VLANs - Ecobee, Abode

Hi all - I'm about to set up a segmented home network using VLANs, to improve security. Will move iot devices to an isolated VLAN, among other things.
I'm trying to determine where to put Hubitat and devices it talks to - primarily Ecobee and Abode security system. I believe Hubitat needs to be on the same VLAN as my computers that talk to it.
I'm pretty sure the communication with Ecobee is via Cloud, so isolating Hubitat from Ecobee is probably okay, but I'm less sure about Abode, using the Abode app available here that a user created. (Endorphin_Junkie). My understanding is he may not be on the forum anymore.

Does anyone have any thoughts about this topic - in particular or in general? Do others keep Hubitat with IOT devices or with computers? And what about devices it talks to?

Thanks!

Not if you selectively route between VLANs.

AFAIK, both the integrations are cloud (Abode/ecobee), so they don't need to be in the same VLAN as the HE.

Finally, @endorphin_junkie is still here. He last posted on January 9th.

Thanks for the information !

I have my IoT devices on one VLAN, personal devices (PC/laptops, phones, tablets, NAS, etc.) on the other. My personal VLAN is on one SSID, IoT VLAN on another. I can initiate connections to the IoT VLAN from the "personal" VLAN, but the IoT VLAN devices are not allowed to establish new connections to the personal VLAN on their own. So I can talk to all my IoT devices from the personal VLAN, but if I join the IoT VLAN I cannot inititate access to any devices on the personal VLAN.

2 Likes

Thanks - so do you put the hubitat on the IOT VLAN or the personal VLAN? I'm leaning towards it being on personal since I keep it local.

All my hubs, Hubitat, ST, Lutron, Hue hub, and any IoT devices that require a network connection (e.g., Ring cameras) are all on the IoT VLAN. No reason/need to have any hub on the personal VLAN, I can access/program/use them from the personal VLAN, and they have access to the internet and other IoT devices on the IoT VLAN, but can't mess with my personal devices.

i'm doing it the same way as @danabw. Definitely check the documentation for your router to manage interVLAN routing. if i initiate from my core network, it can access my IoT network, and as long as that's established, there's no issues. my IoT network cannot initiate a connection to my core network though. this way it keeps all the chatter isolated to the IoT network, but i can still access it if needed without having to make any changes

1 Like