I just upgraded to a Netgear Orbi mesh router. I have several Shelly devices controlling my greenhouse with a satellite in the GH. The Orbi created a SSID for IoT devices. Is that an actual ‘network’ that would provide some protection against attacks? I have read about creating a dedicated VLAN for IoT. Does Netgear/Orbi support that? Where can I find documentation? Thank you for guidance!
Hi I am very new to Home assistant 1 day and counting !
But I do know that you can use the guest network on your router!
I have just done it for myself . That will isolate the IOT devices from the main Network.
I don’t think from what you describe that the SSID’s are necessarily on a separate network.
Hope that helps’
Mike
Most consumer Mesh WiFi devices have an IOT Network, however, whilst this should create a separate network it may be difficult to use with HA.
HA includes auto-discovery that uses mDNS and SSDP to scan the network for available devices. If your HA Server sits on a different subnet to the IOT devices the auto-discovery will not work.
One way to check the subnet’s is to see what IP Address and subnet mask you get if you connect a device to the wifi. Ideally you will be able to put Home Assistant and all IOT Devices in the same subnet (doubtful as most consumer routers will put physical ports on a LAN network).
1 Like
Segmented networks are not officially supported within HA.
HA is designed and expects a flat subnet to work as intended.
Just learn about firewall rules and subnet masks and use them instead of VLANS otherwise you will get nothing but pain.
This is because every segmented network is different for IP’s and number of segments and firewalls and sharing rules and about 650495849085 other things.
This does not mean you can’t use them or that they can’t be made to work, it means that to get them working you are the support structure on your own subnet(s). Consider it Advanced mode…
For another opinion, there is this: The enterprise smart home syndrome
Typically, the built-in ‘Guest’ network in a router isolates every client from every other client which would be worse than a proper IoT VLAN.
I’m running an IoT VLAN, using TP-Link Omada hardware, with my HA Server on my main VLAN. With the right ACL rules, it works well.
Most consumer level devices do not provide the ability to set the right ACL rules (you mention TP-Link Omada which does, whilst TP-Link Deco does not).
1 Like