Bonjour uses multicast packets. Don't block these between segments of your LAN.
Thank you for all the assistance and suggestions so far!
Some progress made, but still not working...
Placed the hub and phone on an isolated VLAN which uses a /24 net mask. Set the hub back to DHCP. I was finally able to get the phone to pair with the QR code. I was able to see the devices, but they were all in a not responding state. Powering down the Apple TV (which is on the primary LAN) and restarting the Homekit app on the hub, I was finally able to control devices from the Home app on my phone. Unfortunately, my understanding is that without the ATV, I will have no access outside the house. I also want to keep the phone on my primary LAN.
Plugging in the ATV forces all the devices back to a "not responding" state.
I tried leaving the hub on the isolated VLAN and moving the phone back to the primary LAN. Same results with the not responding. (I did have multicast enabled on both the primary LAN and VLAN, along with firewall rules to allow traffic between the hub and the ATV, and a 2nd rule to allow Multicast traffic to traverse the VLANS). Unfortunately still no dice.
With the exception of leaving the hub Homekit paired with Apple home, I reset my config back where I started. mDNS is still enabled as well. I did disable the firewall rules as everything is back on the same segment.
At this point, there may be multiple issues at play:
- Does the hub properly handle a DHCP issued address on a /18 subnet?
- With the network moved (from VLAN --> LAN) is the QR pairing still valid or should I delete?
- Is the ATV somehow interfering with this setup?
See @gopher.ny's response above. It does. But it has to be configured manually.
Keep your AppleTV (or other Apple Home hub) on the same LAN segment as your Hubitat hub. Or, run a multicast reflector so that you can "reflect"(route) multicast packets across your VLANs.
I just don't understand why people feel the need to make such a complicated home network. I have a degree in networking so I somewhat know what I am doing. I have a plain old consumer grade router configured like a normal sane person would. I have one separate VLAN that was created by the guest network setup on the router. I have one other "guest" network that is not segregated and just used to join IoT devices to a dedicated 2.4Ghz SSID (the main SSID is shared 5/2.4). They still join into the main LAN segment with all my other devices.
Do people have more than 240 devices where a single normal /24 wont work?
6 Likes
As a network engineer I agree with you. They make it unnecessarily complicated I mean if someone gets past the nay, a vlan isn't going to stop them...
3 Likes
Yeah I originally was going to segregate my IoT stuff using the separate guest network but then it was like, wait what if I want to Cast to my TV, or some app wants to direct connect to the device via LAN, or a bunch of other situations so at that point I just turned off the segregation. If someone really wants to get into my LAN and hack in through my Nest Thermostat, Samsung Fridge or Robot Vac, go for it. Not going to find much anyway.
All the consumer equipment is designed to function on a normal consumer type of network. If you put a business class network in your home then you are on your own for getting it to work.
5 Likes
I’m with you 100% on this. I’m not a network engineer, but I’ve setup a lot of mid-sized academic networks all the way back to 10base2 days.
I do have a separate guest network, but that’s about all the segmentation I have now.
2 Likes
Thank you all for your assistance.
I know some of you may have felt my network setup was overkill, but I am at over 200+ devices hence the /18. I also was intending to segregate IOT devices (which I concur with jtp10181, good in theory but did not work as planned) and have my cameras on a special VLAN that is heavily restricted - both for security & privacy. That and of course the guest network.
I have given up on the Hubitat app for now. Instead, I installed a Homebridge server and using the tonesto7 plugin. I am able to achieve about 95% of the functionality I desire. In addition, the off network functionality using the ATV is working as desired as well. All of this is working properly on the /18 segment without needing any tweaks.
In summary, I am not sure exactly of the root cause to my issue, but hopeful that a future Hubitat release will enable direct a Homekit integration.
1 Like
FWIW I don't think you get any more functionality than that with the built in integration. I have had Homebridge setup since before the system HK came out and am still using it.
2 Likes
Yeah, I have a guest wifi network for guests.... Rest of the stuff is on a flat network. It's not like I'm at one of my clients and we have to segregate groups from getting in where they don't belong and what not. Like I said, if someone gets through your nat, they're getting through your vlans too.
1 Like
SO my habitat does not show up. The home bridge V2 does, but not the native app under HAP. Is this a conflict?
No, you should be able to run both. Do you have the HE hub segregated on a different VLAN or behind other equipment that may not be forwarding multicast?
So I'm perplexed. Ive been dealing with this issue for almost a year. I have no idea what to do. I would prefer not to have to rely on the Homebridge option. What could be the issue? As you can see, the hubitat Homebridge server shows up (This is a Mac mini running homebridge). But I cannot see the actual native habitat homekit integration app show up. The ONLY network config I have is I have the MAC address of the habitat assigned to an ip address from the DHCP server (The hubitat is set to DHCP)
So, i’ve found the issue is definitely something with my HE Configuration. If I “soft reset” the HE, I can then successfully create a virtual device, install the homekit integration and connect it to homekit. This is ONLY if i do not restore from a backup.
However, when I then “soft reset” and restore my cloud backup, it then fails to connect again.
perhaps @gopher.ny can take a look at my cloud backup and identify the issue in the backup? Perhaps if there were a way to restore just the radios and select apps? That may help “ferret out” the issue?
Of note, I see that when I started from scratch, with the Homekit integration working with just a virtual device, there’s an option to unpair 4 controllers. This is odd, as I only connected it the once to homekit. Why does it say 4 controllers? This is repeatable. Each time I soft reset the HE and then use a clean startup, It always pairs to 4 controllers, not 1 controller.
Is this in the apple home kit app? You sure it’s not something to do with the multiple home bridge setups I see in your hap discover?
The Homebridge server connects to other bridges (Not Hubitat). It only has a single connection to Hubitat, that’s via the Homebridge App by Tonesto7, not the native Hubitat bridge app (Homekit Integration).
I asked where you are seeing that message, if it was in HK or in HE, you did not really give much details. I know how Homebridge works, I use it myself. Screen shots would be useful because myself and others probably have no idea what "unpair 4 controllers" message you are talking about.
The issue with it mysteriously working after a soft reset has happened before, @lcw731 I think ran into this as well.
Is this what you are seeing but instead of 2 yours says 4?
@gopher.ny What does this number mean exactly?
That is correct, I see the option to unpair 4 controllers in the Hubitat Elevation Built in Homekit Integration app, I see 4 instead of 2. I would assume this should be 1? Based on your threads above, this indicates the HE database i’m restoring from has some error. I would really like to work with @gopher.ny and hopefully pin down the issue so it can be resolved for everyone.
Of note, I do notice that the QR code does NOT reset if you do any of the reset options UNTIL you reboot. Is this normal?
Yeah I have no idea that number is telling us, will have to see if the dev can comment on it.
FIXED!!!! Found the issue!
My hub is named “H.A.L 9000”
the periods are the issue, spaces do not seem to cause an issue. @gopher.ny perhaps you can make a patch to strip whatever illegal characters may exist in the hub name within the Homekit integration, or perhaps just allow the user to use a different name as the community homebridge v2 app does, and give the illegal character warning there?
4 Likes
