What Devices do I put on an IoT VLAN

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › What Devices do I put on an IoT VLAN

Earbanean

1110 posts

Uber Geek
+1 received by user: 377

#303029 11-Jan-2023 13:50

I've been meaning to set up an IoT VLAN for some time, and with all the bad weather, I probably have time now. I've already set up a guest Wifi VLAN with appropriate firewall rules etc, using an Edgerouter Lite and Cambium e400/e410 WAPs (tagging through SSIDs). I plan to do similar for the IoT VLAN, except also add wired ethernet devices, by tagging on our Netgear managed switch.

So the question I have is, which devices should/shouldn't go on the new IoT VLAN? Here are my first thoughts:

- Main VLAN: PC, laptops, phones.

- IoT VLAN: Ring doorbell and 2 x chimes, Escea gas fireplace, TP-Link Tapo smart switch.

- Not sure: 4 x Sonos speakers, 3 x Amazon Echo Dots, Apple TV.

cyril7

9075 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#3020049 11-Jan-2023 13:59

Hi, not sure what you are trying to achieve, purhaps some security from vunrabliities in IOT devices? personally I would not bother.

As for your last "Not Sure" vlan, I would not do that, you will create a lot of grief for yourself, unless you have an Avahi proxy on the network any chance of mDNS allowing airplay/chromecast to work will break.

Cyril

Earbanean

1110 posts

Uber Geek
+1 received by user: 377

#3020064 11-Jan-2023 14:13

cyril7:

Hi, not sure what you are trying to achieve, purhaps some security from vunrabliities in IOT devices? personally I would not bother.

As for your last "Not Sure" vlan, I would not do that, you will create a lot of grief for yourself, unless you have an Avahi proxy on the network any chance of mDNS allowing airplay/chromecast to work will break.

Cyril

Sorry, I wasn't clear. I'm not intending to create a 'Not Sure' VLAN. I was just saying that I wasn't sure whether those devices would be on the Main VLAN or the IoT VLAN. I was thinking probably on the main VLAN.

cyril7

9075 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#3020072 11-Jan-2023 14:29

Hi, yes if you do create an IOT vlan, then leave your AV devices on the same network as your mobile/tablet devices or lots will break, unless you go all out and build an Avahi proxy, which in a domestic setting is a bit OTT

Cyril

richms

29098 posts

Uber Geek
+1 received by user: 10209

Trusted

Lifetime subscriber

#3020149 11-Jan-2023 15:09

I have all the cloud connected tuya, ewelink and some other app I forget smart bulbs on their own vlan that can see the internet but not the other networks. Just connect the phone to it when adding devices. It has a loooooooooon PSK since its a pain to change that.

I have a ssid for my smart speakers that is on the same vlan as my important stuff, but again, it has a much longer PSK since changing is a pain. This also has some of the chromecast/firetvs on it. SSID has to match for echos to be happy to group up it seems.

I have my one that I use for phones/laptops, and some of the other devices I have not moved yet. It has a shorter key as I often have to enter it into things so I periodically change it. Its well overdue for a change. Has some streaming devices connected to it because they were set up before the above SSID.

I have a third vlan for chinese IP cameras. It cannot see the internet, it can be seen from the other vlan with devices on it so I can see the cameras. I have a slightly more trustable NVR that I have on the main vlan that I have some cameras added to so that I can see them when not at home thru the NVR providers cloud and app.

My home assistant machine had had interfaces added on all vlans so it can directly see everything. So does my desktop PC so I can watch all cameras from it.

Richard rich.ms