You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
There was some chat about this on a different thread but don't want to divert that thread so posting a new one, I know Cougar is big on this!
So I am convinced of the benefits of a separate network for IOT devices. As I see it the main benefits are better security and less network congestion ( https://www.androidauthority.com/smart-home-on-separate-wi-fi-3125772/).
I am able to use a guest network on the router, this is easy and solves security, but not network congestion.
Question is, what is the best way to resolve the network congestion, how do I set up a separate network with my setup, which is VM in modem mode using a Google Mesh system. I can't connect a second router to the Virgin box as only one ethernet port works, but I could connect it to the Google system. However how does this solve the congestion issue? If I currently have 15 IOT devices on the main network, if I move them to a separate router connected in via the Google system, those 15 devices still exist, they are just routed through a different router back to the google network. Or am I not understanding how network congestion works?
it depends, I have them on a separate Vlan, so certain devices are allowed to transverse across to that vlan for configuring/altering/messing with however they can't transverse back look for things which are in my core network.
if you move them to a different network is there anything on the other network they would need to talk to?
eg if you move alexa and not the tv, she cant communicate to the tv...
congestion? from IOT? surely that is almost impossible.
From what I have read/heard putting them on different networks makes it difficult for things like your phone to find them.
if you move them to a different network is there anything on the other network they would need to talk to?
Yeah, aware some may need to stay on the original network, or just make it easy to switch phones back and forth to the alternative network.
The biggest issue I can't work out is how Google Home will react to it since it is the main control hub for the Wifi as well as the Google Smart devices I have in the house.
congestion? from IOT? surely that is almost impossible.
Just going based on what I have read, see example article in the original post. It does seem the security aspects are indisputable.
Two things from me.
I have my IoT stuff on a different router. It's the same network (albeit a different subnet). The reason for this is that a lot of (my) cheap devices don't seem to play well with the combined 2.4/5GHz Wi-Fi of the main router.
They almost certainly should be on a different network for security reasons. Many devices run cut-down versions of Linux with poor security, and whilst you could argue "a hacker's turned on a bulb, who cares" the problem is that they're now inside your network and can potentially move laterally. VLANing them off as above is a great idea. I just haven't got around to doing it yet (not least because I get shouted at for "faffing" every time I make changes).
Or am I not understanding how network congestion works?
Perhaps. Why do you think there's congestion?
Perhaps. Why do you think there’s congestion?
I don't I'm just reading stuff on the internet that says there might be, so reducing the number of devices on the main network may be a good thing!
Less network congestion
Last but by no means least on our list is network overload. Wi-Fi routers can only handle so many simultaneous connections. While a single apartment-dweller may never run into any problems, a couple with a house can hit their limit in a hurry, especially if they deck out each room with Wi-Fi lights (like Lifx) instead of connecting to a Wi-Fi hub (like Philips Hue). Don’t get me wrong — built-in Wi-Fi bulbs can be great, but only if you’re using a handful.It’s possible to avoid this overload by using a Wi-Fi 6 router, but 2.4GHz traffic would still get congested quickly since it only supports 11 channels, whereas 5GHz allows many times that number. The more you can offload from a single network’s 2.4GHz channels, the better.
I understand the theory but am unconvinced about the actual real-world threat. Not saying it's never happened, I don't remember hearing about an IoT device ever being compromised in the way Cougar describes though.It does seem the security aspects are indisputable.
I guess you can help yourself by [I]not[/I] buying super cheap stuff that dials home to Chinese servers by default! If you're really concerned about WiFi security then there's plenty of alternative Zigbee devices which work fully locally (will undoubtably be a lot more now Matter is happening)
Fancier routers can provide an extra layer of hardware security, and you could block internet access to a device for example even though it's still (for convenience) still on the main network - the problem with systems like Google Mesh is they're cheap/low power/low capacity & don't really give you a lot of options for doing anything clever.
Usually takes effort to keep devices local. Static device IPs and router outbound access control probably the easiest. Also expensive != secure but there is probably some correlation.
I don't think congestion is a serious issue is it?
Everyone i talk to with extension home automation is only using WiFi for the heavy lifters. Everything else runs through ZigBee or Z-Wave/433/Telldus type connections. Only thing i have IoT is cameras and google Nest/Audio devices.
Separate router?
First reaction was that it was a strange solution until I thought about it. If you're in a position where you don't have interference from neighbours I guess it is viable to run 2x non-overlapping 2.4GHz channels, that's actually a pretty good solution. You've got twice as much 2.4GHz bandwidth. Maybe wife-friendliness would be a challenge for two ugly routers vying for space.
I've become a huge fan of TP-Link Omada network kit. This is TP-Link's rip-off of Ubiquiti Unifi. Price point is good and it has all been released in the last few years with less reliance on legacy products but it is really only for cabled solutions so not as mainstream as "mesh".
Omada allows the 5Ghz/2.4Ghz radios in each access point to be mapped to broadcast multiple SSIDs. Each SSID maps to a VLAN. You need cabling and some VLAN aware switching/routing to hold it all together. Apart from the access points I have a cheap managed switch with POE (TL-SG108PE) and an Edgerouter-X (Ubiquiti). The whole Omada thing runs with a controller (OC200) which gives you a web interface and app to control and monitor everything. No licence fees. It can be kept local or be internet available.
It means you can segregate even more than just an IOT vs humans split. I can spin up SSIDs for individual IOT vendors so they can speak back to their home bases and not have a clue about whether another vendor has a footprint in the home.
Omada has been rock solid for me since I installed it to get WFH through lockdown sorted in a London flat.
Having just made the permanent move into my dad's old house it is on the to-do list to migrate from the installed BT Whole Home network to the Omada kit. The cabling is in place but the access point placement will need to be thought through. The older wall plate access points don't roam as nicely as the newer ones so I'll update a couple of those.
I've just launched into the deep waters of Home Assistant, wanting to trim down reliance on Alexa. Main thing I've done so far is put the smart socket that charges my eMTB battery on an automatic timer - generally I charge a flat battery to midway charged and then top it up the night before a ride. The timer function also maps to a surprising number of other use cases - outside lights in the garden; a shoe dryer. It is pretty mundane stuff but it seems to be in the category of making annoying things less annoying.
I've stuck all our IoT things on a separate Wifi network, which connects via the router. They're mainly all 802.11b anyway, so just stuck them on that...
congestion? from IOT? surely that is almost impossible.
Not really....
A lot are 802.11b which doesn't have a lot of capacity to start with, then add in devices which are right at the limit of range so force the router to drop down to the lowest modulation level and the 802.11b capacity tanks very quickly. Then add in a dozen or so of them all contending for time and you could max out the 802.11b network.
Wifi/cloud based 😬 got to be the absolute worst thing if you are concerned about security! Plus all that video is certainly going to clog up your WiFi if you have enough cameras.Only thing i have IoT is cameras
Regarding congestion, I currently have 43 2.4Ghz IoT style devices on my Unifi network (plus 5ghz & hardwired stuff) with a lot more planned, zero problems so far & don’t foresee any tbh.
I have been deep down the HA rabbit hole for a couple of years now 😀 Loads of projects planned for the winter once the weather turns. My stuff is a mix of mundane/useful and ridiculously complicated & useless or solely for my own amusement/learning 😂I’ve just launched into the deep waters of Home Assistant,
I’m another Omada user here with separate IoT & guest vlans.
The downside I found with Omada was the fw/router at the time did not allow stateful fw rules (& I belive this is still the case). This means that while you can segregate the IoT devices from your secure vlan you can’t write fw rules that allow connections from the secure vlan to instigate a connection to the IoT vlan.
This means putting your control devices in the IoT vlan or moving them as needed which is a pain.
This drove me to turn a old pc into a pfsense router.
I would like to do this but my main motivation is to do early work so things are simple if I ever change my broadband provider. The idea of having to move every device over to new router is the main thing putting me off looking for a better broadband deal. At least if I do that now, things will be simpler later.
all you need to do is change the SSID/password on the new router to whatever the old one was! No need to update every individual client device 😀 You might find the device IPs change if they’re not set to static, but unless they’re hard-coded somewhere it shouldn’t be a problem (and even then, only a few mins work to update)The idea of having to move every device over to new router is the main thing putting me off looking for a better broadband deal.
(You might even find you can just use your existing router with the new provider, and just have to update the broadband login details, I’ve certainly managed to do this in the past! E.g using PlusNet through a BT router)
I have the nest doorbell on a separate switch. This was because it stopped working with the nest wifi and I could not fix it (has previously worked with nest wifi and google wifi before). Turning the wifi on in 2.4 only mode on my office switch was the east solution. Should really try putting it back on the main network since it was 1 1/2 years since I made that change. The switch is cabled into the second nest wifi 'router'.
Wifi/cloud based 😬 got to be the absolute worst thing if you are concerned about security! Plus all that video is certainly going to clog up your WiFi if you have enough cameras.
Not cloud based, recording over a meshed WiFi to a server at home. And all nicely firewalled/secure/MFA/etc. And not sure a couple of SD camera feeds are going to clog a 2.4GHz network that'll handle 3 or 4 VHD movie streams at the same time.
TBH, i doubt even a dozen camera feeds are going to make a noticeable dent.
First reaction was that it was a strange solution until I thought about it. If you’re in a position where you don’t have interference from neighbours I guess it is viable to run 2x non-overlapping 2.4GHz channels, that’s actually a pretty good solution. You’ve got twice as much 2.4GHz bandwidth. Maybe wife-friendliness would be a challenge for two ugly routers vying for space.
Yep. The other thing is (and apologies, I'm repeating myself from the previous thread), the range on my cheap bulbs is poor. Even when I'd got it working, I'd tell Alexa turn the lights on and the one in the back corner would stay dark. I stuck a pocket GL.iNet router (who make the Mango above) upstairs; now I've got a solid signal between the big Asus and the travel router, and the back room bulbs are linked to an AP in the same room rather than across the house. A relay, if you like.
I’ve just launched into the deep waters of Home Assistant,
I have been deep down the HA rabbit hole for a couple of years now
There's probably a separate thread to be had in this. I've been meaning to have a play with HA for some time. Reducing reliance on the Internet is compelling.
it's certainly worth it from that perspective I think. Obviously, always better to buy locally-controlled/non-cloud devices in the first place, but that's not always possible or cost-effective. HA gives you options. There's a number of alternative firmwares for common devices, plus some methods of spoofing others so they think they're talking to cloud servers but actually they're communicating with your local HA instance.I’ve been meaning to have a play with HA for some time. Reducing reliance on the Internet is compelling.