Set up an isolated network by configuring a separate subnet or VLAN within your existing network settings.
Set up an isolated network by configuring a separate subnet or VLAN within your existing network settings.
You have a big area with a TP-Link mesh system and fiber internet working well. You want to set up a separate public Wi-Fi using your old AirPort Extreme, so it can connect to the internet but remain invisible to your local devices. The setup tool creates a network in bridge mode, which seems correct, but you’re seeing all your devices listed. When you try manual DHCP and NAT, errors appear. You’re unsure what to do and need guidance without deep technical knowledge. Any advice would be greatly appreciated!
The TP Link mesh network doesn’t allow guest Wi-Fi connections. Many modern routers or access points handle this by default.
Using the guest network on the Deco units remains the most straightforward approach. Its main goal is to stop clients from viewing each other’s data. This solution fits well with your IoT devices, which will already operate on 2.4GHz and won’t use much bandwidth. Guest clients can switch between 2.4GHz or 5GHz while staying isolated on the guest network. Introducing another physical access point would increase interference in the wireless band, potentially slowing down your existing connections—unless you’re lucky and have no other WiFi sources nearby. Also, the AirPort Extreme doesn’t offer AP isolation, according to recent reports. To work around this, you’d need to configure VLANs to separate clients, though setting that up on the Deco Mesh system might be tricky.
You’d need a firewall that supports VLANs to manage them properly. Routers handle VLANs and subnets at the network level, so you must configure router rules to isolate traffic. Switching devices only process packets based on MAC addresses, which isn’t sufficient for VLAN segmentation. For a proper setup, consider investing in modern networking equipment like a pfSense router or UniFi switches/APs. I’ve managed similar configurations and kept costs under $200, including a home lab for testing.
It might be useful to explore VLAN and DECO options, though I'm not certain that's what you were seeking.
It's worth considering whether TPLinks' VLAN implementation is both accurate and secure. Recent reports suggest Cisco faced challenges with VLAN configuration, indicating potential risks if set up improperly. Your skepticism is valid—trust should be earned through consistent performance and reliability.
For home use, I wouldn't prioritize VLAN hopping much because it's unlikely people would connect randomly. If a breach happens, I'd focus more on your firewall. Regarding the video, it seems you're asking if VLAN stacking is being discussed as a method to switch between VLANs.
I understand your perspective. However, if the objective is to divide the network, it’s important to confirm the hardware you’re using does the segmentation properly. I’m not sure how reliable the TPLINK setup is. It hasn’t been a while since I checked it, but I think that’s fine. It seems unlikely the issue lies with TPLINK itself—there are many ways it could fail. Still, I’m emphasizing that I wouldn’t rely on TPLINK to segment a network without further verification.