Hubitat/Raspberry Pis - Main Network or IoT?

The Ubiquiti thread inspired my question.

About 6 weeks ago, I bought an EdgeRouter X and a couple of Unifi switches and set up 2 separate LANs (Main-192.168.1.0/24 & IoT-192.168.68.0/24). I was able to setup rules successfully in the EdgeRouter to separate the two. I currently have all 3 HE hubs, 3 Raspberry Pis & Lutron Pro Bridge along with Rokus, AppleTVs, etc. on the IoT hub. The RPIs are running Home Assistant, Pi-Hole, Node Red, etc. On my Main network, I only have 2 laptops, a desktop, an RPI running AlarmDecoder and our cell phones with the Unifi Controller & UISP running on the desktop. I also have 2 Deco M5s connected to Main in AP mode and 2 others connected to IoT. The Decos on Main are dual band but the Decos on IoT network are only broadcasting 2.4Ghz because some of my IoT devices don't like dual band. I was using the Deco system as a Router/Wifi mesh prior to purchasing the Unifi equipment.

So finally my question, what are the pros/cons to moving the HE hubs or RPIs to Main Network? It's working great now with the rules I have setup.

If & when I decide to purchase a Unifi AP, I will switch to using VLANs so that I don't have to have an AP for each subnet.

The only pro I can think of is that you could access HE from your computers. Con of course is that HE and your RPIs can access your main network. To me that's a big con. I don't want devices having access to my computers or NAS.

I have all of my iot stuff and our phones on a separate VLAN and AP, except for HE and Node-Red (running in Docker on my NAS) which are running on my main network, which only has a few computers and my NAS. I'm always fiddling with HE and Node-Red and want to have access from my computer without switching the ethernet cable between ports.

I'm really not happy with this arrangement, but I haven't figured out how to put HE on the IOT VLAN and still access it from my computer. I'm sure there's a way to do it, but I'm a programmer, not an IT guy and firewall rules and IP routing makes my eyes bleed.

If it's working for you, I would leave it. HE and your RPIs may be safe, but why take the chance?

Honestly, I have a similar setup, but other than perhaps my Ubiquiti Cameras riding on a separate Lan from my main network, I really don't see any particular advantage to moving all my IOT gear to another Lan.

Just seems added complexity to me, for no real benefit. I've been running my 3 APnetwork with 4 active media streamers, 5 ubiquiti cams, 3 hubitat hubs, a Hue hub, and a boatload of other network devices, including a Mediaserver, with no issue on my lan or Wi-Fi.

Ymmv.
S

i have a similar setup (full unifi environment) with all my computers on a core network, and all my automation stuff (HE, HA, etc) on an IoT network. using InterVLAN routing i was able to block access from my IoT to core, but allow access from my core to IoT (established/related connections), and it works flawlessly

i can access my IoT stuff with no issues, but my IoT stuff can't access my core unless i put in a firewall rule

with all the info being passed around the IoT network, don't clog up your core network with it. leave it as is..."if it ain't broke, don't fix it"

1 Like

Check out "The Hookup"-s last three videos on YouTube, he explains these VLAN setups and their advantages and disadvantages in an easy to understand way.

I went all in on Unifi in the past few weeks, but I still have yet to go down the mutli-VLAN rabbit hole.

just be careful how you set them up. if you use all corporate VLANs, they can communicate by default. you have to set up firewall rules to block them

https://help.ui.com/hc/en-us/articles/115010254227-UniFi-USG-Firewall-How-to-Disable-InterVLAN-Routing

He and then Crosstalk Solutions guy have been my 2 best friends lately

1 Like

both great channels!!