I have several different VLANs right now. I have one VLAN where my current Vera lives, along with my security system, cameras, etc. My plan is to put the Hubitat in the same VLAN.
My Amazon Echos and Google Homes are in a different VLAN, separated by a firewall. Also, my LIFX bulbs, Ecobees, and some other things are in this other VLAN. Am I going to run into any problems having the Hubitat in this more secure VLAN? I'm worried that some of the features might require zeroconf or other local multicast protocols to discover devices and it could possibly cause some connectivity problems.
Yup. I have all my HA stuff spread across various VLANs here.
Not that I have encountered. The Hubitat hub basically speaks 2 protocols + LAN: Z-Wave and Zigbee. For "LAN" type devices, there is no "discovery" really that I have seen. AFAIK, Sonos is the only one that's a bit "wonky" in terms of discovery. Cloud devices (Ecobee, etc) are all tcp/api based.
My LIFX LAN protocol driver expects to find the LIFX bulbs on the same subnet as the Hubitat. I could maybe modify it to allow you to specify the subnet to scan, but you'd have to open port 56700 (I think that's right) to UDP traffic.
You can use the LIFX Group of Groups driver with this arrangement but it is slower and makes you dependent on an internet connection.
I have the HE on my internal network for now, and I did notice that the Sonos plugin required local scanning. As for lifx, it would be helpful to me to be able to specify a subnet for discovery. I will eventually move the HE from where it is now to the security VLAN. Opening 56700/udp is not a problem.
It sure seems that way for me. I've been trying to get the Chromecast integration to discover my devices (a Chromecast and two Home Minis), all of which are on a different VLAN than my Hubitat, with no success. This is even after enabling mDNS and adding firewall rules to allow traffic on port 5353, as is often suggested online. Of course, user error is always a strong possibility...
It's super fun. First automation test for me was getting the google home to suggest to my wife that she give her husband a cuddle every time a particular door sensor was triggered. Much fun.
Sorry for bumping old thread, just ordered a HE and want talk talk best practice.
I wanted to get advice, and thought this is probably the best place to start. I just ordered an HE and was trying to figure out the best course of action for implementation. I'm thinking the best is to put it on its own VLAN separate of my existing LAN, Guest, and iOT so that I can completely control it and isolate it.
My other thought was to make this a /30 subnet as the only device on it will be the HE. I could also then completely cut off internet except when I want to run updates (if I wanted), all while still allowing mDNS and Firewall rules to allow my private LAN devices to still be able to access it, but no other VLANs would be able to have any traffic to/from it.
I'm currently reading up zigbee vulnerabilities to see if I'm just wearing a very thick tinfoil hat, but my other thought is why not do it if my hardware supports it.
I don't think you can do mdns across vlans since it uses the 239.0.0.0/8 address space, which is not routable. Also, many of the 3rd party integrations assume that other devices are on the same local network. I was able to make my Vera work on another VLAN, but it was a pain with the HE.
Just put all IOT devices on the same Vlan, this is what I do to separate them from my other devices. There will always be the issue of convenience vs security, just need to find the balance that works for you.