Hi,
I sometimes hear/read people putting their tv and other devices on a guest Wifi or even on a separate VLAN. Most guest WiFi’s also have client isolation. I can understand that desire but I’m always wondering how that works in real life.
If you have a TV on a guest Wifi, how can you still cast things to it, as I assume your phone is on a different Wifi.
If you put your heating a different VLAN, how can you control the heating from your server that’s on a different VLAN?
What’s your setup in this regard. Is it worth to split? And what do you split and what not?
You have to set up proper routing, so the two vlans (your mobile/pc wifi vlan and the tv vlan for example) can communicate. But you don’t give Internet access to the tv/thermostat vlan, so they can’t “call home” and send all kinds of tracking back home.
Doing these “find your device with magic and do stuff” things can be a bit troublesome across networks. Some is possible to set up but sometimes it just doesn’t work. It is the tradeoff between security and comfort.
A 1:1 NAT to the other network usually solves it for me.
What about mDNS?
You create inter vlan rules that allow connections from your main vlan to the other vlans, but only allow established and related traffic from the secondary vlans back to the main vlan.
I have a separate vlan for IoT and guests but punch holes for contact back to my HomePods(main vlan) for my Ecobee thermostat (IoT vlan) to contact so my kids can use Siri to get the weather in the mornings, and for guests to use the printer, that sort of thing.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IP Internet Protocol TCP Transmission Control Protocol, most often over IP UDP User Datagram Protocol, for real-time communications
[Thread #52 for this sub, first seen 16th Aug 2023, 10:35] [FAQ] [Full list] [Contact] [Source code]
