Over the weekend I set up zigbee for the first time and everything was great. I wanted to make sure I was able to communicate before making a big change. Yesterday I set up an IoT network to move some devices to and started with the zigbee stick (SLZB). Using a firewall exception I am able to connect to the dashboard on my pc so I applied the same settings to my HA server IP, but it still can’t connect to it.
My setup is using HA via docker on that server with the network mode set to host. The server itself seems to be able to ping the device. Am I missing something? I’m not great with networking and this is the first time I’ve ever set up an isolated network but I thought that using host mode would mean I should still see the IoT network from the container since the server can connect to it.
Then you’re going to have to become great with networking, fast.
Also, for the sake of simplicity, move HA to that IoT network. HA expects to be on the same network as the devices it talks to, and in the case of some integrations requires that. Running it on a separate network is just going to cause you more pain.
Everything but the zigbee device is on the primary network though, and HA reaches out to the internet for a lot of integrations/entities. Moving it all isn’t an option. But I thought that having HA able to access two networks was fairly common for users.
What you’re trying is NOT for the faint of heart. And no it’s not a common config. MATTER as of current builds won’t even ‘officially’ work across subnet and a whole host of other options.
Ive been a sysadmin for over 25 years and I haven’t split my network because it’s a MASSIVE PITA (and that’s not the bread)
Last year I came to the assumption it was easier make my current internal net the IoT network and create a new default network for clients. Considering I enforce isolation on guests… That doesn’t buy me much. Instead I disallow outbound except known IP address and get annoyed every time my roborock goes down because it hasn’t talked to the internet in a while…
I understand the recommendation from the US FBI a few years ago and agreed netsec is very important. Patching is important etc. But I also submit that someone who doesn’t know what they’re doing with router tables and firewall rules can make it worse than it was in the first place with no additional benefits and recommding my mom setup an IoT network for her internet stuff… Lunacy. The specs and gear aren’t there in consumer space.
Nope, not even close. Common is one network. If people want to split their networks then the advice is always to move HA to the IoT network.
As Nathan said, Matter/Thread won’t work across networks, neither does mDNS (sure, you can bodge it, but it’ll break). Many devices won’t even talk to a system on another subnet, and many of HA’s integrations won’t work across subnets either.
An IoT network only makes sense if:
You’re totally at home with networks, VLANs, mDNS troubleshooting, etc - and you enjoy that
You’ve done an actual risk assessment and identified that not doing that significantly increases the risk to your home network (and you’ve done all the other good practice already)
I chose to start with that because it’s the newest addition and not having it connected wouldn’t hurt any automations/functionality. Once I felt like it was working I was going to move forward with all things that don’t need internet to function, but from everyone’s comments it sounds like that’s not a good idea in my case.
Off of recommendations from Nathan and Tinkerer I think I’ll just leave everything as it was and add an IoT network as a stretch goal, waaaaaay to the bottom of the list lol. Thanks guys
