Hi,
Seen a few posts with varying information, so just wanted to make a quick check with the experts here.
I have everything running on the same SSID network at the moment (I know…). I noticed my Mesh network (X55 TPLink) can split into multiple SSIDs for privacy, so wanted to move everything around for security purposes.
SSID-A - Private Network - Computer, my phone, etc
SSID-B - Guest Network - People visiting join using this SSID instead
SSID-C - IoT Network - HA RaspPi and all devices will be connected to this network only.
Is there a hierarchy in this setup? ie:
C (IoT) can access internet and other IoT devices only.
B (Guest) can access internet and everything on B and C.
A (Private) can access internet and everything on A, B and C?
So basically: can I confirm that the above setup will still work with HA, even if all the devices are on IoT SSID and the mobile app (my phone) is on the Private SSID?
Haven’t tried it, but my guess would be that you’d only be able to access HA and other IoT devices with your phone if you had remote access set up. Same would go for your guests.
You set your rules on the router.
Normally it is not recommended to run multiple VLANs with HA, but you have chosen the best solution for it and that is to run all IoT devices and HA in the same VLAN, which makes it doable.
You will need to open port 8123 from your private VLAN to your IoT VLAN to make it work.
Depending on what other connections you might have to devices on the private VLAN you might have to open more.
VLANs do seldom pass discovery information between them, so you will probably have to do manual setups of other devices on your private VLAN and that often means entering IP addresses, which again means that the IP addresses on those specific devices needs to be locked, either by DHCP reservation or by setting static addresses.