I'm thinking of getting a managed switch (VLAN) to separate devices. ; Like one for cameras, one for Hubitat and Yolink etc. I'm wondering if this will affect say, Alexa working with Hubitat?
Any ideas or comments would be appreciated 
1 Like
My comment is, Why?
I did create a separate guest Wifi for IoT devices but it mainly just gives them a dedicated 2.4Ghz SSID instead of my normal 2.4/5GHz SSID. I turned OFF the LAN isolation because it just causes too many headaches. So they are really not separated at all.
Will it effect Alexa - No. Hubitat <> Alexa is cloud based so as long as both can reach the internet they can talk to each other. If you have any actual local LAN integrations then it will probably cause problems with them, may have workarounds or config changes to allow them to work.
3 Likes
A guest network, I didn't even think of that.
Thanks
No, unless your firewall rules block your Hubitat from cloud access.
If you go down this route, place all devices accessed by your Hubitat in the same VLAN as the Hubitat.
I'm not sure how to do that. I thought you you just assign one of the switch ports to the hub. This way it isolates the hub (habitat) from other network traffic.
It's a bit more complex than that. What router do you have?
2 Likes
Tenda ax3000
Assuming this is the right manual, then it doesn't support user defined VLANs so you would need to replace it.
1 Like
Not unless it's a layer 3 switch that can handle routing between the VLANs. Your router does not have that ability that's configurable (at least from reviewing the user manual).
2 Likes
VLANs are a bit complicated, when one steps back and thinks about it. For example, for devices on each VLAN to receive DHCP assigned TCP/IP addresses, the Router's DHCP server must be aware of the VLANs, and properly assign addresses specific to each VLAN. Then, as @FriedCheese2006 mentioned, something has to 'route' the packets between all of the VLANs based on firewall rules to control the permissions.
I would recommend against creating VLANs on a normal home network. It requires quite a bit of networking know-how, and ongoing maintenance, to make it successful.
While I do understand how to create and configure VLANs, and I have a full Ubiquiti UniFi networking stack available, I have only one main VLAN for the entire house. I do have one additional very small VLAN that is only for a single server that has an SSH port forwarded to it. If that server were to get compromised, the hacker would not have access to anything else on my home network.
But for normal, everyday users, one home LAN is really sufficient. Just do NOT add any port forwarding to your router, make sure kids' computers are locked down tight (& do not make their accounts admins!), etc...
If you need a more complex network, then you'll need to invest in some hardware that is capable of creating and managing multiple VLANs. It would also be a good idea to take some networking training classes.
2 Likes
no it won't. they connect over the cloud, so as long as both have internet access, they can communicate
Thanks for your help. I believe I'll skip this idea, I don't need any more maintenance work.
Was just trying to get things the way they were before my isp changed my equipment. It's almost back to normal. After complaining to my isp (it took 4 calls) they sent out a tech and found a voip filter on the line that was messing things up with the new equipment. Then I replaced the router so things are much better just a little slow at time. And sometimes a device doesn't respond.
2 Likes
to be fair,, it could just be issues with Amazon. even with a stable network, i'll randomly have issues with Alexa devices
Ok, I'm thinking about moving all my devices to a guest network. I have a few questions.
- I change the SSID and password for the Hubitat Hub to guest network, correct?
- Do the same for my CCTV DVR
- Change all Alexa networks to guest network
Now the important part. If it doesn't work out for whatever reason will changing all SSID'S and passwords back to original names still work as before?
If there's an easier way, please let me know..
Thanks 
highly suggest putting IoT devices on their own network to reduce traffic over your broadcast domains. this is how i have mine set up and everything works (granted i knew what i was doing as i have networking background).
create a guest/iot network and move the devices over. if you did need something from your main network to communicate with your hub for any reason, then it's just a firewall rule to allow it.
your method is good in my book though
one thing to look in to, which would be easier to move? if you have like 5 wireless devices but 50 iot devices to move, then maybe just rescope your existing SSID to the guest/iot network, and create a new network for your main devices.
if you do go the route of using the existing SSID but giving it a new network, you want to be careful of static IPs. DHCP reservations can be adjusted in your router, but static is set on the device, so you'll have to go through that process again (reasons why i advise to use DHCP reservations over statics when possible)
edit/update: after going through the entire thread, it doesn't look like you have the infrastructure in place for proper VLANs. if you did want to go the route of separate networks, i would suggest a network infrastructure revamp first, then look into segmenting your networks, then move devices over
Just realize that most true GUEST WiFi networks cannot communicate with anything on the Wired Network. True GUEST WiFi networks are designed to allow guest access to the Internet at your home, while preventing them from access anything else on your home network.
IMHO - this is not worth the effort.
3 Likes
Why?
There really isn't a reason to start isolating things. Face it, if someone can get through your firewall, they're gonna get through a vlan. You aren't a big company that needs to segregate subnets for internal security and wan/vpn management. I'm a network engineer and honestly at home I can't see a reason for it. Again, if someone can get past my firewall, then having a secondary network is gonna be child's play for who ever is doing it. Then once they're in they're gonna start playing music on my homepod's and turning my lights on and off!!!! Honestly the only reason I use my guest network is for guests in my home or at corporate sites. Why introduce complexity when you don't have to?
1 Like
I need the wired network. My hub (C7), CCTV and yolink hub. Guess I wasn't thinking, guest network is wifi.
I just wanted to speed things up. Maybe I'll move my printers, computer and Rokus to 5G guest
How slow are things right now? And if you are bandwidth limited, using a guest network won't change that.
2 Likes
