Okay, so the only time I would have to worry about a higher tier EdgeRouter until I have true Gigabit Fiber. VDSL’s limit is basically 150/100 if you do a dry loop, so EdgeRouter X is good enough.
Congratulations, it sounds like you are figuring out a way forward. I’m not sure if you care to discuss this any further, but I’ll kibitz a little more.
It sounds like you are planning to plug both the AC68U and AC86U into a third router which connects to the WAN (likely an EdgeRouter X). Done in a straightforward way, this puts the two AC routers on separate subnets. Voila! Your goal of isolation from gear on the other subnet is achieved.
A VLAN allows logical separation between devices on the same subnet, but devices on different subnets are already separated. (A VLAN can also allow logically grouping devices on different subnets, but that is the opposite of your goal.)
By “straightforward” setup, I have in mind:
- the AC routers are not in “bridge” mode, so use different subnet addresses on their upstream (“WAN”) and downstream (“LAN”) sides;
- the WAN router does not have routing rules specially configured to allow the two subnets to communicate with each other.
Good luck with your setup, and please let us know how it turns out.
Just following up…
… how’s this working out for you?
Capital what
Other than the usual problems with VPNs, isolating in VLANs has been helpful. Though the FTTH/FTTB backdoor means all packets could still be captured if someone really wanted to.