Same Device in two Subnets
-
Hello.
I currently thinking about separating my IoT devices to its own network.
The thing I asked myself is, if I put my Chromecast or Sonos speaker in the IoT network it's on a different subnet and vlan than my smartphone for example. Spotify connect or Netflix wouldn't find my chromecast to stream it on. I'm not sure how they do find the devices in the local network, but does anyone know how I could simulate that the chromecast is in the end device network so netflix is able to find it?
Maybe with Virtual IPs?Thank you very much in advance ^^
-
@khensu it’s best to place all IoT devices in the same vlan. They expect to talk to each other in the same VLAN by design
-
@michmoor didn't mean it like that. All my Iot devices are in the same vlan. But my end devices like Smartphone and PC are on another vlan. But Services like Spotify or netflix have auto discovery protocols to find for example chromecasts to stream on. But how can I make my phone, which is in end device vlan, find my chromecast which is in the iot vlan? My first thought is that I just have to simulate with a virtual ip that the chromecast is also in the end client network somehow im not sure if that is possible. Or my second thought just passing the multicast over to the vlan network with an igmp proxy or avahi daemon.
-
@khensu said in Same Device in two Subnets:
avahi daemon.
that can help a dumb device designed for home use where users only have 1 flat network find a device on another network.. But these makers need to wake up and sure leave the auto discovery there for grandma beth.. But how freaking hard is it to also just allow for simple simple dns or IP that the user puts in?
Vote with your cash - don't use such devices ;)
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
@johnpoz grandma Beth. Lol. Stop picking on her
-
@johnpoz said in Same Device in two Subnets:
that can help a dumb device designed for home use where users only have 1 flat network find a device on another network..
I have that issue with my Onkyo AVR .... Only does L2 discovery
I had to make a WiFi SSID on my "Multimedia Vlan" , and connect the iPhone/iPad to that SSID , when using the "Lan Remote"
Quite annoying.And i totally agree .. Why couldn't they also allow it to "save the IP" it was discovered at. Instead of insisting on doing a L2 discovery every time.
/Bingo
-
@johnpoz We all agree, but that’s not happening anytime soon.
Unfortunately mDNS/Bonjour/multicast discovery is here to stay for the forseeable future if you want the really nice gadgets/devices in your house.
The way to handle it is by installing the AVAHI package and have it replicate dicovery traffic from your LAN to your IoT network.
After that comes a bit of work getting the needed firewall rules for traffic between your phone/PC/Mac and the IoT devices.Remember: a ANY/ANY rule in both directions completely negates the idea of segmenting the devices in the first place.
-
Thank for the answers!
Ok so Avahi Daemon is the way to go here.
What rules do I need exactly? That's probably device specific as they all may use different ports and protocols then or am I wrong?
Isn't there a way to allow communication between end device and chromecast for example for a short while when a connection from the end device is established? Any protocol and port but only between those two devices or more if more smartphones want to controll the chromecast at the same time for example?I know its somehow stupid they dont allow to add local devices manually per IP Adress... But somehow a lot of people probably dont even know what a IP Address is and just want it to magically work.
-
@khensu said in Same Device in two Subnets:
Thank for the answers!
Ok so Avahi Daemon is the way to go here.Yes
What rules do I need exactly? That's probably device specific as they all may use different ports and protocols then or am I wrong?
Exactly - this is why may create a any/any rule from LAN til IoT. That’s okay as long as you do not create a similar rule from IoT to LAN. So you could try with just that, but sometimes there are devices that require access in the reverse direction. If you have devices like that, you need to find some documentation on what to open in that case.
Isn't there a way to allow communication between end device and chromecast for example for a short while when a connection from the end device is established? Any protocol and port but only between those two devices or more if more smartphones want to controll the chromecast at the same time for example?
No, unfortunately not.
-
@khensu said in Same Device in two Subnets:
But somehow a lot of people probably dont even know what a IP Address is and just want it to magically work.
Agree - grandma beth, not saying the discovery is not useful.. What I am saying - what do you think that discovery discovers - the IP.. Just let the user put it in!!
Other solution is when you want to use those devices, just put your phone/tablet on that vlan - change to that ssid. I'm not a fan of setting up vlans, and then just breaking that boundary by sending multicast across that boundary.. ;)
Or setup avahi - I have gone over it a few times myself on how to troubleshoot it. Let me see if can dig up last time..
https://forum.netgate.com/post/1016923
here is troubleshooting it
https://forum.netgate.com/topic/166642/mdns-struggles/11
