Can guest network communicate with the home network?

[sueyang83]

Hello,
I am new here and have a question in regards to the guest network. I have a security camera, WiMo smart switch, and Kuna which is a wifi secuirty porch light. Currently, all of these IoT devices are on my home network along with 4 laptops, 2 smart TV and 6 smart phone. I plan on enabling my guest network on my ARRIS SBG6900-ac router and route the IoT devices to the guest network. I read online that if I do that, I won't be able to control the device since they are in a different network. Is this true?

I will need to be able to view my security camera and turn on the smart switch via mobile phone when I'm away from home.

 

[Scottray]

The purpose of the guest network, is to keep it separated from your main/home network for security. Second, generally, a guest network doesn't provide access from outside of the network. Outside access is usually set up on the primary network. So, 2 choices - 1) put everything on the home network or, 2) you could buy a second router and set up a secondary network. I'd suggest you get some local help to set this up, if you want to go down this path.

 

[failboat]

separate subnets means that it must be routed to get to the other. so if a single bridge in the chain has access to both it's not separated.
router,switch, and access points need vlans. different "guest network" implementations might mean different things. client isolation means they can only access the internet and no other private clients. you can create a vlan with only outbound to the internet and inbound from your vlan only named "guest"

a stateful firewall and router can give you one way access or two way to another subnet. It tracks if a connection was inbound or outbound. You can make rules based on source ip/port and dest ip/port. There are many other appliances that can run rules on it as well looking into the entire packet. like IDS.

inbound on the WAN side carries more risk. anyone on the internet can try and make a connection. many services can be brute forced. if you use a 4 letter pw on SSH it's probably going to get brute forced in under an hour. some apps use pinholes so you don't need any inbound rules. your data would be streaming from their server to you, likely costing money.

https://www.youtube.com/watch?v=3NjQ9b3pgIg

 

[sueyang83]

The purpose of the guest network, is to keep it separated from your main/home network for security. Second, generally, a guest network doesn't provide access from outside of the network. Outside access is usually set up on the primary network. So, 2 choices - 1) put everything on the home network or, 2) you could buy a second router and set up a secondary network. I'd suggest you get some local help to set this up, if you want to go down this path.

Thanks for your advice. If I do setup a second router, R1 and R2. I put all of the IoT devices on R1 which is the main so I can access the devices when I'm out of the network. I put my personal devices (laptop, phone, TV) on R2. Since R2 is conneced to R1, isn't that still a risk? If say my smart switch gets hacked, can't the attacker gain access to R2? Sorry, just a thought.