+5 votes
by (2.1k points)
What’s the general consensus on if you should have an iot said or just have it all on the same ssid? I am expanding my setup and am heavily invested in the google ecosystem. Have 6 nest cam iq going in today. 3 nest cam indoor going in whenever I set them up. 1 gig internet and 5 google WiFi nodes in the house. Was looking at WiFi 6 mesh systems. I do not trust netgear at all and it seems right now they have the best on the market. Currently I have 56 devices connected to my network. My smart home setup is primarily hue bulbs, Wemo switches, and SmartThings things. My main concerns are the wireless getting crowded and security.  
What’s the general consensus on if you should have an iot said or just have it all on the same ssi

5 Answers

+3 votes
by (3.9k points)
 
Best answer
If you are using the same WiFi router or access points, on the same WiFi channel then having a separate SSID doesn't help at all as everything is still on the same channel, etc. It only helps from that perspective if you can run each SSID on its own WiFi channel. Also, if your thinking about security, then separate SSIDs don't help unless you have managed routers that can separate the traffic into different VLANs.  
by (2.1k points)
I'm not a networking guy. One of the areas of tech I despise and I'm too old to focus on it now. I understand the concept for VLAN's. My house is 5200 sq ft on 3 levels. The easy thing was google wifi. It's stable and takes all the thought out of it for me. What would you recommend for someone like me? If there's youtube videos out there on how to do things simply with managed switches etc. I don't mind that kind of thing, but I'm not about to go get net+ certified just to work on my smart devices.  
by (3.9k points)
@chavira personally, I'd say just stick with Google WiFi if it works for you.  
by (2.1k points)
Ill see if I see any latency or congestion on my network. If I start to experience that I’ll get some of my network minded friends to come set me up and pay them.  
+4 votes
by (870 points)
Most opinions will be to separate IOT smart home devices devices into their own VLAN or actually router separate from your other devices
+3 votes
by (6.1k points)
If you don’t have Ubiquiti hardware you don’t have “the best on the market”. All your IOT devices should be on there own VLAN and segmented from all other devices. Should one become compromised they won’t be able to compromise your network or issue any type of brute force attacks on anyone else if the vlan is configured properly to limit outbound traffic
by (5.6k points)
@avitzur I think that there are better things on the market than Ubiquiti. But that's at an enterprise level, not at the commercial consumer level. That said, Ubiquiti is what my home uses.  
+1 vote
by (5.6k points)
I do CyberSecurity professionally. Here is a screen shot of my wireless ssid breakdown: ourhsh: laptops, tablets, cell phones, etc. Everything on there needs full access to the web. idIoT: Is my IoT network. ourbuds: guest wifi portal Lockdown: security devices like cameras and door locks. Nothing here is exposed to the internet. This breakdown prevents your light bulb (idIoT) from getting your bank accounts from your laptop (ourhsh), keeps your smart InstaPot (idIoT), from watching your family on camera or unlocking your door. The devices on one network cannot see the devices on another. Just like you cannot see what's on your neighbors network. That's the power of segmentation.  
+5 votes
by (2.1k points)
What's your backed? Ubiquiti?  
by (5.6k points)
@chavira yes, but there are others that can allow you to do the same. Orbi comes to mind, but as you stated, you don't trust Netgear. Check out the Unifi Dream Machine. It's very similar in ease of use to your Google Nest WiFi. Pretty much just plug and play. But it also allows for much more customization if you do decide. Like multiple SSID's and vlans. The price for one isn't far off the price of your existing router.  
by (5.6k points)
My screenshot was on the Unifi Dream Machine
by (5.6k points)
This is how the networks can be set up. Notice that one network is for VPN. That way, I can still remotely access and control devices that only work on my local network, and do not touch the internet. The VPN brings me in, behind the router. The onboard firewall then allows me, and only me, to access devices on the various other networks. This is also useful when I'm out and about. If I'm at Starbucks or something, I'm using MY network, not theirs. Devices on their Network cannot see my traffic.  
by (5.6k points)
On top of that, you can also set up a Radius server on the Dream Machine. The software and hardware are already there. What that does for you is it allows you to specifically authenticate individual users and block everything else.  
The Smart Home Group is where you can always find questions, answers, advice, reviews & recommendations from other community members about smart home automation with zwave, bluetooth, and zigbee IOT devices.
...