Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
managing IoT devices over multiple subnets
« previous
next »
Print
Pages: [
1
]
Author
Topic: managing IoT devices over multiple subnets (Read 1360 times)
sorro
Newbie
Posts: 6
Karma: 0
managing IoT devices over multiple subnets
«
on:
September 27, 2021, 02:00:43 pm »
tl;dr should I consolidate IoT devices to a single subnet and put them in a vlan?
My opnsense 21.7 home router has 4 nics. I have
PoE cameras on an "outdoor" subnet, over time this has grown to include wifi IoT devices like garage door controller
multiple IoT devices connecting to another subnet both wifi and wired. Most of the family's personal devices also share this second network
a 3rd subnet has several servers and then there is WAN
Keeping the outdoor net separate seemed like a good idea at the time but I would like to manage rules for all IoT devices as a group so I am thinking of consolidating them into one physical network and having a vlan reserved for IoT devices. I can then restrict access from the IoT vlan to the internet for example and I can logically separate IoT from personal devices.
From a bandwidth perspective I don't think consolidating the devices on one NIC is going to be a problem. I will have to make a couple of minor hardware hacks to the house wiring. I have managed switches so for dumb IoT devices I can force them onto vlans.
Does this make sense? Any tips would be appreciated.
Logged
muchacha_grande
Full Member
Posts: 219
Karma: 19
Re: managing IoT devices over multiple subnets
«
Reply #1 on:
September 27, 2021, 05:33:48 pm »
Yo can define a VLAN for each kind of device, so you have a VLAN for cameras separated from the IoT one.
You may do it this way for two reasons:
1 - You can easily define firewall rules for each VLAN so no VLAN can see the others
2 - You can access a group of devices o services using an appropiate gateway
In case of IoT devices, you may use Openhab, Home Assistant or Domoticz to access the devices.
In case of the cameras, you can use Shinobi, Motioneye or Zoneminder to access them and avoid using the cloud of the camera manufacturer.
This way, none of the cameras nor IoT devices can access the Internet and you still have access to them through the gateway.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
managing IoT devices over multiple subnets