I’m moving house next week and so it is a perfect opportunity to restart my Home Assistant setup. But with regards to local network, I’d like some advice.
Currently I have a ISP router, without WIFI. This is wired to another router, which I do have WIFI. all my IoT devices are now connected to the Pi4 and/or WIFI router. Does this setup increase security or not make a difference?
When the WIFI drops, not that is does much, then nothing works.
Should I create a separate network, which is local and not connected to WIFI? I’ve searched online for this and can not find a proper answer, as such.
How do people create a local network, not connected to the outside world or is this not needed.
A lot of my stuff uses ESPhome. Which I put WIFI credentials in
So many questions. Hopefully this makes sense.
Yes creating a separate network for your IoT gear can increase security… IF done correctly. It requires network equipment that can handle routing between multiple subnets and possibly a feature called Vlans to create isolation between networks.
As an aside this is an advanced configuration and you need to understand it thoroughly before you start because besides the obvious you are intentionally making a configuration that makes it difficult to see things on the network and you need to know how to not lock yourself out… A poorly configured ‘secure’ network is often worse than a well configured basic one.
So yes moving creates a good opportunity to upgrade and create a more secure configuration. But from that we can’t tell if your gear supports doing so or what you would need instead.
So what model ISP router what model WiFi router, etc etc. What country. (matters for availability of equipment)
Right, that all makes sense. So some sort of switch to handle Vlan.
I’ll read into that more before I purchase anything.
Currently I have a BT isp router with with a AmpliFi HD router. Living in the UK.
You need to have a router that can handle VLANs, so you separate the VLAN and define rules for moving data between them.
You might want to get VLAN switches too and if you want WiFi on more than one of those VLANs then you need a VLAN AP too.
VLAN gear is more expensive just so you know it and if the gear is VLAN passthrough, then it just allow VLAN data to be moved, but there are no management. VLAN aware gear can be another word sometimes used for VLAN passthrough.
I personally use an EdgeRouter-4 for router, Cisco SG350/SG300 and EdgeSwitch 10X for switching and Cisco Aironet 2702 for AP.
