Question about home wifi routers

I have a question or two about home wifi routers.

I had an Asus router for about 5 years then last year I replaced it with a Netgear Orbi Pro wifi 6 mini router. SXR30. It came with vlan’s already built in. I originally bought the router and a satellite but all my devices bypassed the satellite and went straight to the router so I returned the satellite. Plus I could never get the Ethernet backhaul to work. That was a deal breaker for me.

I have a lot of IOT devices. Right now I am looking at my router’s client page and I have 44 devices. Some are computers, printers, tablets, and about 30 Sonoff wifi switches. Porch lights, garage door opener, attic fan, other lighting and my 3d printers. I also have a home NVR with 8 cameras and some Wyze cameras too. And a media server running Plex. Adding it all up I am surprised it is only 44 devices lol.

I am not in networking but I am learning as I go. I am a nerd so that helps. :) I recently discovered that it would better to keep my IOT devices on a separate network away from the computers. That’s why I bought the Orbi with vlan’s.

Netgear says the Orbi Pro is good for 40 devices. What does that mean exactly? I already have 44 devices on the Orbi and it seems to be fine. Looking at other home wifi routers they all have different numbers for devices. Can someone please enlighten me on this device count thing? I just hope I am not maxing it out already.

Next question: After I discovered vlans and bought the Orbi, then I discovered network segmenting. Do I really need vlans or can I get away with segmenting my network? And put the IOT devices on one network and the PC’s on another network.

Overall I am happy with my network setup, it is fast and stable and reliable. I just get the nagging feeling that I am missing something and I wanted to run it past you guys. Not being in networking but running a home office with business and personal computers and all my wifi devices.

Thanks in advance…
And Happy Memorial Day Weekend! Wohoo!

40 devices will be the bare minimum that Netgear is stating you can run without any bandwidth degradation or performance loss. This depends on how much bandwidth your devices need/use so if you had all 40 devices that where using lots of bandwidth your network would be slow.

It all depends on what the devices are doing and you can have considerably more connected devices than 40 the max is 254 + one for the router local ip address that a router can hold at one time, so if you have say 250 devices connected at one time and they all use little bandwidth then the network will see no performance issues. On the other hand if many of those clients are using large amounts of bandwidth then the network will impact from that and be slow.

Vlan is a part of networking segmentation which is just a broader term that covers a few areas of networking.

Just so you know, the third-party router firmware DD-WRT or even OpenWrt has VLAN capability. If your router is compatible, you can use a third-party firmware and turn a small home office router into an almost enterprise grade device. I personally use Asus Merlin in my Asus router, but I think VLAN support is via the command line using SSH or Telnet. Where's in DD-WRT and the likes it's all point and click with a nice GUI. At one time I ran DD-WRT so I know.

Yes, absolutely, and unequivocally use VLANs with ALL your IoT devices. Reason being is that many if not all of that IoT crap was made with practically no security in mind except for profit. I even doubt they code sign their firmware updates FFS. In fact, if I can remember right, I believe the world's largest DDoS attack was carried out with people's infected (taken over) IoT crap. That article may have been at Cloudflare's website. Also, a lot of the very cheap crap from Communist China is made to connect with servers back to Communist China. My own DJI drone does this. And I had cheap IoT Wi-Fi USB camera that did this very thing as well. There are scores of products that communicate back to the red dragon...Using a VLAN, if one of your IoT devices gets hacked it'll never leave the VLAN. (I feel like there's a Las Vegas punch line here somewhere)... I personally set this VLAN thing up for myself using the guest Wi-Fi network option in the Asus Merlin router firmware and then turn off Ethernet access capability in that guest network. Not a true VLAN, but it gets the job done none the less. So now the IoT devices can't communicate with other devices on the LAN. Just over the Internet.


IT hardware manufactures probably have their own personal set standard to decide just how many "supposed" devices can be used with their products. But what it ultimately comes down to is the amount of RAM and the type of CPU in the router or modem or switch, etc. It's just like computers. More RAM, more CPU power the better. Speaking of which... instead of getting a router that's compatible with a third-party firmware like DD-WRT, you can spin up a hardware based router and firewall appliance using OPNsense or pfSense with a small computer using nothing but perhaps a Haswell based CPU and 4 GB of DDR4 RAM and I'll guarantee it will kick the hex out of any small home office router product. I have one myself. LOL! Though, I only have upwards of some 18 to 20 devices on my network at any given time. Four are computers. Two of those are heavy traffic users. So, if I'm downloading a huge game via Steam, my other computer's are doing their thing and my IoT devices are doing their thing, CPU and RAM becomes a real apparent consideration for router choice.


If you're into IoT, check out IFTTT (If This Then That). IFTTT - Connect Your Apps

Thanks guys.
In the back of my mind I always thought the magic number was 256 so 40 didn't make sense to me. Or like you said 256 -2.
I didn't realize that was kind of like a performance rating, I thought it was a hard number, a limit.
OK so I'll stop second guessing myself now and I think I did it right and I think I will be ok even if I add more devices.
One less thing to worry about lol
Thanks again.

If you never use the 2.4GHz band for anything besides insecure IoT devices, then VLAN is not necessarily always going to give that much benefit, if any. That's because it's possible to assign a separate SSID (with a separate encryption password) to each different band such that each different SSID will be on a different subnet. It means they will be separate, similar to when you use VLAN to separate them so basically, under this specific circumstance, it achieves the same goal of making them separate. That is, in an average SOHO (Small Office/Home Office) environment usually you don't need multiple networks beyond the basic combination of just a single Ethernet (LAN) network and just a single WiFi (WLAN) network so dividing the network up in subnets is an easy way to achieve network segmentation while it still gives sufficient IP addresses to pick from and assign a unique IP to each device. On Asus routers, there exists a feature named Smart Connect, that, when this feature is set to disabled in the router settings, causes each band to be a separate SSID. According to Asus, if you're outside the East Asia region, this feature is normally best kept disabled anyway in the first place─to avoid some problems with trying to connect devices.

So, by choosing to connect smartphones/tablets/PCs always to the 5GHz band and choosing to connect unprotected/poorly protected IoT devices always to the 2.4GHz band, for example (assuming that these choices are feasible of course), you could potentially eliminate the need for VLAN capability. Thus also eliminate the loss in performance that is typically associated with the use of VLAN on mainsteam, or "budget"-style wireless routers/mesh systems that lack high internal processing power.

To elaborate on this just a little bit, each node in my Asus RT-AX92U 2 Pack mesh system has a slower CPU (dual core vs quad core) and less RAM than its ROG Rapture GT-AX11000 "counterpart", but in the end offers the same high level of WiFi 6 performance at a much more affordable cost because I don't use that much CPU power or RAM for my networking purpose, and I don't play games even though the RT-AX92U is still fit for gaming. (Huge understatement in fact.) But I'm almost always using Ethernet on my laptop anyway nevertheless, even though it's got WiFi 6 and so does the desktop PC (and the two mesh nodes are hooked up to each other with wired backhaul... naturally, and of course). AiMesh 2.0 works truly great IMO, it's both stable and fast. But the main selling point (besides the extra features from Asus, like, e.g., the ability to use the USB 3.0 ports to create your own private cloud storage and cheap NAS replacement with fairly decent storage performance results) is the exceptional range you get from using just 2 small, compact, nodes. Whereas mesh solutions from other preferable (...) brands often require 3 to achieve a similar range/coverage that will eliminate the dead spots and/or will eliminate the spots with performance fluctuations/degradations, and often are slower also in addition to this.

There are a lot of variables that can affect range, signal stability and performance in a wireless setup... it varies a great deal depending what you have. The size/dimensions and layout of your home, the materials used and the positioning of the wireless router and/or of the individual mesh nodes you have in your setup, things like the location of a fridge degrading/blocking the signal or interference from the neighbors' WiFi, etc., all need to be taken into account seriously. The important thing is that the setup works, that it meets your intended goals properly, with less finicking as a possible bonus although I admit sometimes being a nerd who likes to spend time to experiment more also helps.

I disagree Vlan is the right way to go for OP as it means that any devices he wants to contain away from other devices he does so via Vlan. This means if those Vlan segregated devices want to talk to each other they would need to be setup to do so but regardless the whole point of Vlan is to stop devices talking to each other across a network and to shape the traffic better.

Subnet on the other hand without getting into the nunaces of it lets just say they were subnetting from a single router that is behind the main router then all the devices across the subnets can still access each other it can be more defined to work like a vlan but at that point you might as well just use Vlan because its stronger in this area.

It becomes even stronger if you use both in conjunction but regardless Vlan is beneficial to the op.

- - - Updated - - -

Different bands are still on the same lan unless you Vlan those devices.

- - - Updated - - -

if you think of the methodology Vlan is for segregating stuff first at the core inside of the network and then subneting is for tying it all together towards the outside of the network and offers more defined routing capability.

You don't necessarily need both unless you want to and they are interchangeable to your needs, regardless Vlan is solid to have if all you want to do is stop and segregate devices for improved security and better performance.

hdmi said:

If you never use the 2.4GHz band for anything besides insecure IoT devices, then VLAN is not necessarily always going to give that much benefit, if any. That's because it's possible to assign a separate SSID (with a separate encryption password) to each different band such that each different SSID will be on a different subnet. It means they will be separate, similar to when you use VLAN to separate them so basically, under this specific circumstance, it achieves the same goal of making them separate. That is, in an average SOHO (Small Office/Home Office) environment usually you don't need multiple networks beyond the basic combination of just a single Ethernet (LAN) network and just a single WiFi (WLAN) network so dividing the network up in subnets is an easy way to achieve network segmentation while it still gives sufficient IP addresses to pick from and assign a unique IP to each device. On Asus routers, there exists a feature named Smart Connect, that, when this feature is set to disabled in the router settings, causes each band to be a separate SSID. According to Asus, if you're outside the East Asia region, this feature is normally best kept disabled anyway in the first place─to avoid some problems with trying to connect devices.

You have this fantastically wrong. A VLAN is layer 2 (data link), a subnet is layer 3 (network) and a SSID (Service Set Identifier) is layer 2 (data link).

Mixing SSIDs and RF spectrum does absolutely nothing in terms of when the IPs route inside the router through the routing table. The whole idea behind VLANs in the first place was IP partitioning. Even if different SSIDs or RF spectrum is used, it all comes down to the IP handouts and whether everything can talk to one another or not. In a VLAN it's partitioned off from everything else. In my case I don't allow my IoT devices to even talk to the Intranet inside my network. They do use a different SSID, but I can chose to allow that SSID to talk to my devices internally. VLANs as well. Read this Wikipedia article: VLAN - Wikipedia

There are plenty of articles to be found on the web that explain the difference between subnets and VLANs. Here are 2 examples:

Subnet vs VLAN | Orhan Ergun

The Difference Between VLANs and Subnets - Component

As you can see for yourself, like I said it depends on what you have and what your intended goals are. I suppose that IoT controlled power switches to open the garage door or turn on the lights do not generate that much traffic (in your average home scenario anyway) so, depending what else you've got on your WiFi, you might or might not need VLANs to fine tune wireless performance, but as the 2nd article explains, VLANs don't magically create more bandwidth. Similarly, the ability to use VLANs to separate insecure IoT devices from each other does not magically turn them into secure IoT devices, but if you are feeling courageous, then maybe you could decide to still give it a shot anyway after all─and if you do, then please let us know how that panned out... LOL!



That said, here you go:
Service set (802.11 network) - Wikipedia

On my Asus it also is possible to specify a list of MAC addresses on each SSID such that devices whose MAC address doesn't appear on this list are not able to communicate with devices that are connected to that SSID. (Even, if the encryption password of that SSID gets stolen.)

YMMV.

Subnetting is not a real VLAN...

Subnetting and VLANs are not about RF performance or whatever... certainly not about "fine tuning a network."


VLANs are not about 'creating more bandwidth.' Who said that?


You use many keywords and whatnot that suggest you have narcissistic tendencies... Dunning–Kruger Effect - The Decision Lab

F22 Simpilot said:

, but I can chose to allow that SSID to talk to my devices internally.

Thanks for proving my point, which is that it's still possible to deny that access, REGARDLESS of whether you use VLANs.