I think that this is more of a general question than wireless, but please feel free to move this thread.
Especially with the current issues with infected Internet of Things [IoT] (aka Internet of Shit) devices forming massive botnets, I want to segregate, isolate, log, and monitor all traffic to my IoT stuff at home. I’m starting with an Ecobee3 Smart WiFi thermostat but eventually want to add other smart home items and cameras. For now though, I just have the Ecobee and it is attached via WiFi.
For my home network, I have an 1100x2AH for the core of my network and a 411AR with a 2.4GHz B/G and 5GHz N card setup currently as follows:
1100x2AH Setup:
- ether1 is connected to WAN cable modem
- ether2 is connected to a switch for the rest of the wired network
- ether3-12 are currently unused
- ether13 is connected to the 411AR
- all physical ports in bridge1
- No existing VLANs
411: - all wifi networks on the 411 are connected to bridge1
- client wifi networks exists on both the wlan1 and wlan2 attached to the respective interfaces, not virtual
- a virtual IoT wifi network is setup on wlan1
I’ve taken a look at the documentation and can’t quite follow how to create VLANs and pass them along to wifi networks on the 411, while still leaving the client network endpoints to have an unrestricted network. I know that I’ll need two VLANs, one for internal clients and one for IoT, then put a DHCP server on each VLAN right? ether13 will need to be a trunkport? Willing to change anything about the setup that would make this work easier.
Beyond that, tips for building firewall policies for just the IoT VLAN would be helpful!
What else do you need to know for this project?
Thanks in advance!