Best way to “decoupling” smart home network from users network
up vote
0
down vote
favorite
I'm working on my smart home system and I have several devices on it, both commercial and DIY. Now my idea is to separate the 'Users Network' (UN) used for gaming, networking, streaming, etc from the 'Smart Home Network' (SHN) to simplify the management, don't mix up IP addresses, improve security and so on.
The requirements are:
- Devices on SHN usually should be 'hidden' to devices on the UN, but easily accessible do debug/work on it if necessary (so access via SSH by a PC, etc.)
- Some devices on the SHN must be visible/accessible by devices connected to UN (eg: the Philips Hue Bridge on SHN must be visible from a smartphone on UN to set states, scenes, etc.)
- Some devices on SHN may require internet connection (eg. cloud features)
- Some devices on SHN are not wireless, they use ethernet connector
So, what's the best way to achieve that?
EDIT:
Actually I have an old Netgear DG834G, but I'm planning to buy another router soon. Or to use a dedicated one (basic-mid range) for the SHN network.
networking wireless-networking iot
asked Nov 26 at 16:02
Noisemaker
11
add a comment |
up vote
0
down vote
favorite
I'm working on my smart home system and I have several devices on it, both commercial and DIY. Now my idea is to separate the 'Users Network' (UN) used for gaming, networking, streaming, etc from the 'Smart Home Network' (SHN) to simplify the management, don't mix up IP addresses, improve security and so on.
The requirements are:
- Devices on SHN usually should be 'hidden' to devices on the UN, but easily accessible do debug/work on it if necessary (so access via SSH by a PC, etc.)
- Some devices on the SHN must be visible/accessible by devices connected to UN (eg: the Philips Hue Bridge on SHN must be visible from a smartphone on UN to set states, scenes, etc.)
- Some devices on SHN may require internet connection (eg. cloud features)
- Some devices on SHN are not wireless, they use ethernet connector
So, what's the best way to achieve that?
EDIT:
Actually I have an old Netgear DG834G, but I'm planning to buy another router soon. Or to use a dedicated one (basic-mid range) for the SHN network.
networking wireless-networking iot
asked Nov 26 at 16:02
Noisemaker
11
What is your router, switches, and/or access points? This is a pretty common setup for enterprise networks, it uses a technique called VLANs where unique networks are setup in one physical environment. Most average grade consumer (ie. home) network equipment is not capable of this, although some newer or higher-end stuff is. For example, you would setup two LAN's in the router, 192.168.1.0/24 and 192.168.100.0/24 and assign certain ports to each network, such as 1&2 to network 1 and 3&4 to network 2, then setup two unique SSID's, one for each network.
– acejavelin
Nov 26 at 16:23
What kind of attacks are you protecting against? Dedicated hacker in your Users Network? Casuauly user shouldn't accidentally mess with them? And: LAN or WLAN? If LAN, are you willing to invest in cabling, if the existing cabling is not sufficient? The general setup (two segments, firewall) isn't so hard, but the devil is in the details.
– dirkt
Nov 26 at 16:46
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm working on my smart home system and I have several devices on it, both commercial and DIY. Now my idea is to separate the 'Users Network' (UN) used for gaming, networking, streaming, etc from the 'Smart Home Network' (SHN) to simplify the management, don't mix up IP addresses, improve security and so on.
The requirements are:
- Devices on SHN usually should be 'hidden' to devices on the UN, but easily accessible do debug/work on it if necessary (so access via SSH by a PC, etc.)
- Some devices on the SHN must be visible/accessible by devices connected to UN (eg: the Philips Hue Bridge on SHN must be visible from a smartphone on UN to set states, scenes, etc.)
- Some devices on SHN may require internet connection (eg. cloud features)
- Some devices on SHN are not wireless, they use ethernet connector
So, what's the best way to achieve that?
EDIT:
Actually I have an old Netgear DG834G, but I'm planning to buy another router soon. Or to use a dedicated one (basic-mid range) for the SHN network.
networking wireless-networking iot
asked Nov 26 at 16:02
Noisemaker
11
I'm working on my smart home system and I have several devices on it, both commercial and DIY. Now my idea is to separate the 'Users Network' (UN) used for gaming, networking, streaming, etc from the 'Smart Home Network' (SHN) to simplify the management, don't mix up IP addresses, improve security and so on.
The requirements are:
- Devices on SHN usually should be 'hidden' to devices on the UN, but easily accessible do debug/work on it if necessary (so access via SSH by a PC, etc.)
- Some devices on the SHN must be visible/accessible by devices connected to UN (eg: the Philips Hue Bridge on SHN must be visible from a smartphone on UN to set states, scenes, etc.)
- Some devices on SHN may require internet connection (eg. cloud features)
- Some devices on SHN are not wireless, they use ethernet connector
So, what's the best way to achieve that?
EDIT:
Actually I have an old Netgear DG834G, but I'm planning to buy another router soon. Or to use a dedicated one (basic-mid range) for the SHN network.
networking wireless-networking iot
networking wireless-networking iot
asked Nov 26 at 16:02
Noisemaker
11
asked Nov 26 at 16:02
Noisemaker
11
edited Nov 26 at 16:43
asked Nov 26 at 16:02
Noisemaker
11
asked Nov 26 at 16:02
Noisemaker
11
asked Nov 26 at 16:02
Noisemaker
11
11
What is your router, switches, and/or access points? This is a pretty common setup for enterprise networks, it uses a technique called VLANs where unique networks are setup in one physical environment. Most average grade consumer (ie. home) network equipment is not capable of this, although some newer or higher-end stuff is. For example, you would setup two LAN's in the router, 192.168.1.0/24 and 192.168.100.0/24 and assign certain ports to each network, such as 1&2 to network 1 and 3&4 to network 2, then setup two unique SSID's, one for each network.
– acejavelin
Nov 26 at 16:23
What kind of attacks are you protecting against? Dedicated hacker in your Users Network? Casuauly user shouldn't accidentally mess with them? And: LAN or WLAN? If LAN, are you willing to invest in cabling, if the existing cabling is not sufficient? The general setup (two segments, firewall) isn't so hard, but the devil is in the details.
– dirkt
Nov 26 at 16:46
add a comment |
What is your router, switches, and/or access points? This is a pretty common setup for enterprise networks, it uses a technique called VLANs where unique networks are setup in one physical environment. Most average grade consumer (ie. home) network equipment is not capable of this, although some newer or higher-end stuff is. For example, you would setup two LAN's in the router, 192.168.1.0/24 and 192.168.100.0/24 and assign certain ports to each network, such as 1&2 to network 1 and 3&4 to network 2, then setup two unique SSID's, one for each network.
– acejavelin
Nov 26 at 16:23
What kind of attacks are you protecting against? Dedicated hacker in your Users Network? Casuauly user shouldn't accidentally mess with them? And: LAN or WLAN? If LAN, are you willing to invest in cabling, if the existing cabling is not sufficient? The general setup (two segments, firewall) isn't so hard, but the devil is in the details.
– dirkt
Nov 26 at 16:46
What is your router, switches, and/or access points? This is a pretty common setup for enterprise networks, it uses a technique called VLANs where unique networks are setup in one physical environment. Most average grade consumer (ie. home) network equipment is not capable of this, although some newer or higher-end stuff is. For example, you would setup two LAN's in the router, 192.168.1.0/24 and 192.168.100.0/24 and assign certain ports to each network, such as 1&2 to network 1 and 3&4 to network 2, then setup two unique SSID's, one for each network.
– acejavelin
Nov 26 at 16:23
What is your router, switches, and/or access points? This is a pretty common setup for enterprise networks, it uses a technique called VLANs where unique networks are setup in one physical environment. Most average grade consumer (ie. home) network equipment is not capable of this, although some newer or higher-end stuff is. For example, you would setup two LAN's in the router, 192.168.1.0/24 and 192.168.100.0/24 and assign certain ports to each network, such as 1&2 to network 1 and 3&4 to network 2, then setup two unique SSID's, one for each network.
– acejavelin
Nov 26 at 16:23
What kind of attacks are you protecting against? Dedicated hacker in your Users Network? Casuauly user shouldn't accidentally mess with them? And: LAN or WLAN? If LAN, are you willing to invest in cabling, if the existing cabling is not sufficient? The general setup (two segments, firewall) isn't so hard, but the devil is in the details.
– dirkt
Nov 26 at 16:46
What kind of attacks are you protecting against? Dedicated hacker in your Users Network? Casuauly user shouldn't accidentally mess with them? And: LAN or WLAN? If LAN, are you willing to invest in cabling, if the existing cabling is not sufficient? The general setup (two segments, firewall) isn't so hard, but the devil is in the details.
– dirkt
Nov 26 at 16:46
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
You can use ipfire, for instance.
Take a low power consuming computer and add as many lan cards as needed. Then you can create rules using the web interface, like forwarding ports or allow access to a device from another network.
It can also interact as wifi hotspot, just read the documentation, or add a wifi ap and connect it to one lan.
What I'd like to say is you should always consider your network unsecure, so the systems should be safe, each by it's own.
Actually you must find out the details by yourself, but using ipfire there is no limit in customisation...
answered Nov 26 at 16:25
davidbaumann
1,834722
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1378499%2fbest-way-to-decoupling-smart-home-network-from-users-network%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You can use ipfire, for instance.
Take a low power consuming computer and add as many lan cards as needed. Then you can create rules using the web interface, like forwarding ports or allow access to a device from another network.
It can also interact as wifi hotspot, just read the documentation, or add a wifi ap and connect it to one lan.
What I'd like to say is you should always consider your network unsecure, so the systems should be safe, each by it's own.
Actually you must find out the details by yourself, but using ipfire there is no limit in customisation...
answered Nov 26 at 16:25
davidbaumann
1,834722
add a comment |
up vote
0
down vote
You can use ipfire, for instance.
Take a low power consuming computer and add as many lan cards as needed. Then you can create rules using the web interface, like forwarding ports or allow access to a device from another network.
It can also interact as wifi hotspot, just read the documentation, or add a wifi ap and connect it to one lan.
What I'd like to say is you should always consider your network unsecure, so the systems should be safe, each by it's own.
Actually you must find out the details by yourself, but using ipfire there is no limit in customisation...
answered Nov 26 at 16:25
davidbaumann
1,834722
add a comment |
up vote
0
down vote
up vote
0
down vote
You can use ipfire, for instance.
Take a low power consuming computer and add as many lan cards as needed. Then you can create rules using the web interface, like forwarding ports or allow access to a device from another network.
It can also interact as wifi hotspot, just read the documentation, or add a wifi ap and connect it to one lan.
What I'd like to say is you should always consider your network unsecure, so the systems should be safe, each by it's own.
Actually you must find out the details by yourself, but using ipfire there is no limit in customisation...
answered Nov 26 at 16:25
davidbaumann
1,834722
You can use ipfire, for instance.
Take a low power consuming computer and add as many lan cards as needed. Then you can create rules using the web interface, like forwarding ports or allow access to a device from another network.
It can also interact as wifi hotspot, just read the documentation, or add a wifi ap and connect it to one lan.
What I'd like to say is you should always consider your network unsecure, so the systems should be safe, each by it's own.
Actually you must find out the details by yourself, but using ipfire there is no limit in customisation...
answered Nov 26 at 16:25
davidbaumann
1,834722
answered Nov 26 at 16:25
davidbaumann
1,834722
answered Nov 26 at 16:25
davidbaumann
1,834722
answered Nov 26 at 16:25
davidbaumann
1,834722
1,834722
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1378499%2fbest-way-to-decoupling-smart-home-network-from-users-network%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What is your router, switches, and/or access points? This is a pretty common setup for enterprise networks, it uses a technique called VLANs where unique networks are setup in one physical environment. Most average grade consumer (ie. home) network equipment is not capable of this, although some newer or higher-end stuff is. For example, you would setup two LAN's in the router, 192.168.1.0/24 and 192.168.100.0/24 and assign certain ports to each network, such as 1&2 to network 1 and 3&4 to network 2, then setup two unique SSID's, one for each network.
– acejavelin
Nov 26 at 16:23
What kind of attacks are you protecting against? Dedicated hacker in your Users Network? Casuauly user shouldn't accidentally mess with them? And: LAN or WLAN? If LAN, are you willing to invest in cabling, if the existing cabling is not sufficient? The general setup (two segments, firewall) isn't so hard, but the devil is in the details.
– dirkt
Nov 26 at 16:46