Trying to track visitor presence/activate 'guest mode' via a guest network - is this possible?

When I have visitors over for a few days, I’d like to avoid giving them access to my main Wifi network. Therefore, I’ve setup a guest network on my Linksys Velop system and can give them access to this.

What I’d like to automate, if possible, is that the moment a device connects to this guest network HA flips a Input Boolean to activate a Guest Mode that alters some standard automations like lights, thermostat, etc. Then, when all devices leave the guest network, the Guest Mode is switched off, returning things back to normal.

Have done some googling and it seems that setting up an Nmap device tracker might be the solution i’m after but i’m struggling to get it to work.

I can set up Nmap tracking for devices on my main network (192.168.1.1) but when i try to do the same for the guest network (192.168.3.1) it doesn’t pick up any devices.

I’m new to HA, but i suspect the issue is that HA can’t see across subnets? Even though the Nmap documentation seems to allude to the fact that this should be possible. Or am i misunderstanding something key here?

Here’s what i’ve put in my config.yaml, for reference:

device_tracker:
  - platform: nmap_tracker
    hosts:
      - 192.168.1.148
    home_interval: 10
    exclude:
      - 192.168.1.163
      
  - platform: nmap_tracker
    hosts:
      - 192.168.3.0/24
    home_interval: 10

Any suggestions would be appreciated. At the very least i’m sure i’ll learn a little more about what’s possible/not possible with tracking via Nmap :slight_smile:

I had some issues with the nmap tracker (on the same network) and didn’t attempt to work out what was causing it to not work. I have a Raspberry PI with Raspbian so I wondered if there might be a problem with the nmap version I was using.

As far as the non-local subnet goes - that should be okay since namp uses ping to discover the hosts, but only if your HA machine can reach devices on the guest network - you might find that given it is supposed to be a guest network, it might be firewalled off from your main network? You should be able to check that by trying to ping a guest machine from the HA machine.

Thanks for the reply, Chris. Great idea to ping the guest network! I gave it a go and, as you suspected, it timed out. looks like the Raspberry Pi my HA is running on can’t access the guest network. I guess I can root around the Linksys Velop settings to see if i can open things up, but in my experience it’s a pretty restrictive system so I suspect not much will be possible. Would setting up a second SSID on an old router maybe be an option?

Yes it would be an option to set up a separate SSID, although you’d then have to do the firewalling manually between the networks.

Depending on your skill set, there are a few things you could consider doing:

  • Scrape the router DHCP / network admin page to read if there are any active stations associated with the wifi network. Given that you just want a simple yes/no answer, that might not be too complicated to do.
  • Check if any of the device tracker integrations already do this for you or can be adapted. For example the linksys_smart integration
  • Use something permanently connected to the guest network that can do the scanning for you. But you’d still have to find a way to get those results between the networks.
  • Build and manage your own guest network as you suggested. You could use an openwrt based device for this purpose - I have this kind of setup.

HA can see across subnet if I remember correctly

It’s possible nmap prob is blocked to guest network. Just run nmap from HA host server to check.

Also, I think iPhones MAC address changes or randomize. Not sure if this is true but just be aware of this since it may affect how a guest appears.

Hey @milkplus, did you ever resolve this issue?

I am facing the exact same problem with nmap not being able to scan a host on a different subnet / vlan and I know for a fact that it is reachable from my Hassio installation as a Node Red instance installed on the same Odroid-N2+ is connecting to the host and I can see the active states in my firewall.

There’s definitely some issue with the current implementation of nmap and subnets / vlans in Home Assistant.

Normally it is more of a router setting. I can just say for OpenWRT and FritzBoxes, they block some protocols by default, others stay available. I have no idea what NodeRed uses, but I can say for sure, that I have to allow ping in the firewall settings of the router for the VLANs in OpenWRT. :slight_smile: Otherwise access to the VLAN is possible, but only for http(s). All other protocols, including ping need explicitly to be allowed.

Yeah, nope. Never did figure it out and ended up throwing in the towel. Like you said, I think there’s something broken with the nmap component with regards to separate subnets.

Recently switched to a Ubiquiti Unifi system though, which tags any entities on my guest VLAN with an is_guest attribute through the official Ubiquity integration. This has helped solve my problem. Wasn’t the reason I switched to Unifi, but was a very pleasant byproduct!

1 Like

Thanks, but that’s not it.

I can scan the target host (a smart TV) with nmap and confirm it’s up from another device on the same vlan as Home Assistant → confirmation that icmp is allowed on the firewall. Also, unfortunately the smart TV blocks pings (which is why I am forced to use nmap), but I can ping other hosts on the target vlan from Home Assistant → confirmation icmp packets are allowed not only from the vlan of Home Assistant but from Home Assistant itself.

That’s cool. How reliable is it, e.g. how long does it take for it to mark the guests are gone, once they have left the Wi-Fi?

Also, don’t you have problems with the phones disconnecting from the WiFi once their screens are turned off for a few minutes?