I turned my old router into a dedicated network for IoT devices

It feels like everything comes with some level of 'smart' features, but smart home or IoT (Internet of Things) devices areat the top of the list for actual usefulness. But these devices have a terrible reputation for security, and you might be wondering how to securely add them to your home network. Even something unassuming like a smart bulb or temperature sensor could be a potential threat, but you can mitigate this risk by keeping on top of updates and keeping them away from the rest of your network.

It's often suggested that the best solution is to keep those IoT devices on their own network, preferably using a VLAN, so they can't talk to the rest of your devices. And that advice still rings true, even if IoT devices are becoming more reputable these days.

I didn't want to set up a guest network, assign all my IoT things to it, and call it a day. Instead, I plugged in an old router, gave it a new subnet range that's nowhere near the one used on my main network, and turned off the 5GHz radio on that router, so it was purely for 2.4GHz connections. Since most IoT devices only use 2.4GHz, and even the ones that use 5GHz still have dual-band capability, this frees up my main Wi-Fi network for more capacity, which is fantastic to have.

It's better if your IoT devices are separated

But it's up to you how to accomplish this

IoT devices can be incredibly handy, making our homes smarter and automating tasks. But they're also a security risk and have been leveraged to create botnets like Mirai, which was used to DDoS multiple targets worldwide in 2016. Built with low-cost, low-power parts, they often use 2.4GHz wireless for connectivity, and that can cause connectivity problems on modern routers that use an identical SSID for 2.4GHz, 5GHz, and 6GHz bands. It's also often said that IoT devices should be on their own network, whether on a VLAN or guest network, but there's another option to consider.

That's putting them on a dedicated router, on a separate subnet. It's even better if you have an old router, like I'm using, because you can happily turn the 5GHz band off (if it had it in the first place), and use only the 2.4GHz band for your IoT network. That also lets you turn 2.4GHz off on the router powering your home network, so it does not have to work as hard and doesn't create more wireless interference for you or your neighbors.

Bonus points if that router can be reflashed with DD-WRT or OpenWrt. Then, you get a better firewall and VLAN support, both of which will come in handy when you want to completely segregate the devices on the old router from the rest of your home. You could even completely block the IoT devices from communicating on the internet, which makes you safer, although it can cause issues with control. It's worth mentioning that Zigbee and other local protocols don't need the internet to work, and are happily controlled via Home Assistant, which is a powerful reason to set it up, and one of the main reasons I've got Home Assistant in a VM on my NAS.

My network isn't just safer

It's also faster, since those noisy devices have their own Wi-Fi to chatter on

While the overall security of my home network is the most important consideration, it wasn't the only benefit to using an old router to connect all my IoT devices. Many IoT devices fill your network with impressive (and frankly unnecessary) broadcast, unicast, and multicast traffic that gets addressed to every device on the network. That storm of broadcast packets not only slows down your Wi-Fi network, but can put extra load on your router.

But by moving all that traffic onto its own subnet, it vanishes from the wireless network to which the bulk of my devices are connected. Ethernet-connected devices like my NAS don't get bombarded by broadcast noise either. The result is a faster-feeling network for laptops, desktops, consoles, and streaming devices, which makes everyone in the house happier.

You still need a firewall, though

Even a separate network isn't enough

While putting the wireless IoT devices in my smart home (and their associated Ethernet and USB dongles and hubs) on their own, locked-down router was a genius move, it doesn't stop that router from communicating with the other devices. While you could put the Ethernet port connected to the IoT router's WAN port into a VLAN so it can't communicate with any other devices, not every router supports this.

It's easier to utilize the built-in firewall, or a hardware firewall if you have one, and set a rule to block any incoming traffic from the "inner" or IoT-connected router. That stops any malicious or poorly configured IoT devices from talking to your home network, and keeps everything IoT-related from communicating outside its subnet. You'll also want to disable UPnP on both routers, just to be safer.

Letting my IoT devices have their own network was a genius move

Putting my IoT devices on an old router, with a different subnet, was a fantastic idea for making my home Wi-Fi network more usable for the rest of the family. I can turn off the 2.4GHz band on the main router, and then it only manages a smaller number of 5GHz and 6GHz devices, so there's more airtime to go around. Plus, it's safer to have them not be able to connect to my NAS or other devices with personal data stored on, removing one major attack surface. I haven't quite gotten around to blocking all the IoT devices from the internet yet, but that's next on the cards, and any devices I can't control locally will get replaced with ones that can.