[mythtv-users] VLANs, HDHomeruns and bears, oh my

Michael mythtv at blandford.net
Mon Apr 6 17:03:27 UTC 2020


On 4/5/20 7:06 AM, Ian Evans wrote:
> With self-isolation and some time on our repeatedly washed hands, I'm 
> sure many of us are tackling projects or even just thinking of 
> future projects to distract ourselves.
>
> I was thinking about isolating IoT devices like the HDHomeruns, Rokus 
> and Blu-ray player on a VLAN.
>
> Knowing the term VLAN is about the extent of my knowledge on the 
> subject. I know I need a VLAN aware switch and a VLAN aware router.
>
> Just curious how you configure this so I can read more on the topic. 
> Let's call the MythTV box letterman.
>
> Other computers in the home are on VLAN 1. HDHomeruns are on VLAN 2.
>
> letterman can see/access the HDHomeruns.
>
> letterman can see/access the other computers/NAS and vice versa.
>
> Also is it safe to have letterman be able to access VLAN1 or is it 
> "compromised" because it can communicate with IoT devices?
>
> Thanks for any suggestions and I wish that you and yours are safe and 
> healthy during this time.
>

I have something similar to this at my house.

Desktop computers and infrastructure on VLAN1.   Can route to the 
internet or any of the other VLANs

IOT devices on VLAN 2.   Can only route to the internet. Limited access 
to VLAN1 on specific ports/protocols for things like plex or mythtv

Guest internet on VLAN 3.  Can only route to the internet

Cameras on VLAN4.  Can't route anywhere


All VLANs have access to DNS/DHCP on VLAN1


I set this up with an Edgerouter and Unifi switches.   If you google 
'edgeos IOT vlan' you can find many guides on how to set something like 
this up.


The key thing to note is the VLANs don't extend down to the individual 
devices.   It is virtual concept that happens between the swtiches and 
routers to separate the networks.


Michael





More information about the mythtv-users mailing list