UniFi, VLANs, Sonos and igmp-proxy

As an exercise in good network health, I spent some time last month moving all the “Internet of Things” devices in my network onto their own segregated VLAN. I’ve configured things so that by default no traffic can leave the IoT network without my adding explicit rules to permit it. This protects the trusted side of my network from potentially dodgy traffic from the IoT devices with cheap WiFi chips and Chinese hosted servers. (I’m looking at you ThermoGroup.)

Logically, my network ends up looking something like this, with separate networks for the trusted kit, the IoT devices and the guest wireless network.

One wrinkle with this approach is that – by design – each VLAN is its own broadcast domain. That means the devices on my primary trusted VLAN can no longer use multicast to discover devices on the IoT VLAN. The most obvious victim of this was Sonos – none of the controllers could see the Sonos devices once I separated the LANs.  Enter igmpproxy running on my router – the UniFi USG-PRO-4.

Continue reading

When Good SSL Goes Bad

I spent a bit of time over the Christmas break revamping this site and preparing to write more posts. I moved to the nice clean theme – not unlike Medium for ease of reading, and I wanted to move the whole site to HTTPS. Why enable SSL for the whole site? Continue reading