Using an RPI installation as an isolated wifi accesspoint for wifi smart devices

I would like the wifi smart devices I use to be isolated from the rest of my network. My plan is to use the RPI as a WIFI access point and connect these devices directly to that. Ideally this wifi network should be local only, and the RPI still using ethernet for regular internet access with complete separation between the two networks. Is this doable?

So to clarify.
You want a network, using your HA instance machine as the wap (wan0) to a local dhcp server and all yore ‘smart’ stuff connected to that.
You also want eth0 (wired lan) to be a member of the rest of your household lan managed by (say) your router ?
No, that’s not possible with a standard installation and probably not with a Ubuntu / Debian install either but I’ll leave that to @DavidFW1960 (who knows a helluva lot more about both specialist OS configurations and specialist lan configurations than I will ever hope to).

Instead why don’t you just extend your standard network beyond /24 and define a subnet for your smart devices ? (though traffic would still be on the same lan, routing should minimise clashes unless of course you have no wired infrastructure at all) Again, David or Flamingm0e would be best to answer that.

Take a look at this add-on, might be what you are looking for.

Anyway I would not suggest doing this. Personally I would buy dedicated network gear, setup VLANs to separate traffic and Firewall rules to control the traffic. What would you do in your case if you have an IoT device that actually needs internet to work like an Amazom Echo dot, would you then also use the Pi as firewall that determines which devices from the accesspoint are allowed to have internet access? Don’t know if this would not be too much for the Pi

1 Like

Yes, that looks very much like what I’m looking for. Thank you.

I’ll use the regular wifi for such devices.

I think it makes sense that smart wifi devices that are only controlled by HA to also communicate directly with HA. I would like to restrict devices from phoning home as well. I could do that with firewall rules in the main router, but making these devices independent from the main router also isolates them from any troubles that might affect it.