I have configured the Surf SOHO with the Untagged VLAN as the primary “secure” network for ethernet and the first AP. I also set up a second VLAN as a Guest network with a second AP using different IP addressing.
Then I configured the Access Control Settings on the primary network AP to “Deny all except listed” and I have entered the MAC addresses of the devices that they want to have access to that network.
Next, I told them to go get their own modem and return the Comcast modem/router.
So now they seeing only their own devices on their network and they are not seeing the neighbor’s devices any more.
Now the only problem they have is keeping their cell phones from being hacked. One Apple employee was very interested in helping solve the problem, but that employee is no longer with the company. That happened quickly. Hmm…