Are 2.4 gz and 5 gz networks separate?

Topic

New Reply

If I set up a 2.4gz and 5gz network on my router with different ssids and passwords, would they be isolated from each other – so I’d put the tv on 2.4gz network and other devices on 5 gz network to isolate the tv.  My router does not have a good guest network implementation and I was hoping this would work for isolating my TV from the iOS devices and laptop.

I don’t have any other iot devices to isolate at this time, so I only need to isolate the tv. Thanks.

Reply | Quote

Replies

Most likely not. You can set some routers up to isolate the clients from one another (one of the things typically found in the guest network, as you know), but if that is not already happening, the different radios used for each frequency band won’t do it in and of itself on any of the routers I have seen. Ethernet, 2.4, and 5 GHz clients can all see one another if the isolation mode is not enabled.

What is it that you are trying to prevent from happening? Perhaps the router offers a way to block that thing specifically.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

What is it that you are trying to prevent from happening? Perhaps the router offers a way to block that thing specifically.

For security, IoT devices should be segregated from primary devices, such as laptop or iOS devices.  I thought short of having a guest network, the two bands would be separated  but you say, probably not.

My router does have a VLAN option – it’s a Linksys WRT3200ACM – but I don’t think I can set that up – it’s a bit too technically challenging  for me.  I thought I could get a second router one for computer and the other for any IoT devices. But I am having trouble finding a new router. I don’t want a router that requires a cloud or online account. I want a good guest network, a router with good security, WiFi 6 and WPA3.

Reply | Quote

I haven’t heard that particular advice, but I can see the rationale. Security on IoT devices is generally an afterthought, if it was even a thought at all, and the prospect of future updates is not great.

I can see why one would want to keep something that is a security risk isolated from the rest of the network, but if it’s really that bad, I’d just as soon keep it off the net and find another solution, like keeping the TV “dumb” and using a PC (in a NUC form factor, perhaps, or a Raspberry Pi) for the media end, or restricting the IoT device to a local network that doesn’t have any external connectivity, if whatever its function is can be done without WAN connectivity.

My TV is old enough to have a cathode ray tube and definitely does not have an operating system, but if I were to get an HDTV (kind of funny calling them that when they’ve been that way for so long!), it’s my understanding that finding a dumb one anymore is likely to be difficult. You can make it dumb, though, by making sure its only input is an HDMI cable, and its only outputs are the screen and the speakers.

I’ve even heard anecdotes about TVs that would take it upon themselves to scan for unsecured wifi networks and associate with them, assuming they belong to the owner of the TV itself. If true, it would mean my device would be leeching my neighbor’s unsecured connection (since mine isn’t, and I’d intentionally not let it have any connectivity with the secured SSID). I do not know if this is actually true, but if so, it’s one more thing to check on.

If the IoT thing does end up compromised, you don’t want to be blamed for hosting a part of a botnet even if it is isolated from your “real” home network.

If the device in question is actually fairly well secured, I’d have no special problem having it on my main network. It’s just a computer, after all, not fundamentally different other than the way the exterior looks. There’s nothing inherently more dangerous about a computer built into a toaster than a computer in a computer case. But if that toaster never gets updated, and was never designed to be secure in the first place…

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

dmt_3904

Reply | Quote

You have a guest network on that router per your other thread. #2367812

The VLAN arrangement on that router seems to be for ISP compatibility, not for additional network configuration.

Use the same SSID and password for both 2.4 and 5GHz. Making them different is not a poor man’s guest network.

cheers, Paul

Reply | Quote

You have a guest network on that router per your other thread. #2367812

I know, but it is poorly implemented, IMHO.  First (and most guest networks are like this) the SSID is mainSSID_Guest.  Which doesn’t allow me to hide my SSID.  Second, and more concerning, the way Linksys has implemented their guest network, one has to logon to the internet – HTTP!  to put in the guest network password.  The network is unsecured.  I don’t like it. I don’t want to use that – it’s like a hotel.

The VLAN arrangement on that router seems to be for ISP compatibility, not for additional network configuration.

Ah thank you! I didn’t understand why it involved my ISP.

Use the same SSID and password for both 2.4 and 5GHz. Making them different is not a poor man’s guest network.

Thank you for answering my question 🙂 Not trying to save $$ here, just trying to have the most secure network I can and as I stated – Linksys guest network is not secure enough for my liking.  I am currently researching Netgear AX1800 – it would have Wifi 6 and WPA3, which eventually we should move to (albeit WPA3 still has its security issues), it is the ‘new thing’.  I could keep both routers, use one for isolation.  The other problem with the Linksys is it hasn’t been updated since 2/2020 – but they still sell it, so I assume they will update it!??  I could try the Linksys Opensource software – that would be a huge learning curve for me, but it’s an option.

Reply | Quote

dmt_3904 wrote:

doesn’t allow me to hide my SSID

Pointless waste of time. Don’t do it.

dmt_3904 wrote:

one has to logon to the internet – HTTP!  to put in the guest network password

HTTP is not logging onto the internet. It is connecting to something via Hyper Text Transfer Protocol. It could be a connection to your own PC, or across the world.
In your case, it will be probably be a connection internal to the router.

What do you use the guest network for that you need to be secure?
Ask and we shall advise.

The alternative software for your router will do what you want, but it may be too much for you to manage – I’m wary of that stuff and I think I know what I’m doing. 🙂

cheers, Paul

Reply | Quote

HTTP is not logging onto the internet. It is connecting to something via Hyper Text Transfer Protocol. It could be a connection to your own PC, or across the world. In your case, it will be probably be a connection internal to the router.

True – but I’d be advertising an unsecured wifi network and sending data unencrypted over http.  Now admittedly, there isn’t anyone around to intercept anything – I’m in a rural area and if there were someone snooping in front of my house, I’d know it!  I don’t understand how someone remotely could attack my wifi network/router – but I know it’s possible.

What do you use the guest network for that you need to be secure?
Ask and we shall advise.

Isolate IoT devices (in this case, just one TV).  I thought either a 2nd router for isolation or a guest network on a router with decent security that would not require me to have a cloud/online account.  If I were buying a new router – get new standards (wifi6, wpa3).  I can keep the Linksys for now, but when they stop updating the software, I will have to do something.

The alternative software for your router will do what you want, but it may be too much for you to manage

I agree. Thanks for confirming it for me : )

Reply | Quote

dmt_3904 wrote:

I’m in a rural area and if there were someone snooping in front of my house, I’d know it!

There maybe someone snooping in front of your house if you use any Amazon device.

Reply | Quote

No Google, Alexa, Echo, Sidewalk, etc etc or any other of those devices here!

If I want to play a song, I get up and turn it on manually 🙂 hahaha

Reply | Quote

dmt 3904

If I set up a 2.4gz and 5gz network on my router with different ssids and passwords, would they be isolated from each other

Out of interest, what exactly do you mean by isolated from each other?

Reply | Quote

My desire is to keep IoT devices segregated from computing devices.  In my case, we only have the TV.  But you could have a refrigerator, washer, dryer, toaster! etc. that are poorly or unsecured which could allow access to your network.  Isolation of those devices would protect your computing devices along with your data – just a few articles, by no means comprehensive.  Something to think about.

https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/

https://www.tomsguide.com/us/secure-smart-home-how-to,news-19380.html

https://azure.microsoft.com/en-us/overview/internet-of-things-iot/iot-security-cybersecurity/

 

Reply | Quote

I suppose what they are saying is if say a TV or Fridge are on the same Network as a PC/Laptop, hackers could technically access the Network via the lack of security on a fridge and once on the network, they could access a PC/Laptop/etc containing important data etc – does that sound about right.
My ISPs router allows 2.4GHz & 5GHz transmissions at the same time.
The 2.4GHz has its own SSID & password & the 5Ghz has its own SSID & password.
I’m afraid I don’t know if it’s possible to jump between the two to access everything.
This is my current connected devices as they are capable of using 2.4GHz or 5GHz .

Reply | Quote

I suppose what they are saying is if say a TV or Fridge are on the same Network as a PC/Laptop, hackers could technically access the Network via the lack of security on a fridge and once on the network, they could access a PC/Laptop/etc containing important data etc – does that sound about right.

Yes it does, but I have to admit my ignorance in understanding how hackers could gain access to the wifi/router, compromise devices, etc.  I don’t understand how they can do most of what they do, I just know they do it! And we have to protect ourselves.  Perhaps someone with more technical expertise here can address your question.  My router is the same as your’s – both 2.4 & 5 ghz at the same time – different ssid’s & pw’s.  But I believe what Paul said b4 in response to my question above is that division doesn’t segment the networks.

Reply | Quote

https://www.michaelhorowitz.com/second.router.for.wfh.php

This is good info too.

Reply | Quote

Moonshine wrote:

I’m afraid I don’t know if it’s possible to jump between the two to access everything

SSID and passwords have nothing to do with network access between wifi devices.
As you can see from your list of connected devices, they are all using the same IP subnet, 192.168.0.x, and can therefore access each other without restriction.

Do not bother with separate SSID and passwords for the wifi, let your devices choose the best wifi range.

cheers, Paul

Reply | Quote

dmt_3904 wrote:

Isolate IoT devices (in this case, just one TV)

That router doesn’t do guest access well.
As I see it you have 3 choices.
1. Do nothing and connect your TV to the network. Cheap and easy.
2. Buy a new router that has better guest wifi.
3. Upgrade the firmware with DD-WRT. Then you can have lots of guest networks, but the learning curve is steep.

I’d take option 1 and make sure your PC(s) are up to date with patches and AV. If you do end up with a bunch of IoT devices you can invest in a new router then.
If you do buy a new router, I’d use the old one to upgrade with DD-WRT to play with.

cheers, Paul

Reply | Quote

Great advice thank you Paul!  I’m going to go with option one for now 😄

Reply | Quote

Why not simply use ethernet for your smart TV’s? I have 2 and use a wifi extender w/ 2 ethernet ports for the one furthest from the router.

Reply | Quote

Oh I wasn’t aware of this solution! How does it work? WiFi extender picks up signal from the router.  Ethernet cable from back of tv to extender provides connectivity?

The only issue with this is I would still have to replace the router if Linksys stops updating it. Right now, last update was 2/2020.  Don’t know if they will update again, but the router is still for sale.  But I like your suggestion.

Reply | Quote

DriftyDonN wrote:

Why not simply use ethernet for your smart TV’s?

This does not isolate the TV from your main network.

BTW, dmt has already bought a new router, contrary to option 1.

cheers, Paul

Reply | Quote

FWIW, I don’t know of any consumer router that lets you run a guest network on an ethernet port – it’s wifi only.
If you want that sort of flexibility you have 2 options.
1.  Buy a second router and connect your network to it, with the WAN port of the new router and IoT devices on the old router.
2. Get a proper router (pepwave), or load DD-WRT on your old router and VLAN one of the ethernet ports.

cheers, Paul

1 user thanked author for this post.

dmt_3904

Reply | Quote

dmt_3904 wrote:

Oh I wasn’t aware of this solution! How does it work? WiFi extender picks up signal from the router.  Ethernet cable from back of tv to extender provides connectivity?

I just bought and installed recently BrosTrend AC1200 Dual Band WiFI Extender/universal Ethernet to WiFi Adapter in order to connect non-smart TV to Internet for VOD streaming.

Reply | Quote

But does it isolate the TV from your network? If not you have wasted $30 IMO.

cheers, Paul

Reply | Quote

I agree. I thought that was a solution but I guess it takes the TV off the Wi-Fi, but it’s still on the network.

Reply | Quote