NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Router Recommendations
I am hopeful that a knowledgeable someone can save me some research time in selecting a new router. I have a few must haves and a few nice to haves: Must Haves: VLAN support with wireless for e...
This allow me to keep my IoT devices separated from my primary VLAN. It also allows me to keep my guest network separate from both my primary and IoT VLANs.
Is the goal here just to have
- a main wifi network
- an IoT network (distinct, but can reach the main network and vice-versa)
- a Guest Network (isolated)
You can get this with WiFi 7 Orbi products, but the technology used is not VLAN.
an IoT network (distinct, but can reach the main network and vice-versa)
I wish to keep IoT devices completely isolated from my primary network.
All of the things in my Must Have list are easily accomplished with many non-mesh routers using custom firmware. That is exactly what I am doing currently. I use Fresh Tomato. However, my router is quite old and only offers 100 Mbps speeds. It is quite overdue for an upgrade! I was hoping to setup a mesh network, but it appears that I will have to basically repeat what I previously did, but with a newer non-mesh router. I think I am going to have to buy a modern non-mesh router and flash it with custom firmware like Fresh Tomato or OpenWRT.
With Fresh Tomato I can create multiple VLANs. I can assign specific port(s) to a specific VLAN. I can also have WiFi for each VLAN. It works quite well and keeps things isolated. I was hoping (not actually expecting) that there might be a mesh system that either offered these features with built-in firmware or could be flashed to do so.
Since many IoT devices do not have good security or anti-malware and can go for long periods of time without updates, it seems dangerous (in my opinion) to keep them on the primary LAN.
I wish to keep IoT devices completely isolated from my primary network.
Ok. Orbi (and Netgear routers generally) have a different policy -
- the guest network is isolated (both from the main network, and clients are isolated from each other).
- the IoT network is not isolated, but can be limited to 2.4 ghz (or 5 ghz only), and can have WPA2 security.
This works better for me than isolating the IoT devices, as it allows me to access them locally from my phone w/o needing to join the IoT network to do that. Personally, I'm not convinced that isolating IoT devices accomplishes much as far as consumer security goes (some reasons are below). But of course different people will have different opinions on that.
This would be an ideal opportunity for someone to post links to information regarding the vulnerability of typical IoT devices.
Maybe read through these:
- https://iotbreakthrough.com/is-iot-finally-secure-what-2025-taught-us-about-cyber-risk-in-connected-devices/
- https://blogapp.bitdefender.com/hotforsecurity/content/files/2025/10/2025_iot_security_report.pdf
Reading through the second report:
- Streaming devices, smart TVs, and IP cameras now sit at the top of the vulnerability pyramid, collectively representing more than half of all CVE-class issues detected in smart homes.
- A lot of the report is centered on the hijacking of IoT devices into botnets that can launch massive cyber attacks. Isolating them on your home network won't do much, since those attacks aren't aimed at the consumer who owns them.
- A lot of the other threats are privacy leakage/data gathering - in other words, surveillance. The information being gathered is often only from the device itself (TV, streaming device, IP camera), so isolation probably won't help much there either. That said, TVs and streaming appliances are reasonably powerful, and could be hijacked to gather information from other devices on your home network.
The report classifies a NAS as an IoT device, which I find a bit odd.