As an exercise in good network health, I spent some time last month moving all the “Internet of Things” devices in my network onto their own segregated VLAN. I’ve configured things so that by default no traffic can leave the IoT network without my adding explicit rules to permit it. This protects the trusted side of my network from potentially dodgy traffic from the IoT devices with cheap WiFi chips and Chinese hosted servers. (I’m looking at you ThermoGroup.)
Logically, my network ends up looking something like this, with separate networks for the trusted kit, the IoT devices and the guest wireless network.
One wrinkle with this approach is that – by design – each VLAN is its own broadcast domain. That means the devices on my primary trusted VLAN can no longer use multicast to discover devices on the IoT VLAN. The most obvious victim of this was Sonos – none of the controllers could see the Sonos devices once I separated the LANs. Enter igmpproxy running on my router – the UniFi USG-PRO-4.
Our last house was big. Or at least, long. Long enough that your average router’s built-in WiFi wouldn’t reach every room properly. Since we moved in to that house in 2013, the wireless network I built predated today’s wonderful collection of mesh-based WiFi systems. The likes of the Netgear Orbi, Linksys Velop and Google Wifi devices didn’t yet exist. So I bought a bunch of Ubiquiti‘s UniFi kit (four access points in total) and spread them through the house.
This setup wasn’t as seamless or quick to set up as these new systems appear to be, but once configured it has been rock solid. The controller for these devices started life as the default install of Ubiquiti’s Java app on a Windows server, then later as a Docker image on a Synology Diskstation. For various reasons (mostly to do with constrained bandwidth) I’m not running that Synology or a powerful permanent server in the new house, but I still wanted a controller for the UniFi kit – especially as I intend to try their USG as a gateway device.
In the category of things I do when I should be preparing to move house, I present the Iron Man Status Mask. A Raspberry Pi running a Python based RESTful API inside an Iron Man mask that can indicate any colour via his eyes. As you can imagine, Lindsay is thrilled.
Update 27/02/2011: Added IR control and password passthrough.
I’ve recently put together a CCTV solution using a few Foscam FI8918W cameras and the excellent ZoneMinder software. This is all running on a CentOS 5.5 virtual machine under Hyper-V (more on this setup another time). The Foscam cameras have pan, tilt and the ability to set and move to preset locations. Continue reading →