Will IoT devices work properly in the G3100 guest Wi-Fi subnet?
jlg21
Enthusiast - Level 3

I’m new to FIOS and to the G3100 router and am trying to configure a home local area network (LAN) that previously used Cox Communication.   If I put my Internet-of-Things (IoT) devices on the G3100 Wi-Fi guest subnet, will they be able to see each other?  And do they need to?

All I know now is that a computer connected to the default guest Wi-Fi subnet (192.168.200.x) can ping other devices on that subnet but cannot browse to the gateway.  So I know there are some barriers but not total isolation.  I don’t see anything in the G3100 management console that controls whether devices are isolated from each other, either on the primary or guest subnets.  If you know where those control are, please tell me.  But the question here is where to put IoT devices.

I think the FBI is right to ask all of us to isolate our IoT devices on a separate subnet from our communication devices.  Even if I didn’t agree with the FBI, I would probably follow its advice since it’s not just my safety involved. 

But I don’t see anything on the Verizon support web site or in the G3100 manual about the best way to do that.  And I’m not a network expert.  It seems like a huge management chore involving individual MAC addresses to isolate a subnet within the primary G3100 default subnet.  I don’t even know if it’s possible.  But it would be easy to put them into the G3100 guest Wi-Fi subnet.

The problem is that it's a lot of work reconnecting each device just to find out they won't work together.  IoT devices like Amazon Alexa smart speakers, Home Life SmartPlugs and Google Nest smart thermostats and smoke detectors need to communicate with one another to work properly.  I think that communication has to be within the LAN subnet, but I’m not sure.

I don’t think regular FIOS support or even priority support has people who can answer simple network questions like this. At least not people you can easily reach.  Luckily, I think the Repair Department does have a lot of people who understand networks.  But if someone here can answer my questions, it will save me having to fight my way through the crazy Verizon call routing gauntlet.

I know it takes some time and concentration to read and understand this post.  So thanks in advance for considering my question.

0 Likes
Reply
1 Solution
Seeker1437
Community Leader
Community Leader

@jlg2 wrote:
If I put my Internet-of-Things (IoT) devices on the G3100 Wi-Fi guest subnet, will they be able to see each other?

The Guest Wi-Fi is designed as a way to allow guests to visit you and connect to and use your internet without having to give them full access to the entirety of your home network.

 

It will isolate the non guest network traffic from guest network traffic. Devices within the same subnet will still be able to talk to each other unless the individual devices are configured not to allow this.

 

-- TL;DR --

Yes.

 


@jlg2 wrote:
And do they need to?

It really depends on the device on a case by case basis. From the things I read IoT traffic just needs to be isolated form normal home traffic but the rules on whether each IoT device should be isolated from other IoT devices is not described. I am pretty confident it is not needed.

 

-- TL;DR --

Yes.

View solution in original post

23 Replies
Cang_Household
Community Leader
Community Leader

Seeker1437 is right. Seeker1437 did not imply that this setting is available on G3100's DHCP server, but you do not need to use G3100's DHCP server. Any computer with Network Interface Cards can act as a DHCP server or even a router. You can disable G3100's DHCP server and setup your own DHCP server.

With your own DHCP server, you can create as many subnets as you want. G3100's Guest Network is not simply a subnet. It is like a VLAN. For security, you want your user devices and IoT on separate broadcast domains, not only on separate subnets.

jlg21
Enthusiast - Level 3

Thanks again, Cang_Household, for the 1/12/21 post about using Windows DHCP service.  I had not thought about that alternative.  Your post did not have enough info for me to understand how it would work though.

I understand how to provide DHCP service from Windows.  Or at least from the Pro and Education implementation of Windows.  But if you did that and disabled the router's DHCP service, how would the Windows computer rejoin the LAN?

In other words, you disable DHCP on the G3100 then you enable it on the Windows computer attached to the LAN.  I get that.  But then what?  What happens when the Windows computer, restarts?  It seems like there's a step missing here. 

0 Likes
Reply
Cang_Household
Community Leader
Community Leader

DHCP stands for Dynamic Host Configuration Protocol. What is the opposite of dynamic? Static.


@jlg2 wrote:

But if you did that and disabled the router's DHCP service, how would the Windows computer rejoin the LAN?


Right now, the DHCP server on your Windows is disabled, and the G3100 is acting as a DHCP server. The same question would go to G3100. How does G3100 join the LAN in the first place? Who can G3100 ask to assign it a LAN IP address? G3100 asks itself? No, it does not have that authority. The answer is static configuration. You can assign any LAN IP address to any device you want, even multiple IPs on different subnets for the same device, as long as the IPs do not conflict with other devices. (G3100 does not create the LAN. Any two network cards can create a "LAN." LAN is only a name to designate a network). As long as a network interface can access other network interfaces, it is considered to be joined (no matter whether you want to route to there or switch to there.)

Again, a Windows DHCP sever may not be your solution. Subnetting through DHCP server only ensures layer 3 isolation. What you are looking for is layer 2 isolation. The Guest Network on G3100 is layer 2 isolated from the host network. Layer 2 isolation can be easily achieved using a commercial-grade access point or switch.