IoT Device Isolation / Xfinity Wifi Hotspot?
I'm a new Xfinity customer. I purchased/subscribed the the Unlimited Data Plan and am using the Xfinity supplied device. First off, setup was easy and I'm getting a great signal across my whole house. But...
But, what I thought would be easy, because I've done this at my old home with a different cable/internet provider, appears to not be supported with Xfinity - which I provide really surprising. What I want to do is simply and in accordance with all internet security best practices these days, segment all the IoT devices on my house onto a separate "IoT only" network. So they they won't have connectivity to things like my desktop and laptop computers, SAN storage, etc. Preferably even on the IoT network, they'd be isolated from one another.
But there appears to be no clear way to set this up using the device Xfinity provided (model CGM4981COM) unless I'm missing something.
Reading through these forums, I don't see an alternative but I find it hard to believe that's an acceptable answer. I also considered using the "Xfinity Wifi Hotspot" that I enabled. On the surface, it appears that being able to use it would seem to meet my needs, but I don't see a clear way to provide these (rather dumb) IoT devices with the access details to that network. It seems Xfinity wants this "guest network" to be available only to peoples phones that it recognizes and isn't something I can use for my purposes. That kind of makes me want to just turn off this feature of the their gateway but maybe I'm missing some clever way to leverage this?
To be clear, an idea like connecting my own wifi router south of their gateway, won't solve my security concerns unless there was a way to tell their gateway to isolate traffice to/from that network from its wifi and lan.
Am I going to have to resort to learning how to put their device into "bridge mode" and do the "3 router" thing (https://pcper.com/2016/08/steve-gibsons-three-router-solution-to-iot-insecurity/).