So I know that on paper breaking IoT's apart and putting them on their own firewalled VLAN is the best thing to do. So far I'm having trouble making it into a reality. a Prime example of this is trying to get my Sonos system on the IoT Net. I still have yet to get it to work. and I know I can. my point is that I can't spend hours and hours playing around trying to get each device to work when some ports are published and some are not.
If someone has a simple solution that solves the problem or a list of common IoT devices and the ports and procedures that are needed I would love to hear about it!
After it all works then maybe add the additional thing of traffic isolation, which isn't really necessary but a nice touch nonetheless.
Give us more information about the lay of the lan that way maybe we can help
Right now the system I'm playing with is my own. I have two AP's, 2x SSID's, one USG, and a PoE Switch. I have things like a wifi T-stat, Sonos, iDevice plugs and switches (coming soon) among other devices.
So far I can get the speaker on the network, not really that hard. but when I try to get the broadcasting to work across the VLANs. I can get the app on the phone to see the speaker but it won't connect. says it found the speaker on another wifi network and asks for it to connect. I kind of gave up on it the other day. Any ideas?
I would temporarily kill 1 SSID. Reduce the scenario to minimums.
Get rid of all additional vlans. Just vlan 1 is all you need for basic operation.
It will not be possible for your phone to find the sonos device on another network
under these conditions.
Once that works and you can indeed broadcast to your sonos device
then make a babystep change. One little change at a time.
Throw back up the 2nd SSID. make sure everything still works.
Reboot everything in sight. confirm it all again.
Then add the additional vlan complications back in one step at a time.
That’s how I approach all sophisticated network scenarios. Baby steps.
Wish I had more for ya. Others may be able to help... what is your
ip addressing schema like? Where do you get dhcp service from?
I kind of do exactly that to make sure that the devices work in the first place. start out with both my laptop and the IoT device on the IoT Network. I then move the laptop off the IoT net and check for function.
DHCP is handled by the USG. No static IPs (192.168.*.1/24) I set the * to match the VLAN. so if its VLAN 20 then it's 192.168.20.1/24 and so on for VLAN 10, 30.....
I use open DNS servers by the way... not sure if it matters.... 126.96.36.199
so far even with no firewall in place, I'm having a hard time getting things to function. Because of this, I suspect it's an mDNS or broadcast issue that I don't fully understand. Kind of learning here. I'm going to be setting up a lab network in my office to allow me to test without kicking my wife off the network every time I rest.