>> This is fine but cuts both ways. If you’ve isolated a device so
it can’t hop onto your main network, it means you can’t get to it
from there either. Luckily, most apps such as Alexa, Ring, and
Logitech don’t access your device directly across the network,
but both the app and the device talk to the same server out in a
data center somewhere. If you need to connect directly to the IP
address of your device that’s within the internal pool doled out by
the router’s DHCP server, then you’re out of luck and will need to
either reduce security or attach it to the main 2.4GHz network.
>> Our consumer Netgear AX router has little in the way of
options and displays the Guest network page badly too [Image
B]. We can set up a guest network on either the 2.4GHz or 5GHz
bands, show or hide the SSID, and opt to add security, or not.
Most importantly, there’s a checkbox to prevent guest devices
C
from seeing one another or the broader network. For IoT
devices, this box should be checked. Note that Google
routers don’t offer even this level of security, allowing
Guest devices to mingle with others.
4
GUEST NETWORKS AND PI-HOLES
If you’re using a Pi-Hole to block ads (see
November’s issue) then you need to allow these
Guest devices to access the Pi-Hole, as it’s acting as
the network’s DNS server and therefore the gateway
to the wider internet. This comes down to your router
firmware. You need to add the IP address of the Pi-Hole,
which should be fixed. This isn’t an option anywhere in
the settings of our Netgear router, and the same is true
of a few other brands, including Apple and TP-Link. The
only options seem to be hitting the button to allow Guest
devices to see one another and the wider network, which
defeats the entire point of doing this, or finding some
custom router firmware that allows it, and doesn’t open
a dozen other security holes along the way.
5
VLAN
A Virtual LAN is like a beefed-up Guest Network.
Routersecurity.org compares a VLAN to a
fish tank. If you have two tanks, the fish in one can’t
interact with the fish in the other. Put a curtain (or
VLAN) between the tanks and they can’t even see
each other. Misconfiguring a VLAN can mean loss of
internet connectivity, many router reboots, and general
annoyance to everyone on the network, so go carefully.
On our Netgear router, it’s the last option in Advanced
> Advanced Setup. Put your Ethernet ports and 5GHz
Wi-Fi network in one VLAN, and the 2 .4GHz network in
another. Both can access the internet, but while devices
on the 5GHz Wi-Fi and Ethernet can talk to each other,
devices on the 2 .4GHz wireless can’t interact [Image C].
©^
AS
US
1. ADVANCED
This is where all the interesting
tools are, though you can find
security options in Basic too.
2. GUEST NETWORK
Both our Netgear and Asus
(running Merlin firmware)
routers make it easy to find
Guest Network options.
3. EVEN MORE ADVANCED
This is the home of the VLAN
settings, which you should read
up on further before tackling.
4. ASUS GENERAL SETTINGS
The Guest Network is high
up on Asus’s list, and it offers
three to Netgear’s one.
5. WIRELESS SETTINGS
Here, you’ll find security,
filtering, a block list, and
advanced Wi-Fi settings,
all in one place.
6. AP ISOLATED
This is a useful setting that can
cut off one access point from
the rest of the network.
ROUTIN’ TOOTIN’
1
2
3
4
5
6
Putting an old or unused router into your network
to gain extra Wi-Fi networks if your main unit
doesn’t offer more than two is a good way to
extend your network, but it’s worth making sure
that the secondary device isn’t too old, as it may
then become a security risk in its own right.
To do this, you’ll need to put the secondary
router into access point mode, which again is
something that varies by manufacturer. On our
Netgear router, we found it under Advanced >
Advanced Setup > Wireless AP, but other models
may vary. AP mode switches off the router’s
modem functions and slaves it to the DHCP
service running on your main unit.
It continues to look after the wireless networks
it deploys—typically one 2.4GHz and one 5GHz,
though you don’t have to use both—and routes
all traffic through the main router onto the wider
network or internet. There are still no options on
the stock Netgear firmware to isolate a secondary
router from the rest of the network, but you can
use a VLAN to separate it off.
ADD A SECOND
ROUTER
HOL 2021 MAXIMUMPC 63
