How do I separate non-IOT devices (computers, cell phones, etc.) from IOT devices?

Hey guys! I'm wondering how I can separate the core devices (my computer and phone, and my parent's computers and phones) from IOT devices (my two raspberry pis each running webservers, some smart plugs, printers, and smart TVs). I want to seperate them because I've heard all of the various security flaws with IOT devices and I want to at the very least reduce the risks from having such devices all without having to majorly disrupt the network as my parents are working from home. My router is a TP-Link Archer A7 V5 running OpenWRT 19.07.4 r11208-ce6496d796. I also have a usb connected to the router that's setup as extra storage and cache via extroot.

Check the wiki for the term "guest network"/ "guest wi-fi", that's basically the same procedure - and you can decide which routing/ forwarding rules you employ in the firewall configuration.


Thanks for the info! But it seems like I would have to create a new wifi interface, which would cause issues for certain devices (like the Google Nest display) as they strictly look at the SSID of the wifi and wont be able to detect anything that's not connected to the same SSID. Is there a way to seperate the devices within the network interface with the same SSID?

You don't have to create a(nother) wireless interface at all, you could keep it all wired as well (just splitting out one VLAN on dedicated ports).

Not really, not cleanly (yes, firewall rules and policy based routing can go a long way, but at a much higher maintenance overhead).

It is possible to set specific MAC addresses for each wireless interface.

1 Like

Sorry for the late reply! Uh, do you know of a guide that shows how to do this? I'm still pretty new to setting up stuff like this