Stop home IoT from reaching the internet with Linksys Velop as a HomeKit Router

Linksys has begun distributing a firmware update that turns many of the Velop mesh routers into Apple HomeKit compatible routers.

What is HomeKit Security for Wi-Fi Networks & Routers?

For users of HomeKit home automation devices, this gives the user the ability to decide how much or little the device has access to the Internet.

What’s really nice about the feature is that once the routers are set up, they integrate into Apple’s Home app. All management for devices and restricting their access is done within the Home app.

The routers have three levels of access you can grant:

1. Restrict to Home – only allow connections to your home hub (an AppleTV, iPad, or HomePod). This could block firmware updates or other services, depending on the device.
2. Automatic – allows connections with an automatically-updated list of manufacturer approved Internet services and local devices.
3. No restrictions – this is what it sounds like. Devices can make as many connections to the Internet as they like, for whatever purposes the manufacturer allows.

How to set it up

Initial setup is not difficult: you use the Linksys app to set up the router, adding a primary node connected to your ISP, and then add individual mesh nodes after that.

Once that’s complete, and the units update to the appropriate level of firmware, the app guides you to set up Apple Home Integration. The steps are similar to adding other HomeKit accessories to Home.

You name each router and assign it to a room. However, they don’t appear as devices in Home’s rooms. Instead, you only access them by tapping on Home in the upper left corner of the Home app, settings, and then selecting Wi-Fi Network & Routers.

There, you’ll have the ability to impose HomeKit security and assign access restrictions for individual devices.

Connections

The nodes themselves have 2 Ethernet jacks on their bottom. Unlike other routers, they aren’t labeled “Internet” or “LAN”. They figure out if a port is an Internet port by whether you plug in a cable from your modem or not. If it gets DHCP from your ISP on a port, that port is now the Internet port.

Wireless nodes can use their ports to provide service to a wired device.

Caveats

In the past, in order to make HomeKit perform optimally without issues, we’ve separated the 2.4GHz and 5GHz networks with separate SSID names, and disabled Wi-Fi multimedia optimizations that prioritize large video data over the small amounts of data that home accessories send.

While the Linksys Velop does allow you to separate the SSIDs if you configure them via a web browser, if you setup via the app as they expect, you’ll have one network name for both frequencies. In order for Velop to integrate with Apple Home, one SSID for both 2.4 and 5GHz bands is required.

Bridge mode is not supported. The Velop units have to be assigning IP addresses via DHCP as a router, not acting as Wi-Fi access points.

What HomeKit Security really is

The reason the Velop units have to be a router, not bridged to another router, is because this is really just a very simplified firewall interface. The options in Home configure firewall rules stored in the Linksys units, which block or allow access to the Internet.

A little history

We’ve been waiting for Linksys to make this available for months. HomeKit Secure routers were first announced back in June 2019 at WWDC. It took until February 2020 for the first one to appear, and only now is Linksys beginning to make it available.

The goals are pretty clear. Networking is traditionally difficult. Finding ways to simplify it while still making the esoteric options some users need available is difficult work.

Making a router that doesn’t require separate SSIDs or Wi-Fi multimedia prioritization to be configured to perform well with HomeKit is a challenge, and making it integrate into Apple Home for greater control over which devices can reach the Internet is, too.

The beauty of it is that having a HomeKit Secure router is one more way that Apple and Linksys are able to deliver on Apple’s privacy promises.

The Linksys Velop AC6600 retails for $399. That’s $130 per mesh node if you divide the price by 3. The connection is solid and stable. If your goal is trying to even out signal dispersion and make sure all the devices in your home get a strong connection, mesh networking and Velop in particular, are a good way to accomplish that.

The AC6600 is a Tri-Band system, which uses one radio for backhaul, so your device’s traffic isn’t slowed down in the process. They can also used wired backhaul if you happen to have Ethernet wiring in the home.

Specifications

• Tri-band 3-pack
• 1 2.4GHz radio, 2x 5GHz radios
• Each 5GHz radio carries up to 867MBps
• Nodes alternate between the 5GHz radios to provide seamless connections between nodes.
• Each node can cover up to 2000 sq ft.
• Each node has 2x Ethernet.

Pros and Cons

Pro:

• Easy to set up and integrate into Apple Home
• If you don’t trust your home automation accessories, this is an excellent feature

Cons:

• Hard to place well – nodes have a light to indicate status, and show orange if too far from primary node. The app only says, ‘try placing closer’, with no real guidance on how it’s actually doing.
• If you have a pre-existing setup with 2 SSID, this can mean giving up on one, or re-setting up all HomeKit accessories to a new unified network name.
• Keep track of which ethernet jack you used for the ISP connection. Switching it to the other port won’t work, and requires switching back or resetting and setting up from zero.