Thanks for your replies everybody :) On Thu, 20 Apr 2023 15:26:30 +0200 Per Jessen <per@opensuse.org> wrote:
Dave Howorth wrote:
(1) keep my wifi devices on a separate subnet than my main wired network
I go one slight step further, I divide into three groups
a) known wifi devices (our own laptops, raspi, mobiles, tabs etc) b) unknown wifi devices (everybodyelses ditto) c) iot devices
and give them each their subnet.
Yes, I could do that if my hardware supported it.
(2) prevent my wifi devices from accessing the Internet, where possible
By default my group (c) has no access.
The 7530 assists with goal (1) by having a guest wifi network that uses a different subnet from the main wired network and 'main' wifi network.
I think that has become the defacto standard, more or less. My TP-link devices supposedly also support multi-SSID, but .... grmble.
Until recently the 7530 also assisted with goal (2) by allowing me to assign different 'profiles' to different devices on the guest wifi network. So my mobile phones do have permission to access the Internet, but most other devices (smart plugs, cameras etc) do not. But a recent OS update removed this ability. Now all devices on the guest network have to use the same profile. (it seems that existing devices keep the profiles they had, but new ones all get the same). I've talked to AVM but they won't fix the regression and I've talked to my ISP who say there's nothing they can do.
That's certainly annoying. The profiles remain, but the management has been reduced. No option of going back to the previous firmware ?
The OS on the 7530 is updated by my ISP, so no. Presumably their main focus on keeping the security up to date, which I don't object to!
How about using the main and the guest network both? Assign your mobile phones and other "regular" devices to the main SSID, everything else on the guest SSID ?
I know I have to trust Apple to some extent, but that would mean trusting them and the apps on my main network. Plus visitors' phones also need Internet access but I certainly don't want them on my main network.
So now I'm considering possibilities. The favourite at the moment is to buy another device (router? AP? I don't know what its called) that Ican wire into my main network and can establish a new wifi network that I can control better, and move all my devices to that. But I don't know what devices will allow me to do that, or which is best?
Okay, so you are keeping the 7530 as your A/VDSL router, but you want to move the wifi functionality to a separate box.
Yes that's the idea.
There is plenty of choice, but I don't know of one that permits multiple profiles and assigning device to them. (other than per SSID).
It doesn't have to be profiles, although that seems to be convenient, but surely you can adjust the access rights of devices on the network? Then again, if I had a device that could set up multiple SSIDs then I could assign devices to the relevant SSID. Of the devices the others mentioned, the Unifi AC-Lite doesn't seem to be available in the UK yet, and the RT-N12D1 is no longer available. But neither seem to support wifi 6, which seems like a sensible capability to look for? I don't even know which brands to look at, if there are some better ones. I also don't really want to spend too much.