An SSID for the guests and traffic log?

In the Beryl AX, under Wireless, I have enabled both 5ghz and 2.4ghz. I'm assuming that regardless of which band I use, they will both utilize all the settings that I have enabled/disabled router-wide including Adguard Home, right?

For guests, I don't want them to use the main SSIDs for the 2.4ghz and 5ghz networks. In the firmware, there are way fewer options to select from, but I can assign a new SSID. Once I set the new SSID and password, how will the guests benefit from the settings that I have enabled/disabled in the router? What about Adguard Home? Is there a way to log all activities on the guest network? Are the guest networks, by default, less private and secure than he "main" networks?

No, they are even more secure and private - due to AP isolation.

AGH will be used for all traffic, even guest ones.

What do you mean by AP isolation?

Access point isolation meaning they can’t connect to all of your other Wi-Fi devices that are on the main WiFi so it’s more secure.

How would they gain access to other WoFi devices though?

Is there any way to log all activities on the guest SSIDs?

What kind of activities are you looking to find for the guest Wi-Fi?

Monitor all activities on the guest networks.

I still don't understand how the guest networks are even more private and secure. It's almost like you're saying I should use that rather than the main SSIDs.

Is there a way to exclude the guest networks from using AdGuard Home? If not, is there a way to prevent the filters and block lists from applying to any device connected to the guest networks?

Well, more private and more secure are not really measurable factors.
AP isolation will isolate each device from each other - so there is no device-to-device-communication. This is, so to speak, more secure than a LAN where each device is allowed to talk to anyone.

I didn't see that mentioned anywhere else. So the two guest SSIDs have AP isolation in addition to all the features of the main SSIDs? Nothing else? Given the lack of responses, I'm guessing it's not possible to monitor traffic on the guest SSIDs?

This AP isolation isn’t uncommon on the guest Wi-Fi. You can find this feature on most routers.

You’re still not being very specific about what you want to monitor. Give us some further information about your use case, what you would like to monitor and what your hoping to achieve.

Browsing activities. What are they doing on the network, etc?

You want to see what websites the user/users are visiting?

I don't know how to be any clearer.

You were not clear from the start. Good luck with that.

You haven't provided anything substantive so I don't even know why you even bother.

No, you can't track that. You could track DNS using AdGuard Home - but this kind of surveillance won't work with modern devices (since they won't use your AGH instance)

Tracking like DPI or Proxy isn't supported.

Thanks for the response. Didn't someone say AGH will be used since I have it enabled for the main SSIDs? What do you mean by AGH won't now be used?

Only plain DNS will be intercepted and forwarded to AGH.
If a device uses DoH or DoT (which is true for most modern OS and browsers) AGH won't be used - if not set explicitly on the device itself. So AGH isn't a way to look into traffic, more a benefit for the users itself.

I'm confused because my phones are configured to use DoQ/DoH and yet I see my queries in the log. How is that possible? You make it sound like I might have done something wrong. Perhapss my connection isn't secured or private.