Just got my GL mt6000, and I am in the process of setting it up for my home. I have 2 questions:
Can I use the Guest network, for my IOT devices? I still not very familiar with Luci. Therefore, I figured, it would be easier to configure the Guest network to create a secure network for IOT devices.
1.1 According to the list below, how do I set up the router to create the separate networks for normal and IOT devices (VLANS ?).
1.2 How do I bridge them together? And what configuration types are there to consider?
1.3 I used Cloudflare for exposing my home assistant to the outside world, should I instead use a application already present on the GL mt6000 for doing so?
What I have and want:
On the GL mt6000:
LAN 1: Managed switch for PC’s printer etc,
LAN 2: Truenas Server
LAN 4: Hue bridge connected to GL mt6000
LAN 5: home assistant running on a Pi, connected to the GL mt6000
Wi-Fi: normal devices.
IOT-Wi-Fi: Multiple esphome devices, all connected to home assistant
IOT-Wi-Fi: some Shelly devices connected over.
Homeassistant and ESPHome devices are using mDNS for discovery, this leads to some problems, since some of them are not discovered anymore by Homeassistant. Has anyone has some experience with it and could give me some advice on how to tackle this? I looked into the openWRT ZeroConf (umdns, Avahi), but this also seems to be a bit involved.
Geezus; there’s a lot going on in this post given all the other devices you’ve got going on. Here’s what I’m going to suggest: you’re going to find yourself wanting to get into LuCI & SSH sooner than later. Before doing so to do more advanced setups (eg: IoT VLANs &/or bridging VLANs), make sure you have a backup(s) to fall back on if things go awry. Here’s a HOW-TO:
You’re already running the latest release, OpenWrt 23.05. From there, feel free to consult the OpenWrt Wiki, maybe their forums, if you don’t find what you need in the GL docs.
… but I don’t see a reason why not to use the Guest subnet for IoT if you know you won’t be having any guests use it.
(You might want to map/diagram your current network vs your ideal network setup; see draw.io)
[EDIT] regarding backups and using openWRT: I am familiar with linux and fine with using the CLI. The problem I have is, that I don’t know most commands and nomenclature, and therefore this might lead to simple copy past errors in the config files since I still have a hard time reading them.
thank you for the replies, good tip for using the guest network for my IOT.
I found the Videos from OneMarcFifty yesterday, Pretty good channel, I will check it out.
What kind of changes should I make to allow devices (PC, smartphone) to access HA(homeassistant) when using the Guest network for my IOT stuff?
Ether I have the Pi running HA in the regular network but then I have to expose it to the guest network, or I reserve one LAN Port for the guest WiFi and I then need a good option to access HA with my phone.
I think I could still use my cloudflare tunnel to access the HA server, that might be the easier option and I have good Isolation between the Networks. I am not sure if I need a VLAN to have a LAN port in the guest network…?
Or just use my spare router (mikrotik hapAX3) just for the IOT stuff, this would leave the FLINT2 clean. good choice ?
Where lan shares wifi and iot shares a other wifi network or use ethernet seperated from lan.
Then you can do two things either forward the firewall zones:
for lan you forward to zone iot or guest.
Or a better approach this is how i would do it:
create a traffic rule, src lan, dest iot/guest, and then the dest ip of your HA.
The zones can be found in luci, luci → network tab → firewall, and the traffic rules are there aswell in a tab.
Most of the commands should be vim, opkg as replacement for apt, and if you want to be more advanced uci for the configuration, but you can also edit them in /etc/config and with winscp you can access everything similar like ftp , normally for a backup we do that in luci its in the system tab, but these backups can also be opened as zip file, to move configs one at a time aswell.
Which is why my protocol is to take a backup before I make any changes & after I’m confident those settings are working. Restoring a backup is just a matter of uploading a small archive file & rebooting. It should be less than 1 min ‘downtime’ in your case.
LuCI is just a front end to uci which itself is a front end to editing .conf. It’s rare I use uci when I can just fire up vi(m).
That’s is what I’d do. Wholly isolate the IOT behind its own subnet. Make the Flint 2 your ‘main router’. You can always create custom routes at a later time.
… but really, you should see that HOW-TO & whip up some diagrams. You’re going to need to break up your goals into more digestible chunks.