1) I don't trust devices to respect VLANs. I trust the switches to respect VLANs, but not devices. When the VLAN-tagged traffic hits WiFi the VLAN is lost. When it's received at the AP the AP can choose to tag it again before entering the switch. I think I'd still do multiple SSID's + VLAN's so wifi clients intended for different VLANs are not communicating on the same "virtual AP"? I worry my Google IOT devices could be in promiscuous mode looking at everything. Multiple SSID's would separate them from other devices by encryption.
2) I've read a couple articles saying rate-limiting IOT and Guest networks results in more service interruption than one would expect. Simply prioritizing the main network traffic over Guest & IOT is a better setup. How do we do this in OpenWRT?
This is not Area 51 and a client which doesn't respect VLAN tagging should somehow send packets to a different gateway IP. I don't see a way for a device to know where to send packets if it did break out from VLAN
1) I don't trust devices to respect VLANs. I trust the switches to respect VLANs, but not devices. When the VLAN-tagged traffic hits WiFi the VLAN is lost. When it's received at the AP the AP can choose to tag it again before entering the switch. I think I'd still do multiple SSID's + VLAN's so wifi clients intended for different VLANs are not communicating on the same "virtual AP"? I worry my Google IOT devices could be in promiscuous mode looking at everything. Multiple SSID's would separate them from other devices by encryption.
2) I've read a couple articles saying rate-limiting IOT and Guest networks results in more service interruption than one would expect. Simply prioritizing the main network traffic over Guest & IOT is a better setup. How do we do this in OpenWRT?