How does hacing a separate IoT Network - SSID provide better security

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How does hacing a separate IoT Network - SSID provide better security

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How does hacing a separate IoT Network - SSID provide better security
How does hacing a separate IoT Network - SSID provide better security
2024-05-31 01:47:52
Model: Archer AX3000  
Hardware Version: V1
Firmware Version: 1.2.2 Build 20230803

I am setting up my new TP-Link Router - Model AX3000 Pro. for teh 1st time and I see there is an option to have an IOT Network.  But... even though there is a separate SSID and password for this IoT network the Assigned IP address is the same as the LAN.

 

How does this IoT network provide better network security? 

  0      
  0      
#1
Options
6 Reply
Re:How does hacing a separate IoT Network - SSID provide better security
2024-05-31 16:47:23

  @Stavros19 

 

My router does not have a separate iot network, but I have used the guest network for iot. I do that as I can isolate the devices from the rest of my network by disabling intranet access. 
 

I suspect thst is what an iot network does. 

  0  
  0  
#2
Options
Re:How does hacing a separate IoT Network - SSID provide better security
2024-05-31 16:53:18

  @ArcherC8 

 

Quesiton 1:  How do you disble internet access just for thise devices?  

 

Question 2:  If you disable ingternet access for these4 devices are they still connected to the LAN?  For interna routing?

 

  0  
  0  
#3
Options
Re:How does hacing a separate IoT Network - SSID provide better security
2024-05-31 18:02:00

  @Stavros19 

 

The IoT network does not provide better security.  The IoT network simply uses different SSIDs to connect to the main network and all devices can see each other and communicate with each other. The IoT betwork does not have any permission options like those of the guest network.

 

You can provide some security by using "Device isolation" found under Advanced, Security.  Device isolation allows you to isolate IoT devices from the rest of the network, independently of which SSID they use for connecting to the router.

  

  3  
  3  
#4
Options
Re:How does hacing a separate IoT Network - SSID provide better security
2024-05-31 18:49:03

  @Stavros19 

 

I want the iot to access the internet but but have access to the rest of my network such as other devices or usb drives. Differnt companies call the feature differently. On Asus, it is "disable intranet" in the guest settings. On TP Link, I have seen the reverse as "allow guests to access your local network." 

  0  
  0  
#5
Options
Re:How does hacing a separate IoT Network - SSID provide better security
2024-06-02 16:04:46

While I don't have a TP-Link router that provides IoT network capability, I have another brand's router with IoT Network capability.   Like the TP-Link router, the IoT network provides a separate SSID, but uses the same address pool.   

 

As stated earllier by another user, since they are in the same address pool (192.168.0.x for example) - they DO NOT provide segregation from the rest of the network devices.   The IoT network idea was put together to make it eaiser to connect your IoT devices to your network (and keep them connected). 

 

Many of the IoT devices, especially older ones, don't support mixed mode security or WPA3 security.   Many of them also had difficulty connecting to SSIDs that may be on multiple bands (2.4+5) - aka SMART CONNECT network or any of a dozen other names.  Many of the IoT devices setup processes use the same badly put together software/apps, that forced the user to be connected to the SSID and BAND that the IoT devices used, and if the SSID was shared between 2.4GHz and 5GHz, if you were connected to 5GHz on your phone, you could not successfully connect the device.  At times, it was difficult to drop your phone connect to a 2.4GHz connection so you could connect a new IoT device.

 

What the IoT network does provide usually, is the ability to use different security methods - like WPA2-PSK  instead of WPA3  or mixed mode like WPA2-PSK + WPA3) that was more compatible with IoT devices.   

 

In the case of my other brand of router, my IoT network can also specify whether I use 2.4 GHz only, 5GHz only, or both 2.4GHz/5GHz.  So if I have a new IoT device to connect that is one of those "I have to be on the 2.4GHz band to set up" devices, I can invoke 2.4GHz only, reconnect my phone to that SSID now providing only 2.4GHz, set up the IoT device, then reset my IoT Network to 2.4GHz + 5GHz, and let all my IoT devices reconnect on the appropriate/desired/capable band.

 

So - the IoT network is not a security thing but an ease of use thing.   

 


 

 

Thomas C (TC) Murphy Park City, Montana USA
  0  
  0  
#6
Options
Re:How does hacing a separate IoT Network - SSID provide better security
2024-06-04 05:52:32

  @Stavros19 I'm using a different model (BE550) with dedicated IoT network. I can say it DOES NOT provide any security benefits (as of June 4th, 2024). I can still discover, ping, connect to my IoT devices, and vice versa. However, putting those devices into a Guest Network does help. By default, the guest network devices could not discover devices, connect to each other, nor reach the home network unless specified otherwise.

 

With limited security features of my model, not sure about yours, but should by pretty similar, we're left with either of:

- Put those devices in IoT Network, and use AP Isolation (Advanced -> Wireless), or selective device isolation (Advanceed -> Security -> Device Isolation). These 2 features are mutually exclusive.

- Use the guest network. And allow IoT devices to see each other, but don't allow them to access main network.

  1  
  1  
#7
Options