Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1836 posts

Uber Geek


# 261828 17-Dec-2019 09:37
Send private message quote this post

I've been seeing this mentioned more and more lately and am wondering if I should do this at home. At the moment the only IoT devices I have are a Wyze camera, a Google Home Mini and a Google Chrome, but in the future I might add plugs, etc. I've also got a couple of PCs, a couple of games consoles, a Raspberry Pi with Kodi, a couple of phones and a couple tablets; all on WiFi. Two person household so not all of these devices are being used at the same time. It's a smallish house and WiFi reaches everywhere satisfactorily.

 

To set up a segregated network do I need to have two routers or can it be done within the one router? I'm using a Vodafone Ultra Hub and I actually have a second Ultra Hub that I could use because Vodafone sent me a second one when I switched from VDSL to fibre.

 

Any suggestions on how to set this up would be gratefully received.


Create new topic
1596 posts

Uber Geek


  # 2376819 17-Dec-2019 10:09
Send private message quote this post

Hope you don't mind me tagging onto your thread; I am actively looking into this now and how best to do it.  I too have a growing collection of devices I want on their own VLAN.

My plan was to move to a complete Unifi setup, adding a PoE switch to the 2 existing AP's I have.  My reason being it's easier with 1 vendor, and Unifi are supposed to make it 'easy'.  BTW this is excellent reading on how NOT to do it:  https://arstechnica.com/information-technology/2018/07/enterprise-wi-fi-at-home-part-two-reflecting-on-almost-three-years-with-pro-gear/5/

However I have a similar situation as you - 2 x Spark Smart Modem's, that may allow for the same setup a you.

I am not a router guru, but I would say as long as the two routers are on different subnets, say 192.168.x.x and 172.16.x.x it should have the same effect.  Your problems may come from creating rules to allow communicating between the routers, for example if you have a IoT device on one network and want to control it from the other (say a cellphone).

Maybe try setting up the second router on a different subset and then make sure your IoT devices connect to it, and see how you go.  You can always reset everything if it doesn't work :-)


22896 posts

Uber Geek

Trusted
Subscriber

  # 2376823 17-Dec-2019 10:12
Send private message quote this post

Just get the unifi USG - so easy on it. Takes some work to block communication between the vlans. Once the iot tat is talking to its cloud you dont need a device to see it, so just connect to the iot ssid when you want to set something up and then go back to the normal one to use it day to day.

 

The only things I have going between my vlans is for watching my cameras.





Richard rich.ms

 
 
 
 


1596 posts

Uber Geek


  # 2376825 17-Dec-2019 10:15
Send private message quote this post

richms:

 

Just get the unifi USG - so easy on it. Takes some work to block communication between the vlans. Once the iot tat is talking to its cloud you dont need a device to see it, so just connect to the iot ssid when you want to set something up and then go back to the normal one to use it day to day.

 

The only things I have going between my vlans is for watching my cameras.

 



This is something I have never been sure off - I thought you didn't need the Unifi GATEWAY for this, I thought I could do it with just the Switch and AP's?  Or is the USG a requirement?


836 posts

Ultimate Geek

Subscriber

  # 2376831 17-Dec-2019 10:25
Send private message quote this post

I have started doing the same thing and I would refer you to this awesome video Series: https://www.youtube.com/watch?v=p3SfeQTaaxw

 

I moved a couple of things but then for most devices, there seem to sort of require both Network on Internet access. Eg my Wyze Camera. Seems like just Internet is OK but I haven't mmanaged to hook it up to the Internet only network. Also, if you use RTSP, then you need LAN anyway...

 

Same with Google Home. Requires internet definitely but also most likely requires LAN for Casting, etc..

 

I havew managed to move the odd Chinese plug or LED light onto a LAN only network, though... They show up as "offline" on the official crappy app but still manage to talk to my Home Assistant instance and are therefore still controllable \o/

 

Hope that helps

 

 


22896 posts

Uber Geek

Trusted
Subscriber

  # 2376833 17-Dec-2019 10:27
One person supports this post
Send private message quote this post

You need a router to get the traffic onto those vlans, if you have 2 cheap ISP routers that will not really do it, since your only options are to cascade them and that would still leave one network fully accessible from the other one. A USG or other proper router will have 2 seperate internal networks that both are natted to the WAN, but you can selectivly block or allow ports and IP addresses between them with rules. Not gonna get that outof a basic home router without reflashing it with something else and thats a whole massive timesink to go down.





Richard rich.ms

4325 posts

Uber Geek


  # 2376835 17-Dec-2019 10:31
2 people support this post
Send private message quote this post

Just think carefully about what devices you put in an isolated network. Chromecast for instance uses multicast so you then start talking about multicast routing and mDNS... starts to become rather pointless and overly complex in a home environment.

 

In my home network, I have a VLAN for "home automation" but it's more for ease of management rather than security (there are around 40-odd devices, like switches, sensors, relays etc). None of my home automation uses cloud services (mostly just MQTT internally) so there isn't a security issue. Chromecast, the TV's, etc sit on the 'trusted' network to keep things simple for the likes of casting and Spotify.

 

Also, simply using different subnets doesn't automatically mean they won't be able to communicate as the default action of your particular router may be to automatically populate the routing table with these subnets, and therefore allows them to communicate. So you need firewall rules to stop communication.


1074 posts

Uber Geek

Trusted

  # 2377395 17-Dec-2019 23:30
Send private message quote this post

timbosan:
richms: Just get the unifi USG - so easy on it. ...
This is something I have never been sure off - I thought you didn't need the Unifi GATEWAY for this, I thought I could do it with just the Switch and AP's?  Or is the USG a requirement?

 

Firewall rules? Seems not.

 

Click to see full size

 

 

 

Static defined rules, yes you do.

 

Click to see full size





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


 
 
 
 


neb

1401 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2377677 18-Dec-2019 12:31
Send private message quote this post

MurrayM:

To set up a segregated network do I need to have two routers or can it be done within the one router? I'm using a Vodafone Ultra Hub and I actually have a second Ultra Hub that I could use because Vodafone sent me a second one when I switched from VDSL to fibre.

 

Any suggestions on how to set this up would be gratefully received.

 

 

Depends on how configurable the router is, if you can set up different ports to have different subnets and block cross-subnet routing you're done, otherwise drop them into different VLANs. That's generic advice, but I don't have a Vodafone router so don't know what they can do.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.