Orbi WiFi 7 RBE973
Reply

Re: RBK853

vfromdc
Guide

RBK853

I noticed that my RBK853 system now allows iot networks (both 2.4 and 5.0 GHz). That is good news.

My question is, "Will devices on iot networks have visibility to my main networks? in other words, are main network and iot netwok isolated from each other like the guest network? I noticed that the iot network uses the same subnet as the main network. I appreciate your help.

Message 1 of 9

Accepted Solutions
CrimpOn
Guru

Re: RBK853

The very first Orbi series (2016) had an option for the Guest Network:

CrimpOn_0-1719856459658.png

Every Orbi system since then has no option for the Guest WiFi network.  Devices on Guest WiFi have only internet access and cannot access (or be accessed from) the primary network.

 

The Internet of Things (IoT) WiFi network was introduced in a firmware update to some of the Orbi AX products (but not all - sigh).  This is an obvious attempt to address the issue of IoT devices which are difficult to set up when both 2.4G and 5G WiFi have the same SSID due to poorly written smartphone apps.  Devices on the IoT WiFi network are part of the primary network and fully accessible.

 

 

 

View solution in original post

Message 4 of 9

All Replies
CrimpOn
Guru

Re: RBK853

Yes. IoT devices are part of the primary LAN IP subnet.
Message 2 of 9
vfromdc
Guide

Re: RBK853

I have used ASUS routers, they allow multiple guest networks that do not have access to the main network even though they may use the same subnet as the main network. I don't know how they do that but that is what it says. So, do you know if this is the case in Orbi? From your answer, it appears that it is not. Thank you.

Message 3 of 9
CrimpOn
Guru

Re: RBK853

The very first Orbi series (2016) had an option for the Guest Network:

CrimpOn_0-1719856459658.png

Every Orbi system since then has no option for the Guest WiFi network.  Devices on Guest WiFi have only internet access and cannot access (or be accessed from) the primary network.

 

The Internet of Things (IoT) WiFi network was introduced in a firmware update to some of the Orbi AX products (but not all - sigh).  This is an obvious attempt to address the issue of IoT devices which are difficult to set up when both 2.4G and 5G WiFi have the same SSID due to poorly written smartphone apps.  Devices on the IoT WiFi network are part of the primary network and fully accessible.

 

 

 

Message 4 of 9
vfromdc
Guide

Re: RBK853

Thank you CrimpOn for a clear and complete answer.

 

However, I am saddened to know this because I like to have my IoT network isolated just like a Guest Network. This is to protect my main network and other devices on the IoT network from any device on the IoT that might get broken into because of its poor design or implementation.

Message 5 of 9
FURRYe38
Guru

Re: RBK853

It's how NG intended the IoT network to be used. Due to poorly coded IoT apps and IoT devices, they require some form of connection to there devices. So the IoT network is kept on the same network as the main WLAN so the IoT devices and IoT apps can communicate back and forth since most phones and pads are commonly connected to the main WLAN. This can't be done on the GN since it's separate from the main WLAN on a different subnet and has no access to the main WLAN. So IoT apps and devices would have to be connected to same GN if you use the GN. Users choice. It how NG intended the IoT network to be used on there stuff. 


Good Luck. 

Message 6 of 9
CrimpOn
Guru

Re: RBK853

It is not clear (to me) how significant this risk might be.

  • Most devices on modern networks incorporate a firewall that rejects attempts to connect.  It is part of the simple Linux system they are built with.  It is hard to hack a system that will not accept a connection.
  • If some device were hacked, it will run into the same situation attempting to corrupt anything else on the network because other devices have an active firewall as well.
  • One would think if there were active methods for attacking common IoT devices, there would be alerts on the internet warning users.  This does not seem to be happening.

The vast majority of IoT devices readily connect to WiFi systems.  If they are connected to the Guest WiFi, then this meets your goal of isolation.  The IoT network then can handle the ones that do not behave well.

(Actually, one could do a complicated "dance" such as this:

  • Temporarily rename the Guest WiFi something else.  All devices currently connected to Guest will drop WiFi.
  • Temporarily rename the IoT WiFi to the previous Guest WiFi and connect this obstinate device. Of course, all Guest devices will connect.
  • Rename the IoT WiFi again, causing all devices to drop.
  • Rename the Guest WiFi back to the original SSID.  All devices will connect, including that nasty bugger.
  • Now all IoT devices are on the Guest WiFi - whew!

So far, I have zero devices that I could not connect to WiFi without doing anything special.

Message 7 of 9
vfromdc
Guide

Re: RBK853

Thank you FURRYe38 and CrimpOn for your explanations. I am not a network security person by any means. I learned a while back that it is best to put IoT devices on a guest-type network so that if they are hacked, the hacker can't reach any other device.  A device on the guest network cannot access any other device either on the main network or on the guest network itself. So I have been putting all of my IoT's on the guest network. However, I would like to separate the IoT network and the guest network, which is why I wanted 2 guest networks. All of the IoT apps that I use, such as Ring, Kasa, Resideo, etc., all work through their servers so they work fine irrespective of the network they are on. However, it appears from your explanations, that my understanding may not be accurate anymore, and that no one can access a device on my network through a hacked IoT.

Message 8 of 9
FURRYe38
Guru

Re: RBK853

Have had a few IoT devices on my system over the years. Have had no issues with them being hacked or someone gaining access to network resources. I presume of of this maybe protected by the internal firewall as well. 

 

I think you'll be fine. 

Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 1009 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi 770 Series