I have my AP connected with a trunk link and configured to offer different SSIDs for different VLANs. I connect IOT devices to the IOT WiFi, and home assistant can see them since the machine running it is connected to that VLAN as well. Apart from the initial setup, this feels like less of a hassle, as firewall rules are already set up for this VLAN (no connection to internet or other VLANs). If I had to manually make sure that every new IOT device I add is incapable of talking to the internet, I think I’d go mad.
Comment on VLAN’s and Subnets For Home Networks
thenewred@lemmy.world 1 week ago
I get the security aspect of it, but in my case I can’t see a reason to go through the hassle. My smart switches talk to home assistant running on my server. I want new devices to be able to access the plex server without manual config. And my server is arguably the most sensitive machine on my network, so if I can’t protect that, I don’t think it’s worth protecting anything.
ftbd@feddit.org 1 week ago
HamsterRage@lemmy.ca 1 week ago
Do your smart switches talk to your HomeAssistant server???
Or does your HomeAssistant server talk to the devices?
It’s probably the latter, and in terms of network security the difference is huge. You can restrict your smart switches to their own, untrusted zone with no outgoing permissions and then give HomeAssistant access to them from its zone.
I would also argue that your personal devices and desktop computers are far more sensitive than your HomeAssistant server.
thenewred@lemmy.world 1 week ago
That’s a fair point. I think home assistant initiates the connection, but I’m not sure how status updates work from the smart switch to home assistant. Could be home assistant polling, web sockets, or the switch broadcasting.