Setting up multi-network (gold) with Mesh Router

Follow

Scott Chapman

• January 03, 2021 14:24

OK, before my Gold arrives, I wanted to understand my options for setting up isolated networks. For example for IoT devices and for guests. I plan to run my Gold as my router, and I will be using Eero as my mesh AP (I've read the wiring docs, so I get how to do that part of it).

Since the Eero is going to be my wifi AP, is there anyway for me to even establish these other networks? The Eero does have a guest wifi mode on it, but I don't have any idea how that plays here if at all. And I don't see how I would create a separate network for wifi IoT devices without having to setup a completely separate wifi network (with completely separate hardware).

0

• 

  Scott Chapman

  • January 03, 2021 14:45

  OK, doing a little more reading on Eeros, it appears they have no VLAN support what so ever, they actually do MAC address isolation to support their guest network.

  I presume I can actually do something similar with the Gold? That might at least be able to give me the moral equivalent of a separate IoT network (setting up device specific rules). 

  Is there any concept of device profiles that would help me here?

  0

  Comment actions Permalink
• 

  Firewalla

  • January 03, 2021 17:53

  You can do it this way:

  Change Eero to bridge mode and create a guest network.  All the guest network traffic will come from the eero nodes, based on this, you can apply policies. (such as rate limit, no adult content ...).  

  1

  Comment actions Permalink
• 

  Scott Chapman

  • January 03, 2021 18:54

  Thanks for the quick response, I appreciate the help thinking through this...

  So, not sure how that would actually work. The eero would be using a single SSID and would be coming into FWG on a single port. So everything will come in on the same network.

  0

  Comment actions Permalink
• 

  Firewalla

  • January 03, 2021 19:05

  Here is my understanding.

  1. When the eero is in bridge mode, you can create a guest network, that will have a new SSID say "guest"

  2. All the "SSID guest" traffic will have the source IP as the eero unit.

  3. To apply policy to SSID guest, you just need to apply policy to the Eero IP.  (tap on devices->[find eero device]->[turn on porn block for example] will be applied to all guest traffic.   

  0

  Comment actions Permalink
• 

  Scott Chapman

  • January 03, 2021 19:29

  Hmmm... Interesting. I assume that would also work if I wanted to set up an isolated IoT network instead.

  I'm actually considering swapping my eero pro 6 for a tp-link deco x60 mesh network (less than half the price) since I really only need AP...

  DO you happen to know anything about how the TP-Link devices work in this scenario?

  0

  Comment actions Permalink
• 

  Firewalla

  • January 03, 2021 21:22

  We did a posting on the X60 and eero pro 6 before;  We like both.  The X60 (costco version) is decent and the price point is perfect (around $200).   And it works nicely with Firewalla Gold in AP mode.  We did not test this unit's guest access in AP mode, so not sure if it will work the same way as the eero.

  The Eero wifi 6 is definitely faster, and with our unofficial test, it is likely to have a better range.  Plus we know the eero support is really good.

  If you need best value for the $, TPLink is good.   But if you have a few extra $, eero is not bad either.

   

  0

  Comment actions Permalink
• 

  Scott Chapman

  • January 03, 2021 22:06

  ya! I actually saw your post on it!

  i've read that the X60 isn't great if you need to do wifi mesh. Good news is that I am able to do wired backhaul.

  In your testing, were you wired or wifi for backhaul?

  0

  Comment actions Permalink
• 

  Scott Chapman

  • January 03, 2021 22:09

  Oh! in what you were saying above about how Eero guest network works, it sounds like the eero is still doing DHCP for the guest network even though it is bridge mode?

  0

  Comment actions Permalink
• 

  Firewalla

  • January 04, 2021 07:51

  Yes, in bridge mode, the guest network is behind a NAT inside the eero.   this is the reason you see guest traffic coming from eero to firewalla and ... firewalla can control it just by key the eero node.

  0

  Comment actions Permalink
• 

  Scott Chapman

  • January 04, 2021 13:26
  • Edited

  Gotcha, thanks!

  In your testing (where you ended up with eero is definitely faster than tp-link) what kind of backhaul were you using? WIred or wifi?

  0

  Comment actions Permalink
• 

  Firewalla

  • January 04, 2021 17:52

  We did not use ethernet backhaul.  (without it, the performance is still very good)

  Backhaul is a bit tough on wiring in bridge mode.  Eero for example, all the satellites will need to be wired to the Eero main unit (or a switch connecting to it).   I think TP-Link is the same. 

  1

  Comment actions Permalink
• 

  Scott Chapman

  • January 04, 2021 18:06

  Yea, I've read the TP-Link is pretty slow in wifi backhaul

  As far as wiring goes, I was planning on adopting the recommended wiring for Eero; essentially ONT -> FWG -> Eero (with everything downstream from that).

  Will the above suggestion on Guest network still work with that wiring? Seems like all devices will look like they are coming from the Eero?

  0

  Comment actions Permalink
• 

  IHaveABigNetwork

  • January 05, 2021 03:52

  Yes it will. That's how I use them.

  1

  Comment actions Permalink
• 

  Scott Chapman

  • January 05, 2021 13:22

  OK, cool. I'll give it a shot once mine arrives (hopefully it will ship soon! ;-) )

  0

  Comment actions Permalink

Please sign in to leave a comment.