On Thu, 28 Dec 2017 22:41:57 -0500, "Chuck Church" said:
If we'd just put a stake in the ground and say residences can have one router and bridge everything below that we'd be further ahead. I just can't see 99.999% of users being interested in subnetting their homes and writing firewall rules so their light bulbs can't talking to their DVRs.
So you'd rather write firewall rules so that people using your "guest" side of the *bridged* network stay out of the *other* side of the *bridged* network? (Hint: What does "bridged" mean for where packets go?) If you have the ability to set up multiple subnets, it's easy: Subnet 0 is wired local ports on the back of the router Subnet 1 is your local 2.4ghz wireless Subnet 2 is your local 5ghz Subnet 3 is your guest 2.4 Subnet 4 is your guest 5ghz. Subnets 0 1 and 2 can talk to each other, Subnets 3 and 4 can only talk to the outside world. Probably want a few more subnets for all the crapware that's shipping as part of the Internet of Pwned Things. Or you can try to do all this in one bridged subnet. Have fun with your nervous breakdown. :)