iot Confusion
Sunday

  @Im-New-To-This 

 

See if the following post helps if not please let me know 

 

https://community.tp-link.com/us/home/kb/detail/412694

 

Thank you 

Need help with the Deco app, setup, Ethernet backhaul, network switch or rolling back firmware? Router or AP mode? https://community.tp-link.com/us/home/forum/topic/699816?page=1
  0  
  0  
#2
Options
Re:Iot Confusion
Sunday - last edited Sunday

  @HelpFixDecoApp  Thanks for the reply, alas, the article does not address my issue.   

 

I was going to add a screen shot but can not see how.

 

Anyway, my IoT devices are connected to my IoT network, with isolation enabled. However,  I can still access/control the IoT devices from my phone that is connected to the main network.

 

My firmware is 1.4.3, not 1.7.x as needed in the linked document (*IoT Networks and Device Isolation Policies are Currently Rolling out to Deco’s via the 1.7.0 Firmware Update. If you do not see the option for Device Isolation, ple......)

 

Could it be that i have the IoT devices in my allow list?

Cheers

Stu

  0  
  0  
#3
Options
Re:Iot Confusion
Sunday

  @Im-New-To-This 

 

You would have had to added them one at a time to your list for them to show up in the Allow list. Let me tag one of the support staff in this post. There might be a beta firmware to address this or maybe a setting Im unaware of

 

@David-TP 

 

 

Need help with the Deco app, setup, Ethernet backhaul, network switch or rolling back firmware? Router or AP mode? https://community.tp-link.com/us/home/forum/topic/699816?page=1
  0  
  0  
#4
Options
Re:Iot Confusion
Sunday

  @HelpFixDecoApp thankyou for tagging the tech team to this query.   To make it easier to identfy my IoT device I apply MAC filters so I thought they should be added to the allow list.
I thought the main difference between the Private and  IoT networks, is that the IoT network allows device isolation.

Cheers 

Stu. 

  0  
  0  
#5
Options
Re:Iot Confusion
Sunday

  @Im-New-To-This 

 

Your understanding is correct but it has been an issue in the past. I know a lot of users have just used the guest network as the IoT network just as a work around till it is fixed. They have a bunch of beta firmware that I've tried to get access to in the past but they like to keep that under lock and key so they can track what users get what beta firmware in case there are problems with it.

 

David wont be able to get back to you for at least 9 to 10 hours once his shift starts, 

Need help with the Deco app, setup, Ethernet backhaul, network switch or rolling back firmware? Router or AP mode? https://community.tp-link.com/us/home/forum/topic/699816?page=1
  0  
  0  
#6
Options
Re:Iot Confusion
Sunday

  @HelpFixDecoApp Thanks again for the reply, as im away until next Saturday I will  be putting this thread on hold for a week. When i get back I will  look into the suggestion of using just the Guest Network.

I am bit disappointed as the separate IoT network availability was one of the reasons I chose the XE75 over the competition.

  0  
  0  
#7
Options
Re:Iot Confusion
Monday

  @Im-New-To-This 

Hi, thank you very much for the feedback.

Did you set Deco XE75 into Access point mode? You can check the operation mode in Deco App>More>Advanced>Operation mode.

 

The IoT Network is not isolated from the Main WiFi Network. You can refer to this link for more details:

Guest Network vs IoT Network vs Device Isolation

 

"All networks are isolated by MAC filtering, 'Private' IP addresses are 192.168.2.9 to 192.168.2.19, Iot devices are all filtered to 192.168.2.200 and up, guest devices are free to choose what left above 192.168.2.20. I have blocked all vacant IP addresses below 192.168.2.19 with dummy MAC addresses. My Deco units and the ATA use addresses below 192.168.2.9. I have a Synology home sever, with firewalls set up only to allow connection from devices connected to my private network."

- I don't think Deco can achieve such IP segment divisions. Did you configure the above settings on the ISP router? Or where have you made the above configuration?

 

Wait for your reply.

Best regards.

 

Check What's Currently Going on With DecoDeco X50_V1_1.8.0 Significantly Expanded the Client Connection Details and Added Channel SelectionDeco BE85 1.2.0 Enhanced Mesh Backhaul Stability and Device Roaming ExperienceDeco BE65/BE65 Pro 1.2.0 Enhanced Mesh Network Stability and System SecurityDeco BE75 1.1.0 Added WireGuard VPN, Manual Channel Selection and More Try to leave a Message if urgent help is required.
  0  
  0  
#8
Options
Re:Iot Confusion
Monday

  @David-TP 

Did you set Deco XE75 into Access point mode? You can check the operation mode in Deco App>More>Advanced>Operation mode.

No, my Deco is set in Wi-Fi Router mode (1 Main and two slaves)

 

The IoT Network is not isolated from the Main WiFi Network. You can refer to this link for more details:

Guest Network vs IoT Network vs Device Isolation

enlightenedTo achieve separate SSIDs over 2.4GHz and 5GHz, it is recommended to enable 5GHz only under the Main Network and enable 2.4GHz IoT Network

 I don't think I can turn off the 2.4GHz band on my network as some devices use it as a backup when out of range of the 5GHz band. The IoT network is 2.4GHz and some devices will not connect  to the 5GHz band if the 5GHz is present.

 

- I don't think Deco can achieve such IP segment divisions. Did you configure the above settings on the ISP router? Or where have you made the above configuration?

Those shall we say "IP groups" are set with MAC filtering, these are: 

192.168.2.1  to 192.168.2.4 (Main devices such as Deco's, ATA, not expected to have to change just add to), 

192.168.2.5 to  192.168.2.8 (blocked with dummy MACs),

192.168.2.9 to 192.168.2.20 ( Private network devices, unused addresses blocked with Dummy MACs),

192.168.2.216 to 192.168.2.222 (IoT deivces not all addresses used)

I'm only using the Deco units.

 

I have allowed access to all of the devices (where my problem may be), but not Guest network devices, and IoT devices are all Isolated

 

  0  
  0  
#9
Options

Information

Helpful: 0

Views: 85

Replies: 8

Tags

Network Connectivity IoT Network Wi-Fi Access Control Guest Network
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.