Hello,

This is my first TP-Link product. Previously, I used the ASUS RT-AC88U, then I switched to the RT-AX86U.

My problems began when I attempted to run dual WANs, as I now work from home most of the time, and an outage means I need to take PTO or drive to the office. My ISPs are Comcast and Verizon. I chose two ISPs because I received an advertisement in the mail offering Verizon service for $29/month with no contract or rate increase, even though it's only a 400MB/s service. Comcast claims to offer 1GB/s, but realistically, you get around 800MB/s.

Both ASUS routers support dual WAN, but I think this was more of an afterthought, or something they assumed could be easily implemented. In reality, it comes with many issues such as disconnects, the need for daily reboots, and devices stopping accepting new clients, whether wireless or wired (e.g., I turn on an iPad, and it won't connect to WiFi until I reboot a few times). This is the same issue with wired connections; new devices need multiple reboots to connect. I will admit, when I had fewer devices, the problem was less apparent. I have added about 24 Smart WIZ lightbulbs and switches, and 9 Tuya cameras. This, along with 4 laptops, 1 desktop, 1 PS5, 1 XBOX-1X, 1 XBOX-X, 1 Roku, 1 Smart Vizio TV, 3 iPads, 1 Android phone, and whatever else comes my way to repair that day. The laptops all run Cisco Secure Client VPNs. I also provide my neighbor's Router (Linksys) WAN port with a feed so they can have internet (yes, this creates a double NAT).

So, my configuration is as follows:
WAN Port = Comcast
WAN/LAN Port #2 = Verizon
LAN Port #3 = repurposed Asus AX86U as an Access Point, DHCP disabled, using TP-Link DHCP
LAN Port #4 = Netgear 8-port blue metal gigabit switch, the little dumb ones
LAN Port #5 = to my neighbor's WAN port on their Linksys

I have assigned 10.10.10.0/24 as my subnet, the TP-Link ER605 has the IP=10.10.10.1, and the DHCP Range is 10.10.10.100-10.10.10.254.
The Asus AX86U has a static IP of 10.10.10.50.

Here is my question:

I would like to put the neighbors on their own VLAN, so that they cannot see, ping, or access anything on my 10.10.10.0/24 network. I was thinking I should do a MAC-to-IP reservation to ensure their device (Link WRT) is always assigned the same IP. They would still need internet access, but nothing from my network, just allowing them to send and receive data streams they initiated. I do not need to DMZ their WAN port on the TP-Link ER605V2.

How might I best accomplish this? I read the 1910013510_ER605(UN)_UG.pdf user guide, but it does not go into detail about what happens when you configure a VLAN. I also do not know if I should tag or not tag packets for the VLAN I would want to assign to them.

I know this might seem like a simple question, but I wanted to ask, and also see how well support works for these products.

I have many other questions, like whether I should get an Omada controller, which is the best PoE switch, as I might want to switch my cameras to wired PoE vs. wireless. I would need at least a 16-port switch. I would also need to figure out the power requirement of the Tuya cameras; I think some support PoE already, and for those that do not, I could always use injectors with ends that have a 2.1mm barrel connector if they don't support PoE through Ethernet.

Thanks for taking the time to read my question. I just don't want to break anything and was hoping I could get a little beginner's help. For what it's worth, everything is working 100% now, everyone has internet and all is working. I used the Load Balance mode for Dual WAN, but I have other questions about how that works too, perhaps another post if all goes well here.

Best regards,

David P. Howard