Best way to "decoupling" smart home network from users network

0

I'm working on my smart home system and I have several devices on it, both commercial and DIY. Now my idea is to separate the 'Users Network' (UN) used for gaming, networking, streaming, etc from the 'Smart Home Network' (SHN) to simplify the management, don't mix up IP addresses, improve security and so on.

The requirements are:

  • Devices on SHN usually should be 'hidden' to devices on the UN, but easily accessible do debug/work on it if necessary (so access via SSH by a PC, etc.)
  • Some devices on the SHN must be visible/accessible by devices connected to UN (eg: the Philips Hue Bridge on SHN must be visible from a smartphone on UN to set states, scenes, etc.)
  • Some devices on SHN may require internet connection (eg. cloud features)
  • Some devices on SHN are not wireless, they use ethernet connector

So, what's the best way to achieve that?

EDIT: Actually I have an old Netgear DG834G, but I'm planning to buy another router soon. Or to use a dedicated one (basic-mid range) for the SHN network.

Noisemaker

Posted 2018-11-26T16:02:52.220

Reputation: 1

What is your router, switches, and/or access points? This is a pretty common setup for enterprise networks, it uses a technique called VLANs where unique networks are setup in one physical environment. Most average grade consumer (ie. home) network equipment is not capable of this, although some newer or higher-end stuff is. For example, you would setup two LAN's in the router, 192.168.1.0/24 and 192.168.100.0/24 and assign certain ports to each network, such as 1&2 to network 1 and 3&4 to network 2, then setup two unique SSID's, one for each network. – acejavelin – 2018-11-26T16:23:04.557

What kind of attacks are you protecting against? Dedicated hacker in your Users Network? Casuauly user shouldn't accidentally mess with them? And: LAN or WLAN? If LAN, are you willing to invest in cabling, if the existing cabling is not sufficient? The general setup (two segments, firewall) isn't so hard, but the devil is in the details. – dirkt – 2018-11-26T16:46:37.810

Do you want to set something as solution, or extend your question? – davidbaumann – 2019-11-12T14:04:35.253

Answers

0

You can use ipfire, for instance.

Take a low power consuming computer and add as many lan cards as needed. Then you can create rules using the web interface, like forwarding ports or allow access to a device from another network. It can also interact as wifi hotspot, just read the documentation, or add a wifi ap and connect it to one lan.

What I'd like to say is you should always consider your network unsecure, so the systems should be safe, each by it's own.

Actually you must find out the details by yourself, but using ipfire there is no limit in customisation...

davidbaumann

Posted 2018-11-26T16:02:52.220

Reputation: 2 089

Asked: 2018-11-26T16:02:52.220

Viewed: 30 times

Active: 2018-11-26T16:43:51.760