News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Set up a guest network that’s actually secure

    Home Forums AskWoody blog Set up a guest network that’s actually secure

    • This topic has 11 replies, 8 voices, and was last updated 1 month ago.
    Viewing 7 reply threads
    • Author
      • #2339218
        Brian Livingston
        AskWoody MVP

        PUBLIC DEFENDER Set up a guest network that’s actually secure By Brian Livingston In the computer industry, too many things that should be simple and
        [See the full post at: Set up a guest network that’s actually secure]

        4 users thanked author for this post.
      • #2339404

        If you are sophisticated enough to consider VLANs then you’ll need a quality firewall/router, VLAN capable switches that are managed to some extent, and wireless access points that support VLANS and multiple SSIDs.

        For the firewall/router I would suggest looking at pfSense.  If you want peace of mind you can buy devices directly from the company that sells pfSense, or you can roll your own with the free community edition and generic hardware optimized for firewall/router use.  You can even use any old hardware you have as long as it meets minimum specs.  It is powerful, flexible, and very easy to learn and play with.  Lots of tutorials on the web.

        As for switches, I’ve had good success with Netgear (except the newest models where cost reductions have hurt the product), Mikrotik, and Unifi.  For wireless connectivity the Unifi APs would also be something to look into as they perform well, are flexible, and seem reliable.

      • #2339752
        AskWoody Plus

        I have a Netcomm VDSL router/switch/wi-fi base station (NBN network in Australia) that has 3 guest networks for each of 2.4GHz and 5GHz WiFi. Once you enable a guest network you have the option of allowing guest access to your main network but that is turned off by default. Each guest network is automatically separated from every other network.

        I’ve enabled guest access to a IoT device that monitors my solar panel production on 2.4GHz and have another guest network on 5 GHz for family and friends’ phones and laptops. My main network is protected.

        Setup was very straight-forward but then I’m not a noob.

      • #2339961
        AskWoody Plus

        I followed Michael Horowitz’s recommendation and bought the Pepwave router. It has been providing the wifi for my internet computer for a couple of months now. The main advantage, IMO, is its configurability, starting with the ability to specify your own username.

        His web site discusses setting up a guest network but gives us the option to install one router behind another. I did that, using the Netgear router that the Pepwave replaced to feed the IOT, which at this point includes only a so-called smart TV and soon will include an audio streamer. Experience so far is that everything works OK.

      • #2340001
        AskWoody Plus

        I would like to hear some comments on open-source WRT routers.

        If anyone can point to article reviews of WRT routers, it would be helpful too.

        • #2340003

          Why the interest in WRT routers? In the old days it was to add features, but those days are over.

          Personally, I have little interest in WRT based routers for two reasons: tech support and ongoing firmware updates. I suspect you will have to hunt a bit to find a WRT based router with both good tech support and a reasonable expectation of ongoing updates.

          As for reviews, there are probably not many. The tech press makes money by getting commissions when people buy something. Thus most router reviews are full of nothing but praise. There is no money to be made by suggesting people use free software.

          Get up to speed on router security at

          2 users thanked author for this post.
          Perq, KP
      • #2340006
        AskWoody Plus

        At: KP

        All you probably (don’t) want to know about DD-WRT compatible routers at:

        Has info in their database on what routers support what versions of DD-WRT and what routers to avoid buying because they don’t have enough RAM or ROM to use the latest version(s).

        And downloads of various versions for routers in their database.


        • This reply was modified 1 month ago by SkipH.
        1 user thanked author for this post.
        • #2340164

          Is there an emulator where someone can get a feel for the GUI interface of DD-WRT?

          Get up to speed on router security at

          • This reply was modified 1 month ago by Michael432.
          • This reply was modified 1 month ago by Michael432.
          • This reply was modified 1 month ago by Michael432.
      • #2340067
        Paul T
        AskWoody MVP

        I use a TP-Link Archer C7 with DD-WRT. Does what I want the way I want it, but if you are not network savvy it is a nightmare to configure.
        I do not recommend WRT for ordinary folk.

        cheers, Paul

        1 user thanked author for this post.
      • #2340431
        AskWoody MVP

        DD-WRT is not easy peasy, but it does give one extensive control over a router/switch.  There is a great deal of information available online from many sites.

        As for a secure Guest network, I have no real need because of the way I have my home network setup.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

    Viewing 7 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Set up a guest network that’s actually secure

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.