Tabletop Wifi with multiple SSID and VLANs

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Tabletop Wifi with multiple SSID and VLANs

1 | 2

richms

29099 posts

Uber Geek
+1 received by user: 10210

Trusted

Lifetime subscriber

#2321500 20-Sep-2019 18:35

I've found many iot things assume a /24 for the network and freak out when larger. So need to split it for that reason. Also my outdoor up cams all have their own vlans and ssids.

Iot junk make updating wpa key or said hard so I have a longer complex wpa key for iot things since it will probably never be changed. Wpa keys are the one place that regular changing and having complex ones make sense.

Richard rich.ms

cyril7

9075 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#2321505 20-Sep-2019 18:48

Hi so your a domestic residence with more than 250 devices including IoT??

Cyril

Handle9

11925 posts

Uber Geek
+1 received by user: 9675

Trusted

Lifetime subscriber

#2321519 20-Sep-2019 19:11

cyril7: Hi is there any real reason to isolate IoT stuff from your main network, how many IoT devices do you have and what's your logic for separating them, just asking as a network engineer as to your reason.

Cyril

I'm pretty dubious about security on a lot of this stuff. Much of it never gets a firmware update and has a nasty tendency to phone home. I'd prefer to keep everything pretty locked down and locally controlled.

It also gives me something that scales. At the moment it's about 15-20 devices but knowing my OCD it's only going up.

richms

29099 posts

Uber Geek
+1 received by user: 10210

Trusted

Lifetime subscriber

#2321531 20-Sep-2019 20:00

cyril7: Hi so your a domestic residence with more than 250 devices including IoT??

Cyril

Its more having many things on static allocations in strange places, like all the fire tv devices are in the 172.16.2.70-79 range, etc which means I dont have a large enough contiguious block to use for DHCP.

Also past devices with no security like belkin wemo would be accessible to anyone on the wifi and it would also learn them into the app so they could then remote control them, so I wanted them off the main lan range that I let other people use.

If I get all the $5 wifi strip controllers up and running like I have been meaning to, I would be well over 150 devices on the network.

Richard rich.ms

Tinkerisk

4798 posts

Uber Geek
+1 received by user: 3660

#2321599 20-Sep-2019 21:07

Could be fun when an IoT gimmick reveals your wifi password and eMail credentials. :-)

- NET: FTTH & VDSL, OPNsense, 10G backbone, GWN APs
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT: thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D: two 3D printers, 3D scanner, CNC router, laser cutter

bignose

143 posts

Master Geek
+1 received by user: 22

#2321812 21-Sep-2019 08:28

as others have mentioned unifi flex-hd ticks your boxes - it's no longer beta access and is now in the general availability unifi store, so presumably stocks should be available here soonish - maybe drop gowifi an email?

https://store.ui.com/products/unifi-flexhd

Lego

Shop now for Lego sets and other gifts (affiliate link).

cyril7

9075 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#2321830 21-Sep-2019 08:55

So re security issues, are the vlans routing on a L3 switch or Router/Firewall, and regardless I presume the switch has ACLs to block inter-vlan traffic and the Router/Firewall also has rules to block??? or can traffic route.

Further, paranoia of IoT and cameras etc accessing other devices on your network, one presumes there are firewalls on all your PC/Laptops/tablets to block inbound initiated connections (this is normal) or have you let them loose. If you have open shares then you might have an issue I guess, but beyond that, seems like paranoia, but each to their own.

Cyril

1 | 2