How does hacing a separate IoT Network - SSID provide better security
I am setting up my new TP-Link Router - Model AX3000 Pro. for teh 1st time and I see there is an option to have an IOT Network. But... even though there is a separate SSID and password for this IoT network the Assigned IP address is the same as the LAN.
How does this IoT network provide better network security?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
My router does not have a separate iot network, but I have used the guest network for iot. I do that as I can isolate the devices from the rest of my network by disabling intranet access.
I suspect thst is what an iot network does.
- Copy Link
- Report Inappropriate Content
Quesiton 1: How do you disble internet access just for thise devices?
Question 2: If you disable ingternet access for these4 devices are they still connected to the LAN? For interna routing?
- Copy Link
- Report Inappropriate Content
The IoT network does not provide better security. The IoT network simply uses different SSIDs to connect to the main network and all devices can see each other and communicate with each other. The IoT betwork does not have any permission options like those of the guest network.
You can provide some security by using "Device isolation" found under Advanced, Security. Device isolation allows you to isolate IoT devices from the rest of the network, independently of which SSID they use for connecting to the router.
- Copy Link
- Report Inappropriate Content
I want the iot to access the internet but but have access to the rest of my network such as other devices or usb drives. Differnt companies call the feature differently. On Asus, it is "disable intranet" in the guest settings. On TP Link, I have seen the reverse as "allow guests to access your local network."
- Copy Link
- Report Inappropriate Content
While I don't have a TP-Link router that provides IoT network capability, I have another brand's router with IoT Network capability. Like the TP-Link router, the IoT network provides a separate SSID, but uses the same address pool.
As stated earllier by another user, since they are in the same address pool (192.168.0.x for example) - they DO NOT provide segregation from the rest of the network devices. The IoT network idea was put together to make it eaiser to connect your IoT devices to your network (and keep them connected).
Many of the IoT devices, especially older ones, don't support mixed mode security or WPA3 security. Many of them also had difficulty connecting to SSIDs that may be on multiple bands (2.4+5) - aka SMART CONNECT network or any of a dozen other names. Many of the IoT devices setup processes use the same badly put together software/apps, that forced the user to be connected to the SSID and BAND that the IoT devices used, and if the SSID was shared between 2.4GHz and 5GHz, if you were connected to 5GHz on your phone, you could not successfully connect the device. At times, it was difficult to drop your phone connect to a 2.4GHz connection so you could connect a new IoT device.
What the IoT network does provide usually, is the ability to use different security methods - like WPA2-PSK instead of WPA3 or mixed mode like WPA2-PSK + WPA3) that was more compatible with IoT devices.
In the case of my other brand of router, my IoT network can also specify whether I use 2.4 GHz only, 5GHz only, or both 2.4GHz/5GHz. So if I have a new IoT device to connect that is one of those "I have to be on the 2.4GHz band to set up" devices, I can invoke 2.4GHz only, reconnect my phone to that SSID now providing only 2.4GHz, set up the IoT device, then reset my IoT Network to 2.4GHz + 5GHz, and let all my IoT devices reconnect on the appropriate/desired/capable band.
So - the IoT network is not a security thing but an ease of use thing.
- Copy Link
- Report Inappropriate Content
@Stavros19 I'm using a different model (BE550) with dedicated IoT network. I can say it DOES NOT provide any security benefits (as of June 4th, 2024). I can still discover, ping, connect to my IoT devices, and vice versa. However, putting those devices into a Guest Network does help. By default, the guest network devices could not discover devices, connect to each other, nor reach the home network unless specified otherwise.
With limited security features of my model, not sure about yours, but should by pretty similar, we're left with either of:
- Put those devices in IoT Network, and use AP Isolation (Advanced -> Wireless), or selective device isolation (Advanceed -> Security -> Device Isolation). These 2 features are mutually exclusive.
- Use the guest network. And allow IoT devices to see each other, but don't allow them to access main network.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1934
Replies: 6
Voters 0
No one has voted for it yet.