tl;dr should I consolidate IoT devices to a single subnet and put them in a vlan?
My opnsense 21.7 home router has 4 nics. I have
- PoE cameras on an "outdoor" subnet, over time this has grown to include wifi IoT devices like garage door controller
- multiple IoT devices connecting to another subnet both wifi and wired. Most of the family's personal devices also share this second network
- a 3rd subnet has several servers and then there is WAN
Keeping the outdoor net separate seemed like a good idea at the time but I would like to manage rules for all IoT devices as a group so I am thinking of consolidating them into one physical network and having a vlan reserved for IoT devices. I can then restrict access from the IoT vlan to the internet for example and I can logically separate IoT from personal devices.
From a bandwidth perspective I don't think consolidating the devices on one NIC is going to be a problem. I will have to make a couple of minor hardware hacks to the house wiring. I have managed switches so for dumb IoT devices I can force them onto vlans.
Does this make sense? Any tips would be appreciated.
Yo can define a VLAN for each kind of device, so you have a VLAN for cameras separated from the IoT one.
You may do it this way for two reasons:
1 - You can easily define firewall rules for each VLAN so no VLAN can see the others
2 - You can access a group of devices o services using an appropiate gateway
In case of IoT devices, you may use Openhab, Home Assistant or Domoticz to access the devices.
In case of the cameras, you can use Shinobi, Motioneye or Zoneminder to access them and avoid using the cloud of the camera manufacturer.
This way, none of the cameras nor IoT devices can access the Internet and you still have access to them through the gateway.