Hello. I’m setting up Home Assistant on my Raspberry Pi for the first time and I have a question.
I have a home router that I use to connect to the internet.
I want to have a separate network for the smart devices so they don’t have access nor to the internet nor to my other devices like phones and PC.
How would you recommend me to implement it? Should I have another router specifically for the smart devices and Home Assistant? Also I want Home Assistant still has access to the internet, so to be somehow connected to the main router as well, but I don’t see a way to connect it to both the isolated (for the smart devices) and the main networks.
What options do I have?
1 Like
first make sure your smart devices don’t rely on internet access to operate (eg. Any cloud based devices). A relatively simple solution is guest network which most routers support out of the box; this typically provides internet access but isolates the device from the rest of the network.
If you really serious about this though [may cause severe headaches if not properly setup and could introduce new security issues if not done properly] you could go for a router which supports vlan. Either out of the box (Unifi for example) or open source (a router which allows openwrt could work). Any switches you own as well as access points should support vlan tagging as well for this to work. This enables you to set up multiple isolated networks.
There is lots of information on the internet on this topic. Good luck!
1 Like
Build VLANs between the two networks and use a layer-3 switch or other firewall interface. I have all my IOT network on one VLAN, including a different wireless network. I have a Cisco Layer-3 switch to connect up the different VLANs and I have an access control list on the VLAN interface for my IoT network that only allows the traffic that is needed.
For instances, HA requires access from my normal network so I allow that, and a static IP address is assigned. I do not allow anything from my normal networks to any other IP Address. Those devices do have DNS access to my PiHole servers.
It can easily be done. It does require someone who understands computer networking.
1 Like
You can also check your network traffic using adguard addon. You can disable network access for some devices like wifi smart switch or reroute their traffic. But the problem is, at least in my case with tuya wifi switches, that they have to call in to ccp or their cloud. If they don’t they get mad and start to flashing lights on off.
But your smart devices whatever they are have to communicate with ha and your ha instance is communicating with the internet.
1 Like
Guest networks might not work because access from the primary network to the first network might be limited t and impossible to configure in the router.
VLANs is the way to go and then let the router and it’s firewall handle access and blocks.
You should move all your IoT devices to the IoT VLAN, which also include HA. This will allow auto discovery of your devices.
The issue with VLANs is that your APs also should support them, so you can have multiple SSIDs, but those APs can be expensive.
2 Likes
@user45984 Have you accomplished isolating smart home as you wanted to? Would be interesting to know the approach you took. Thanks.