VLANs and HomeKit Devices

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

VLANs and HomeKit Devices

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VLANs and HomeKit Devices
VLANs and HomeKit Devices
2023-04-18 12:27:51
Tags: #VLANs
Model: OC200  
Hardware Version: V1
Firmware Version: 1.21.7

Hi Guys,


I've been running TPLink Omada system for over a year now and has been troublesome with various homekit devices so I've tried to isolate these devices via VLANs and etc.

 

Can someone assist on the best VLAN configuration and ACLs to isolate IoT network?

 

I've got the following VLANs

 

1 - 192.168.0.1/24 - Management (Default)

10 - 192.168.10.1/24 - LAN (Main)

20 - 192.168.20.1/24 - IoT

30 - 192.168.30.1/24 - Kids

40 - 192.168.40.1/24 - Guest

 

Currently all VLANs can talk to each other as no ACL has been set. Also I've read up about when using VLANs need to use mDNS service??

 

Currently my most troublesome homekit device is a Meross Smart Garage Door which reports offline and needs Omada system, Device to be restarted and some occasions need to factory reset Device (Garage Door opener).

 

Looking for IoT Devices to be isolated but have access to the internet.

 

Thanks

 

Shane

  0      
  0      
#1
Options
17 Reply
Re:VLANs and HomeKit Devices
2023-04-18 13:26:44

  @shano81 

 

Are you using a router+switch or just a router? 

What firmware are you running on your router?

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:VLANs and HomeKit Devices
2023-04-18 20:39:45

  @d0ugmac1 

 

Router ER605 v2.0 and Switch TL-SG2008P v3.0

 

Router running firmware 2.1.2

  0  
  0  
#3
Options
Re:VLANs and HomeKit Devices
2023-04-18 23:10:38

  @shano81 

 

Hi Shane, you probably have a few things going on, so we'll need to break it down.

 

For starters, this is a great FAQ on how to set up the VLAN/ACLs.  Click on each of the steps to expand it for detailed instructions.  It's the same basic problem, just pretend that say the PE is say your IOT subnet, and all the other subnets are like the RND in the example.  You need a combination of router+managed switch for this and you have the pieces.  I run a similar setup and it works just fine.

 

For the misbehaving Garage Door, it sounds to me like one side or the other of the DHCP process between router and door is falling down.  Can I ask that you change the DHCP lease time to be 10min on at least the subnet that the Garage Door unit is on...this should fix any ARP timeouts that may be occurring.  The other issue is if somehow the garage door goes to 'sleep', so if you can set up some kind of 'ping it every minute or 10' type process/script that should help to keep the door network subsystem alive.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#4
Options
Re:VLANs and HomeKit Devices
2023-04-18 23:45:20

  @d0ugmac1 

 

Thanks for the info. Sorry what FAQ link are you referring to? Good Advice about DHCP and Garage Door.

 

Shane

  0  
  0  
#5
Options
Re:VLANs and HomeKit Devices
2023-04-18 23:51:39 - last edited 2023-04-18 23:53:22

Here's the FAQ...forgot to add it. https://www.tp-link.com/us/support/faq/3091/

 

One other question...do you have any ports forwarded to the Garage Door from your WAN side?

 

Also, if your DHCP lease time is 10min...you probably don't need the crontab type noise generator...DHCP will do that all by itself (don't feel too bad, 4 small packets every 10min is nothing)

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#6
Options
Re:VLANs and HomeKit Devices
2023-04-19 00:17:20

  @d0ugmac1 

 

No ports forwarded yet.

 

Shane

  0  
  0  
#7
Options
Re:VLANs and HomeKit Devices
2023-04-19 09:59:57

  @d0ugmac1 

 

Also confirmed IoT DHCP has lease time at 120 minutes (the default). Should I change it to 10 minutes instead?

  0  
  0  
#8
Options
Re:VLANs and HomeKit Devices
2023-04-19 13:00:26

  @shano81 

 

Yes, change the leases to 10min.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#9
Options
Re:VLANs and HomeKit Devices
2023-06-04 12:30:54

  @shano81 

Thank you for reaching out. It's great that you're looking to configure VLANs to isolate your IoT network and resolve the issues you've been experiencing with your homekit devices.

To set up the best VLAN configuration and ACLs for isolating your IoT network, here are a few steps you can consider:

  1. Assign VLAN 20 (192.168.20.1/24) specifically for your IoT devices.
  2. Configure ACLs (Access Control Lists) to restrict communication between VLANs. By default, VLANs can communicate with each other, so you'll need to define rules to limit access. Ensure that IoT devices can still access the internet while being isolated from other VLANs.
  3. Regarding mDNS (Multicast Domain Name System), it's a service that enables device discovery on a local network. Enabling mDNS can help with the discovery and communication of your homekit devices within the VLAN. You may need to configure the mDNS settings in your Omada system accordingly.

Regarding your troublesome Meross Smart Garage Door, ensure that it is connected to the correct VLAN (VLAN 20) for IoT devices. If the issue persists, try restarting both the Omada system and the garage door opener. Factory resetting the device as a last resort may help as well.

Remember to test and verify the functionality of your IoT devices after configuring the VLANs and ACLs.

I hope these suggestions help in isolating your IoT network and resolving the connectivity issues with your homekit devices. Let me know if you need further assistance.

Best regards,

  0  
  0  
#10
Options
Re:VLANs and HomeKit Devices
2023-06-05 01:10:24

Classic ChatGPT style response, are you human? ;)

 

weishen412 wrote

  @shano81 

Thank you for reaching out. It's great that you're looking to configure VLANs to isolate your IoT network and resolve the issues you've been experiencing with your homekit devices.

To set up the best VLAN configuration and ACLs for isolating your IoT network, here are a few steps you can consider:

  1. Assign VLAN 20 (192.168.20.1/24) specifically for your IoT devices.
  2. Configure ACLs (Access Control Lists) to restrict communication between VLANs. By default, VLANs can communicate with each other, so you'll need to define rules to limit access. Ensure that IoT devices can still access the internet while being isolated from other VLANs.
  3. Regarding mDNS (Multicast Domain Name System), it's a service that enables device discovery on a local network. Enabling mDNS can help with the discovery and communication of your homekit devices within the VLAN. You may need to configure the mDNS settings in your Omada system accordingly.

Regarding your troublesome Meross Smart Garage Door, ensure that it is connected to the correct VLAN (VLAN 20) for IoT devices. If the issue persists, try restarting both the Omada system and the garage door opener. Factory resetting the device as a last resort may help as well.

Remember to test and verify the functionality of your IoT devices after configuring the VLANs and ACLs.

I hope these suggestions help in isolating your IoT network and resolving the connectivity issues with your homekit devices. Let me know if you need further assistance.

Best regards,

 

<< Paying it forward, one juicy problem at a time... >>
  1  
  1  
#11
Options

Information

Helpful: 0

Views: 2766

Replies: 17

Tags

VLANs
Related Articles