5Ghz wifi is working but 2.4Ghz is not

ok but the firewall can't discriminate unwanted devices...

Not directly, no. But it can absolutely isolate the networks.

How big an issue is this really? If you feel that your network is really at risk, you can implement 802.1x authentication using a RADIUS server. That's a lot of work and is usually overkill for most environments. But if you have reason to believe that there are attackers within wifi range targeting your network for the purpose of compromising your trusted devices (as compared to, for example, simply using your internet connection), maybe 802.1x auth is the way to go.

What evidence do you have to suggest that your network is under attack?

I don't have evidences, I just want to protect my network...

Without evidence, don't go overboard. It's easy to put on the tin-foil hat, but it's a lot of work.

Do what I described earlier and you'll probably be just fine.

Do you have steps for creating a new additional Wifi network for IoT and other devices?

Wiki has it:

1 Like