Point-to-Point setup working with IOT (new commer)

[John G.]

Hello John G.Here

 I have a problem that and need BIG help with. I am using
Home Assistant IOT's (Inter net of Things) and trying to get a
Presence sensor from (Aqara FP2)wifi working.

Here is my problems Main network 192.168.6.1/24
                    WiFi network 192.158.20.1/24

Home assistant running 192.168.6.44 is not seeing
                   FP2@192.168.20.197 even though I see it's Mac & IP on the 192.168.20  List

so I was thing that I could use Point-to-Point to get Home Assistant to see the FP2 on it's WiFi network.

Now question I think that will work. Don't know as also think the FP2 is or must be looking for Home Assistants and then Announces it self. ( or Vice-Versa ) Not sure! I read Old Message on the Web that said someone link the 2 together and got it working.

Would it be better just firewall rule or Point-to-Point or something I haven't though of yet

Any help here would be great as i am new to this and could & do really need a hand here.

Thanks John G.

[meyergru]

Mostly, there are two types of problems with separate VLANs:

1. You lack the rules to allow traffic between the VLANs. Separate VLANs should be used to keep unsafe devices in their own realm, so it is unwise to just allow "all traffic" apart from testing if this is the problem. So, you need specific rules if you want to have such traffic.

2. Devices on another VLAN cannot be auto-detected if mechanisms like broadcasts are used, because the broadcasts do not follow routing rules and can only be seen within their own broadcast domain (i.e. VLAN). There are "repeaters" available for different types of broadcast traffic, namely os-udpbroadcastrelay and os-mdns-repeater to help with that.

That being said, the way I do it is just the other way around: I put all of the IoT devices and the HomeAssistant machine on the same IoT VLAN. Then, I create a rule to be able to access HomeAssistant from my LAN - matter-of-fact, I allow all traffic from LAN to IoT VLAN, but not the other way around.

[John G.]

Thanks ... Hummmm...I will have to think about that one a lot to move, But I very good point.
Sounds like a plan

the question I have a 4 Port network card
#1 for WAN
#2 Lan
#3 WiFi
#4 File Server

Can a Vlan cover all the LAN and WiFi? In other words (that I can under stand) Can I leave them where they are at and Logically move the to the VLan ? Going to Play with this to night and see.
 Never Did VLans.

Thanks Again ... It's a Very Big Help
John G.

[meyergru]

Of course a VLAN can "cover Lan and Wifi", but:

1. VLANs can take only part of a physical device (if your switch can manage that), so you need less ports on your router. What you seem to describe is a setup where ports 2,3,4 form a bridge, which is not the way to go.

2. While you can put Wifi and Lan into the same network, I have found that actually, most of my Wifi devices are in fact IoT - that includes SmartPhones, whom I trust no more than any other cloud device.

Read a bit about VLANs and you will find that they can separate your physical network structure from the logical one. Thus, you often ports as trunks (on access points, routers and switches), who carry all of your VLANs (which are LAN, IoT, etc) and your access points actually have multiple VLANs, too (as spearate SSIDs). Thus, there will be a 1:1 on ethernet and Wifi VLANS/SSIDs. That way, you can have IoT Wifi clients, too.

All of this is possible with manageable switches and multi-VLAN APs, like the ones from Ubiquiti.