VLANs and HomeKit Devices
VLANs and HomeKit Devices
Hi Guys,
I've been running TPLink Omada system for over a year now and has been troublesome with various homekit devices so I've tried to isolate these devices via VLANs and etc.
Can someone assist on the best VLAN configuration and ACLs to isolate IoT network?
I've got the following VLANs
1 - 192.168.0.1/24 - Management (Default)
10 - 192.168.10.1/24 - LAN (Main)
20 - 192.168.20.1/24 - IoT
30 - 192.168.30.1/24 - Kids
40 - 192.168.40.1/24 - Guest
Currently all VLANs can talk to each other as no ACL has been set. Also I've read up about when using VLANs need to use mDNS service??
Currently my most troublesome homekit device is a Meross Smart Garage Door which reports offline and needs Omada system, Device to be restarted and some occasions need to factory reset Device (Garage Door opener).
Looking for IoT Devices to be isolated but have access to the internet.
Thanks
Shane
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Are you using a router+switch or just a router?
What firmware are you running on your router?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi Shane, you probably have a few things going on, so we'll need to break it down.
For starters, this is a great FAQ on how to set up the VLAN/ACLs. Click on each of the steps to expand it for detailed instructions. It's the same basic problem, just pretend that say the PE is say your IOT subnet, and all the other subnets are like the RND in the example. You need a combination of router+managed switch for this and you have the pieces. I run a similar setup and it works just fine.
For the misbehaving Garage Door, it sounds to me like one side or the other of the DHCP process between router and door is falling down. Can I ask that you change the DHCP lease time to be 10min on at least the subnet that the Garage Door unit is on...this should fix any ARP timeouts that may be occurring. The other issue is if somehow the garage door goes to 'sleep', so if you can set up some kind of 'ping it every minute or 10' type process/script that should help to keep the door network subsystem alive.
- Copy Link
- Report Inappropriate Content
Thanks for the info. Sorry what FAQ link are you referring to? Good Advice about DHCP and Garage Door.
Shane
- Copy Link
- Report Inappropriate Content
Here's the FAQ...forgot to add it. https://www.tp-link.com/us/support/faq/3091/
One other question...do you have any ports forwarded to the Garage Door from your WAN side?
Also, if your DHCP lease time is 10min...you probably don't need the crontab type noise generator...DHCP will do that all by itself (don't feel too bad, 4 small packets every 10min is nothing)
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Also confirmed IoT DHCP has lease time at 120 minutes (the default). Should I change it to 10 minutes instead?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thank you for reaching out. It's great that you're looking to configure VLANs to isolate your IoT network and resolve the issues you've been experiencing with your homekit devices.
To set up the best VLAN configuration and ACLs for isolating your IoT network, here are a few steps you can consider:
- Assign VLAN 20 (192.168.20.1/24) specifically for your IoT devices.
- Configure ACLs (Access Control Lists) to restrict communication between VLANs. By default, VLANs can communicate with each other, so you'll need to define rules to limit access. Ensure that IoT devices can still access the internet while being isolated from other VLANs.
- Regarding mDNS (Multicast Domain Name System), it's a service that enables device discovery on a local network. Enabling mDNS can help with the discovery and communication of your homekit devices within the VLAN. You may need to configure the mDNS settings in your Omada system accordingly.
Regarding your troublesome Meross Smart Garage Door, ensure that it is connected to the correct VLAN (VLAN 20) for IoT devices. If the issue persists, try restarting both the Omada system and the garage door opener. Factory resetting the device as a last resort may help as well.
Remember to test and verify the functionality of your IoT devices after configuring the VLANs and ACLs.
I hope these suggestions help in isolating your IoT network and resolving the connectivity issues with your homekit devices. Let me know if you need further assistance.
Best regards,
- Copy Link
- Report Inappropriate Content
Classic ChatGPT style response, are you human? ;)
weishen412 wrote
Thank you for reaching out. It's great that you're looking to configure VLANs to isolate your IoT network and resolve the issues you've been experiencing with your homekit devices.
To set up the best VLAN configuration and ACLs for isolating your IoT network, here are a few steps you can consider:
- Assign VLAN 20 (192.168.20.1/24) specifically for your IoT devices.
- Configure ACLs (Access Control Lists) to restrict communication between VLANs. By default, VLANs can communicate with each other, so you'll need to define rules to limit access. Ensure that IoT devices can still access the internet while being isolated from other VLANs.
- Regarding mDNS (Multicast Domain Name System), it's a service that enables device discovery on a local network. Enabling mDNS can help with the discovery and communication of your homekit devices within the VLAN. You may need to configure the mDNS settings in your Omada system accordingly.
Regarding your troublesome Meross Smart Garage Door, ensure that it is connected to the correct VLAN (VLAN 20) for IoT devices. If the issue persists, try restarting both the Omada system and the garage door opener. Factory resetting the device as a last resort may help as well.
Remember to test and verify the functionality of your IoT devices after configuring the VLANs and ACLs.
I hope these suggestions help in isolating your IoT network and resolving the connectivity issues with your homekit devices. Let me know if you need further assistance.
Best regards,
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2886
Replies: 17
Voters 0
No one has voted for it yet.