[mythtv-users] VLANs, HDHomeruns and bears, oh my
Michael
mythtv at blandford.net
Mon Apr 6 17:03:27 UTC 2020
On 4/5/20 7:06 AM, Ian Evans wrote:
> With self-isolation and some time on our repeatedly washed hands, I'm
> sure many of us are tackling projects or even just thinking of
> future projects to distract ourselves.
>
> I was thinking about isolating IoT devices like the HDHomeruns, Rokus
> and Blu-ray player on a VLAN.
>
> Knowing the term VLAN is about the extent of my knowledge on the
> subject. I know I need a VLAN aware switch and a VLAN aware router.
>
> Just curious how you configure this so I can read more on the topic.
> Let's call the MythTV box letterman.
>
> Other computers in the home are on VLAN 1. HDHomeruns are on VLAN 2.
>
> letterman can see/access the HDHomeruns.
>
> letterman can see/access the other computers/NAS and vice versa.
>
> Also is it safe to have letterman be able to access VLAN1 or is it
> "compromised" because it can communicate with IoT devices?
>
> Thanks for any suggestions and I wish that you and yours are safe and
> healthy during this time.
>
I have something similar to this at my house.
Desktop computers and infrastructure on VLAN1. Can route to the
internet or any of the other VLANs
IOT devices on VLAN 2. Can only route to the internet. Limited access
to VLAN1 on specific ports/protocols for things like plex or mythtv
Guest internet on VLAN 3. Can only route to the internet
Cameras on VLAN4. Can't route anywhere
All VLANs have access to DNS/DHCP on VLAN1
I set this up with an Edgerouter and Unifi switches. If you google
'edgeos IOT vlan' you can find many guides on how to set something like
this up.
The key thing to note is the VLANs don't extend down to the individual
devices. It is virtual concept that happens between the swtiches and
routers to separate the networks.
Michael
More information about the mythtv-users
mailing list