I bought four ZigBee smart plugs at 50% discount a week ago.
The end price was that they where on par or cheaper than wifi smart plugs (if also bought locally)
Thatās very nice 
still your Z-devices can not profit from the wifi infrastructure you/one have already in place. Beside isnāt it that they also utilize the same 2.4GHz and therefor are counterproductive (interfering to some extend) with the present wifi? 
Luckily there are a lotās of viable options for all occasions 
And to getting back to @intrex question: Obviously you not have problems running 100 (or more) wifi devices on your (mainly unifi equipment) network 
. Just think about wisely if you really want to invest in hardware you are not allowed to control the firm/software wise 
(alternatives like pre-flashed esphome devices are out there!)
But it will strengthen the ZigBee network instead giving us better range and making end devices more reliable.
I honestly donāt have anything against wifi smart plugs. I have a few two Tuya 
, and one TP-link that is local only.
They work, but I wouldnāt plan on getting 50 wifi smart plugs whatever manufacturer. I would rather go for ZigBee to make sure I donāt load the network, if that is a real issue or not, I donāt know. But I wouldnāt take the chance purchasing that many in one go.
It is not as far I can tell running over 100 esphome nodes with old and cheap consumer grade wifi hardware.
I think you pointed out your affection already couple of times 
A big reason I also didnāt opt-in for Z-Stuff back in the day and went all in for (esp based) wifi devices instead was because it is/was a single-point-of-failure construction with this Z-Stuff. Ones the coordinator or how this thing is called is down the whole networks goes down south and renders all devices dumb. 
For my setup with esphome based devices I can easily distinguish between different actions (for example on a press of a button) to take when HA is available, HA is not available or even WIFI being unavailable. Due to the nature of being open source itās even possible to have direct communication between two esp based devices without extra hardware (using esp-now which is available as custom components for esphome) 
Because that canāt happen to a wifi network?
What do you mean will happen when your router goes down? Will your ESP-Home devices still work?
Didnāt think soā¦
And if a coordinator goes down you can have a backup and get back up in a few minutes.
I understand you are a wifi only person, but you need to understand there are more things in the world.
Itās easy to believe everything is nails if all you have is a hammer.
1 Like
Sure it can, just wrote that in my last post as an example what you (your device) can react on if you own it completely (more than just buying hardware) 
.
My whole āsmartā home is build to be resilient. The idea is that itās not possible for one device (like a coordinator, broker or HA itself) to render all other devices useless. For sure there is a difference between ācomfortā features (that are only integrated over HA) and the ābasicā ones that always need to work no matter HA, wifi or whatever is not available 
Not only they will work (as long there is energy) but they are also āsmartā enough to make the right decisions 
Not quite. I have other technologies spreaded around like BLE, 433, LORA, Nails, Hammers and more
Just for a little perspective
The original question was, can I have 50 wifi devices on my wifi? Answer is yes. But a generic advice is that the wifi box your ISP gives you is usually a peace of junk. Even for a normal non smart home they are junk that requires resetting all the time. There are many better brands still at reasonable prices. And unless you live in a small 2 roomer, it is a good idea to have a couple of access points.
VLAN is a way to create virtual LANs so the same routers and switches can run networks where a vulnerable device cannot access your sensitive devices. It also means that your Home Assistant and your computers cannot access anything in the other VLAN. So you have to spend a year of network education to learn to define routing tables, enable all sorts of special features to enable multicast features to enable discovery. Just search this forum for VLAN and see all the problems people are having. Many of them without a solution. At the end you have a VLAN setup with so many paths between them that the wall is holed like a swiss cheese and any attacker can easily penetrate via the ports that are part of normal operation.
The real solution to secure IOT is to not invite the crap inside your house.
My cameras are all outside. If someone hacks them they are viewing my garden. The cameras are from Ubiquiti and they are constantly getting firmware updates.
My wifi devices are for the most ESP devices. A few run Tasmota or ESPHome. Many with software I wrote myself. Everything is local. Exceptions are my Amazon Echo devices and a Google Chromecast. But I trust these more than random Chinese crap.
I also have 50+ Zigbee devices. I think Zigbee is the right solution for lightbulbs and for any battery powered sensors. And I have a little Zwave but only 6 devices.
I think each tech has its advantages.
The original question was - is 50 devices on Wifi sensible from a performance. Yes. No worries if you have OK wifi equipment from good brands. And it does not have to be pro Cisco equipment.
VLAN - only for Network experts. It is ill advice to tell beginners to try VLAN unless the VLAN is used for a guest network where total isolation is the goal. It is really hard to get boxes on different VLANS to communicate and discover each other, and unless you know what you do and work with Networks daily, you will end up with a load of problems and so many holes punched that security may be even worse.
On DHCP
To have better recilience, nearly all my IOT devices have hard codes IP addresses. It requires some book keeping. I have a text file with the master list. It is not that hard. Some devices cannot be hardcoded, then I reserve the IP on the router. Amazon Eco boxes as an example. And maybe 10 devices just run DHCP.
It means that if my router goes sour I can still have HA talk to my wifi plugs. If an access point dies, the house runs on the 3 others. If my router dies I can put a new, and most will just work because the IPs are static. Only severe single point of failure is the Conbee Zigbee dongle. If that goes, then I have a spare Sonoff dongle but it would take hours to repair every thing. I cannot change that. Long term Matter should help on that.
text file ā¦ seriously are you joking ?, i have an .xlsx-file with 5 -flips ( for details informations) ā¦ 
Itās ok that you donāt have networking knowledge but this is just fundamentally wrong.
To have better recilience, nearly all my IOT devices have hard codes IP addresses. It requires some book keeping. I have a text file with the master list. It is not that hard.
DNS is another network fundamental you should read up on.
VLAN - only for Network experts. It is ill advice to tell beginners to try VLAN unless the VLAN is used for a guest network where total isolation is the goal. It is really hard to get boxes on different VLANS to communicate and discover each other, and unless you know what you do and work with Networks daily, you will end up with a load of problems and so many holes punched that security may be even worse.
VLAN is not hard. I already sent you a link that explains the setup on your system, you could have it up and running quite fast.
Can you explain how āmany holes punchedā between VLANS would be any worse than having all traffic open on a flat LAN?
1 Like
Now remember that we are trying to help the original poster with advice
He is surely not on Ubiquiti Unifi. Your posted link is Ubiquiti Unifi focused.
I have Ubiquiti access points. But not a Unifi router. I have an Edgerouter and I use two WAN ports and one LAN port and cannot split LANs in physical LANs without doing it a switch capable of VLANs. I do not have managed switches capable of VLAN either so I would need to invest 1000s of kroner just to replace equipment. And I would need to learn to setup all this in each box.
Now let us look further at your link. The bloke ends up with two VLANs that cannot see each other. So no IOT device can be seen on the other VLAN. They all meet and kiss in the cloud. Buh! But there is a link to an additional post where where he addresses IOT VLAN
So he starts by enabling mDNS between the two. That will be āfunā to learn with network components from different manufacturers. Most will follow a recipe and not understand what they are doing. Now they can discover each other and talk via the router. But waitā¦ He also makes a firewall rule for his voice assistant devices so established sessions can cross between the VLANs. But how do they establish the session? Cloud? Yahoo, cloud. But wait. Someone has a Sonos setup and that does not work. So the post was ammended and a new firewall rule was added poking a new hole for a port. And UPNP was enabled so the boxes can poke more holes.
What the post does not say is that each time you come home with a new toy and want it to work, it is very likely that nothing will work. My wife buys an Anova sous-vide with wifi and an app to go with it. The Anova goes on the IOT VLAN, her phone on the secure VLAN. Nothing will work. Another weekend to spend to find someone with that problem so we can poke another hole. Problems, problems, problems. I could go on.
Search āVLAN IOTā on this forum. More than 50 hits. Most of them problems. Always problems. You have to be a network expert and willing to invest hundreds of hours to make things work. Surely most cloud based stuff works like they do when you are not home. But the typical HA user will not want to depend on cloud. We want direct access and direct access means that either everything is on same VLAN (pointless) or you have to poke holes in the wall between them.
And the thing with small ESP based IOT boxes is that the only services they run are the ones that do the main function. That is also the entry point of potential vulnerabilities.
Fleskefjes. You are a geek. So am I. It is good to be a geek. But it is also important to have empathy and memory of what it was like to be a newbie and how many years it took us to be where we are now.
I looked at VLAN myself but decided that I would not want to invest the time it takes for very little gain. Instead I have chosen to be extremely picky on what I put in my home of IOT devices. No cheap China cameras. Wifi switches get wiped of any Tuya shit and replaced by my own software or open source software I trust like Tasmota and ESPHome.
That is the kind of advice a newbie can follow. Buy 50 switches, but ensure they are ESP based and can be reflashed. Or buy the stuff that is already programmed with local only software like the Athom Tasmota plugs, or Shelly devices. Stay away from Tuya cloud only stuff.
1 Like
VLAN is not a Unifi specific feature. You do not have to be a network expert to set up VLANs, itās quite easy. I have no issue with you not separating your iot-devices, my issue is with your statements that you need a year of training to understand VLANs and that āunless you know what you do and work with Networks daily, you will end up with a load of problems and so many holes punched that security may be even worse.ā - thatās just plain wrong. You cannot have a more unsafe internal network than having it flat with all devices in one subnet. Itās just fine that you donāt want your network as secure as possible, but donāt try to scare away others from hardening theirs.
1 Like
BTW I in the end have ādouble failoverā in mind, so when I find time I would like to do lightswitch to use espNow and when it does not see target to just trigger triac, but dunno how to detect if it can see lightbulb etc. when not using wifi.
The basics like detecting HA connection, triggering triac (for when there is wire connection to the target), using direct espnow communication and wifi to HA at the same time does all work.
BTW I do use BT for sensors and have quite a few leftover zigbee devices, but as my requirements grow I would go only wifi for wired + BT for remote or Lora etc. if it needs long distance - luckily so far I did not need connection that would need to use Lora.
Unfortunately not many guides are for these setup for real world where the real requirement can be maybe summarized that visitors do not even know there is anything āsmartā like ha going on.
AS for HA HA I do have VPN connected HA instance I used before getting HA yellow, but dunno how I can make it replicate and switch as failover.
For wifi connection in my case esphome devices use 2.4, other devices 5G APs for one network, I do not see need for VLANs etc. Until about 200 wifi devices it can be part of the subnet as other stuff at home is.
I do have 10 first addresses not handed by dhcp DHCP, then 10 for VPN and then 40 for DHCP static ips devices and rest is left for DHCP.
You do not need separate VLANs, just as you do not need to use different passwords on all your accounts on different websites. But keeping it simple is rarely the most secure approach.
AS for HA HA I do have VPN connected HA instance I used before getting HA yellow, but dunno how I can make it replicate and switch as failover
Virtualize HA and replicate is a solution.
I missed that post from OP. My bad. I still stand by my stance that VLAN is hard. Not the VLAN itself but setting up the firewall rules that allows the two VLANs to communicate without giving access for an attacker to abuse. That is hard.
You are better off inviting attackers in in the first place by only buying IOT devices that have a good reputation and are maintained with updates if they are in any way cloud based. And I am not at all nervous about my ESP devices that I programmed myself. I am 10000 times more nervous that someone in the household clicks on a bad link in an email or looks at a bad website. If I get attacked with ransomware it will be via a normal computer and not from a D1 mini controlling the fan in my bathroom.
And if you have a very relaxed attitude towards your security that ransomware could spread to your shares, other computers, your backup and so on.
Clicking on a bad link can also expose your device to outsiders.
I donāt have relaxed attitude to security. On the contrary. I just focus my time where it matters. And putting my ESP8266 devices in their own VLAN does not give me any additional peace of mind.
Why donāt you share with the community how you have setup your VLANS, which devices you have on each VLAN. Is your HA on same VLAN as your IOT? Is your super secure NAS on its own VLAN?
Which firewall rules have you setup so HA can discover IOT devices. Do you have any cloud connected devices and if so how do you secure them?
The link you pointed to stops where the VLANs are created but only touches the surfacd on how to enable communication safely between them. If it is so easy you must be able to educate us.
I never specified your ESPs, I said iot devices and especially cameras should be seperated. A good start is segregating local non-cloud devices (devices that do not need internet should not have internet access) cloud devices (if you talk to them through the cloud they donāt need access to your other devices through LAN) and your servers etc. If you really want to educate yourself you can start here, and thereās a ton of other vidoes on the subject too. This is a long proven consept so I donāt quite get why you are grumpy about it. Part 1 | Ultimate Home Network 2021 | WiFi 6 and UniFi Dream Machine Pro - YouTube
I still want to know how YOU put your devices in VLANs and which firewall rules you setup to enable local discovery and local communication. You say it is easy. Tell us.
edit - the link you put says NOTHING about how to setup VLANs and firewall rules. I follow The Hook Up and he makes excellent videos and this is no exception. But it does not address the issue.
See above. Add ports needed.