Jump to content
RESET Forums (homeservershow.com)
Jason

IoT WiFi VLAN and Ubiquiti

Recommended Posts

pcdoc
2 hours ago, Jason said:

 


No worries. That helps. So your actual system has a single WAN and LAN ports (physical), but each VLAN is bound to that same physical LAN port, correct?

 

 

Close.  I have one WAN port, 2 physical LAN ports (original family separation), and 2 VLAN ports (One guest and one IOT).  I included a diagram from my site to better illustrate my config.

 

https://thedocsworld.net/home-network/

 

Share this post


Link to post
Share on other sites
Jason
 
Close.  I have one WAN port, 2 physical LAN ports (original family separation), and 2 VLAN ports (One guest and one IOT).  I included a diagram from my site to better illustrate my config.
 
https://thedocsworld.net/home-network/
 


Thanks for continued clarity. I currently have 4
NICs in my Untangle box. Currently, 1 used for WAN, 1 for LAN.

Have one VLAN ID 100 setup and bound to this LAN NIC now for a group of wired IP cameras.

Would I activate one of the other 2 unused NICs to be LAN2, then bind new VLAN-x (SSID IoT) and VLAN-y (SSID Guest) to that LAN2 to be used with the Ubiquiti AC Pro wireless network?

Share this post


Link to post
Share on other sites
pcdoc
8 minutes ago, Jason said:

 


Thanks for continued clarity. I currently have 4
NICs in my Untangle box. Currently, 1 used for WAN, 1 for LAN.

Have one VLAN ID 100 setup and bound to this LAN NIC now for a group of wired IP cameras.

Would I activate one of the other 2 unused NICs to be LAN2, then bind new VLAN-x (SSID IoT) and VLAN-y (SSID Guest) to that LAN2 to be used with the Ubiquiti AC Pro wireless network?

 

 

No, you do not have to.  You can bind the other VLAN's to the same LAN.  You are on the right track.  I only use two NICs because years ago when I wired my house I wanted absolute physical separations.  That was a time when I did not use VLANs.  Doing what you are doing is fine.  Just remember to use different IP ranges for each VLAN. 

 

  • Like 1

Share this post


Link to post
Share on other sites
Jason

Thanks! The small Dlink POE switch for my current IP camera VLAN is at capacity. I might just see if I can move it over to my Ubiquiti POE switch, consolidating both my wired IP cams and Ubiquiti APs all into same physical POE switch for purpose of easier management. Freeing up a smaller 8 port POE switch for later on if needed.

Though not sure whether you’ve ever used a Ubiquiti switch, but their admin UI is a bit peculiar with regards to VLAN tagging/mgmt.

Share this post


Link to post
Share on other sites
Jason

Thanks pcdoc! Seem to have gotten my VLANs setup and working with isolation between IoT, Guest and my IPCams.

Have moved the obvious WiFi IoT items over to their VLAN...smartTVs, Echo, Nintendo switch, smart locks, thermostats, etc.

But there are some wired devices that aren’t as easily moved off my LAN, like TiVos, audio receivers w AirPlay, Xbox and PS4s. They’re wired back to a unmanaged switch. I’m trying to avoid daisy chaining switches together if at all possible.

Have you run across any devices you’ve simply left on your LAN?

Share this post


Link to post
Share on other sites
pcdoc
1 hour ago, Jason said:

Thanks pcdoc! Seem to have gotten my VLANs setup and working with isolation between IoT, Guest and my IPCams.

Have moved the obvious WiFi IoT items over to their VLAN...smartTVs, Echo, Nintendo switch, smart locks, thermostats, etc.

But there are some wired devices that aren’t as easily moved off my LAN, like TiVos, audio receivers w AirPlay, Xbox and PS4s. They’re wired back to a unmanaged switch. I’m trying to avoid daisy chaining switches together if at all possible.

Have you run across any devices you’ve simply left on your LAN?

 

 

Congratulations on your setup.  You are right and you will have to pop for one or two small managed switches such as the ones I listed above for the hard wire connections.  They are not horribly expensive and they will allow you to have a  very flexible and configurable configuration.  For example, a wired camera or cable box to one VLAN, and your media server or NAS to your main network.  As for daisy-chaining switches,  as long as you do not get carried away, it should not be a huge problem.  On paper, it adds a bit of latency, but in practice as long as you are using decent switches and that node is not saturated, you will not be able to measure any difference in performance.  I limit myself to two hops but have tested more than three and could not measure any difference.  I would opt for security over a theoretical latency.  Good luck and post what you end up with.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Project Fi now accepts iPhone!

Sign up with any phone now.



×