you don't need a "three router sololution".
The main asus dhcp pool sits on 192.168.1.*
The main wifi dhcp ppol also sits on that range
ethernet vlan is on (merlin based)
http://192.168.1.1:80/Advanced_VLAN_Switch_Content.asp
or
https://192.168.1.1:8443/Advanced_VLAN_Switch_Content.asp
Guest networks sit on vlan 52 onwards
Both the dhcp pool and vlan id can be changed in the advanced settings on the guest network pro area.
The only thing you many need is a vlan aware switch.
Hello Taras,
Thank you for this information.
I have always felt more comfortable with hardware solutions than software but since a VLAN system is the modern way of doing things and it is supposed to be available within my router menu I tried to set it up but it locked me out of the GUI for the router and I had to Factory Reset the router in order to regain access to it.
Regarding the IP address for my Asus Router: at one time the Asus Routers Home LAN Login IP was 192.168.1.1 but after a firmware upgrade, (a few years ago, that changed to 192.168.50.1 for my Asus RT-AX88U Pro Router.
When I set up the VLAN, via the Asus Menu Options: The Asus Routers Home LAN IP Address was 192.168.50.1, the WIFI Guest Network devices were on IP 192.168.52* (called 52 in the VLAN) and the new IOT Network was on 192.168.53.* (called 53 in the VLAN).
I added the the WIFI Guest Network as a VLAN on Ethernet Port 4
I added the New IOT Network to Ethernet Port 5.
As I understand it setting which Ethernet Port operates with which network does away with the need for an additional managed switch. - Is that correct ?
After it was set up, (as above), the router reset and then the internet was off and the router was inaccessible.
ie. I could no longer login to my own router as it did not recognize 192.168.50.1 as being a login IP and the internet was off.
Upon googling others seem to have experienced similar issues so it could be an issue with the Asus firmware or perhaps my method was wrong. - I do not know as using a VLAN is new to me.
I have considered trying Merlin Firmware, (which has an excellent reputation), but I am reluctant to use a third party firmware on such an important device but I have read that it is better for VLANs. - I do not know if that is true.
My plan original plan was/is;
(1). To leave the Home LAN as it is.
(2). To use the WIFI associated the Home LAN as my main WIFI.
(3). To leave the Home LAN Ethernet Ports unused or rarely used.
(4). To keep the same Guest WIFI Network that I have used for years just as guest WIFI.
(5). To create a VLAN ethernet port for the guest WIFI but not use it as an ethernet port.
(6). To create a IOT LAN Network which seems to need a WIFI setup that i do not want and will not use it for WIFI.
(7). To create a VLAN ethernet port for the IOT LAN Network and connect that ethernet port to the CAT6A ethernet wiring to the whole house. - From near to the router the CAT6A cable travels to an unmanaged ethernet switch that is the distributed to 4 areas, at each of the four areas is an unmanaged ethernet switch and each area is located next to a TV, sky box, xbox, VOIP, Hive System, etc. all connected via ethernet.
So the new IOT LAN Network will connect to all ethernet devices in the house but all browsing devices will be on the separate Home LAN WIFI.
Is is important that the ethernet devices on the IOT LAN Network can communicate with each other and with the wider internet.
Does this VLAN Plan sound feasible.
If so I may try it with Merlin Firmware but if it cannot work in this way or it creates security flaws I will need to rethink.
Pages in this thread: 
Print Thread
Fido
