Hubitat on dedicated VLAN

rob · March 27, 2019, 12:17am

I'll see about adding that to the next version.

jdntx · March 27, 2019, 1:13am

It sure seems that way for me. I've been trying to get the Chromecast integration to discover my devices (a Chromecast and two Home Minis), all of which are on a different VLAN than my Hubitat, with no success. This is even after enabling mDNS and adding firewall rules to allow traffic on port 5353, as is often suggested online. Of course, user error is always a strong possibility...

Navat604 · March 27, 2019, 1:22am

I tried what you did and gave up. Moved my Google home over and it discovered right away. Mind you I am not a strong network kind of guy either.

signal15 · March 27, 2019, 1:37am

Opening port 5353 won't help. Discovery works over the multicast 239.0.0.0 network which is not routable.

jdntx · March 27, 2019, 1:38am

Well, that's good to hear that it worked once you moved it. The TTS capability intrigues me, so I may end up doing the same as you to check it out.

gbrown · March 27, 2019, 1:41am

It's super fun. First automation test for me was getting the google home to suggest to my wife that she give her husband a cuddle every time a particular door sensor was triggered. Much fun.

signal15 · March 27, 2019, 7:00am

Mine would have been a little more offensive.

gbrown · March 27, 2019, 7:02am

Let's just say I santised the message here for public consumption.

corerootedxb · March 27, 2019, 11:31am

This is why I decided to simply create a HA VLAN and put most of my home automation stuff there. I can still block and route to and from that VLAN.

Basically:

192.168.100.x -> VLAN1 (Incoming broadband and mission critical (DNS, DHCP, etc))
192.168.110.x -> VLAN2 (Phone, laptops, and printers)
192.168.1.x -> VLAN3 (HA stuff (hubs, voice assistants, etc))
192.168.2.x -> VLAN4 (Guests)
10.10.1.x -> VLAN5 (Work network)

rob · April 18, 2019, 9:00pm

signal15 · April 19, 2019, 12:20am

Nice! Thanks for this!

ilDylan · November 3, 2019, 5:01pm

Sorry for bumping old thread, just ordered a HE and want talk talk best practice.

I wanted to get advice, and thought this is probably the best place to start. I just ordered an HE and was trying to figure out the best course of action for implementation. I'm thinking the best is to put it on its own VLAN separate of my existing LAN, Guest, and iOT so that I can completely control it and isolate it.

My other thought was to make this a /30 subnet as the only device on it will be the HE. I could also then completely cut off internet except when I want to run updates (if I wanted), all while still allowing mDNS and Firewall rules to allow my private LAN devices to still be able to access it, but no other VLANs would be able to have any traffic to/from it.

I'm currently reading up zigbee vulnerabilities to see if I'm just wearing a very thick tinfoil hat, but my other thought is why not do it if my hardware supports it.

signal15 · November 5, 2019, 10:24pm

I don't think you can do mdns across vlans since it uses the 239.0.0.0/8 address space, which is not routable. Also, many of the 3rd party integrations assume that other devices are on the same local network. I was able to make my Vera work on another VLAN, but it was a pain with the HE.

raidflex · November 6, 2019, 7:43pm

Just put all IOT devices on the same Vlan, this is what I do to separate them from my other devices. There will always be the issue of convenience vs security, just need to find the balance that works for you.

Navat604 · November 6, 2019, 10:05pm

Same here. IOT, Cameras, work on their separate VLAN. The rest on a guest Network.

ilDylan · November 7, 2019, 3:18am

Same.
Main, IoT, Guest

I put it on the main just for convenience and because I wanted to dig in. I have had two nights with minimal sleep to play with the devices, and then today I received my 3rd bulb and had to do some device sorting which led me to find the other two decided on a generic driver as opposed to the one meant for the device. Now all my rules are working flawlessly and I feel like a super nerd again.

Thanks for all the feedback. Love this community.

theisgroup · November 24, 2019, 1:18am

If I have all IoT on a separate vlan including my HE hub. Will I have an issue with the iPhone app locating the hub? Or will I always be using cloud hub?

ilDylan · November 27, 2019, 3:39am

Could always use a browser, as long as the network the iPhone is on has a route to the IoT network. You can test by trying to browse to a different IoT devices local IP if it has a web portal, and or just try PINGing it's IP.

YapFlapper · May 11, 2021, 3:52am

I am pulling out my hair. I recently bought an Orbi Pro WiFi 6 router and two satellites for my home. I have my HE wired to an unmanaged switch. On the same switch are my wired AV stuff including Tablo, Roku Ultra, Yamaha home entertainment system, and Tivo.

The Orbi Pro has three pre-built SSIDs and VLANs for default, "employees", IoT, and guests. Each SSID has an associated VLAN profile that allows for trunk/access, client and/or network isolation.

I have my Wemo Smart Switches. Dimmers, and Plugs along with Harmony Hub and Google Mini Speakers on the IoT SSID with IoT VLAN profile.

I have HE on port 3 (LAN 3) with IoT VLAN profile.

IoT VLAN profile includes network and client isolation turned on. I have tried it with both client isolation turned on or off. No change.

Issue:

Wemo products fail to recover when network is lost and recovered. I have to go around and factory reset each and everyone to get it working again.
I cannot reach HE at all from my phone or laptop which are connected to the SSID IoT network (or any other SSID for that matter).
I cannot reach Roku devices via the Android app either.

The only way I get access to HE was to change the VLAN profile to "default" which has no client or network isolation with trunk.

Does anyone have an idea as to what I am doing wrong?

This is driving me crazy.

YapFlapper