Philips Hue - LAN Port to be part of YazFi Wireless Guest Network Subnet

[systematic]

Hi All,

I have recently installed YazFi and created an IOT_2G and IOT_5G network. I have moved all my IOT devices (wireless) to the relevant network with the exception of the Philips Hue system.

The Philips Hue works via a Hue Bridge that connects to the ASUS router via Ethernet.

How if at all is it possible to move this off my main network subnet to the IOT subnet configured through YazFi?

 

[Ripshod]

A cheap extender connected to the guest wifi would seem ideal in this situation. The Tp-link units I've had had a lan port to connect into the network.
Unless anyone has any idea re this via the firmware (likely).

 

[bennor]

Hi All,

I have recently installed YazFi and created an IOT_2G and IOT_5G network. I have moved all my IOT devices (wireless) to the relevant network with the exception of the Philips Hue system.

The Philips Hue works via a Hue Bridge that connects to the ASUS router via Ethernet.

How if at all is it possible to move this off my main network subnet to the IOT subnet configured through YazFi?

There has been earlier discussion on similar issues in the Add-On's subforum:

YazFi - Guest Network for WiFi Smart Home Devices

Hi all, Happy New Year! Making a guest WiFi network for smart devices (Hue lights, Alexa, Google Home etc). Should I enable/disable any of two way to guest, one way to guest or client isolation? I'm not 100% sure I truly understand what they mean. Thanks.

www.snbforums.com

There are a few ways to handle it. One is to use Asus stock (usually beta at this time) firmware that has Guest Network Pro/VLAN feature if your router is supported by that feature. See this Asus link. Or one can enable the One Way feature in YazFi that should allow LAN clients to access the YazFi Guest Network client(s). Or one can use the YazFi custom scripting to set custom firewall rules to allow specific YazFi clients to access a specific main LAN IP address. See this link and this one for more information. Or like the previous poster indicated use a extender and put the extender into the YazFi guest network.

 

[John Tetreault]

No, I don't think everyone understands what this person is trying to do.... I think I'm trying to do the same thing... So.... lets say I'm using YazFi, I've got an isolated guest network for all my IOT devices on 192.168.6.0/24 subnet to keep them isolated from my primary network.... Well, I've also got a FiOS TV set top box that connects via a MOCA adapter to Ethernet port 4 on the back of the router.... I want to move that device to the 192.168.6.0/24 subnet... Is there a way I can put ethernet port 4 and wlan1.2 BOTH on the 192.168.6.0/24 subnet instead of ethernet port 4 being on the 192.168.1.0/24 subnet of my primary network? I assume it can be done with VLANs but I really don't know how to accomplish it beyond that.

 

[JGrana]

On the Philips Hue - when you manage the Hue using the app on a phone or tablet, do you need to put the phone/tablet on the Guest Network (at least until you finish)?

 

[RandomUser777]

No, I don't think everyone understands what this person is trying to do.... I think I'm trying to do the same thing... So.... lets say I'm using YazFi, I've got an isolated guest network for all my IOT devices on 192.168.6.0/24 subnet to keep them isolated from my primary network.... Well, I've also got a FiOS TV set top box that connects via a MOCA adapter to Ethernet port 4 on the back of the router.... I want to move that device to the 192.168.6.0/24 subnet... Is there a way I can put ethernet port 4 and wlan1.2 BOTH on the 192.168.6.0/24 subnet instead of ethernet port 4 being on the 192.168.1.0/24 subnet of my primary network? I assume it can be done with VLANs but I really don't know how to accomplish it beyond that.

I would not be worried about the Hue being on the regular network. I have mine integrated with my main devices, and controlled by Home Assistant. Philips is not doing anything nefarious to or on my network


If you want to segregate any device, whether the Hue or your set-top box, just set up some IPTABLES rules that restrict data flow between the ip addresses you define, or between the ethernet port (port 4 is eth3) and br0/br1/eth1/eth2 etc.

 

[Jeffrey Young]

To actually answer the question being asked - yes it is possible, but not with YazFi. I whipped up my own scripts that emulate what Jack did, but using a seperate bridge so that I could remove a lan port from the br0 bridge and add it to the guest bridge.

The script is not one click setup friendly and also requires setting up custom dnsmasq, services-start, services-event and firewall scripts.

If you are not comfortable with setting up scripting or have a solid understanding of how the current quest network runs, I'd stick to using the separate repeater idea listed above.

 

[John Tetreault]

I would not be worried about the Hue being on the regular network. I have mine integrated with my main devices, and controlled by Home Assistant. Philips is not doing anything nefarious to or on my network


If you want to segregate any device, whether the Hue or your set-top box, just set up some IPTABLES rules that restrict data flow between the ip addresses you define, or between the ethernet port (port 4 is eth3) and br0/br1/eth1/eth2 etc.

Its not a question of Philips doing anything nefarious to my network... Its the fact that these IoT devices typically don't see firmware upgrades, so may be vulnerable to security exploits that then can be used by nefarious people as a gateway into the rest of your network.

 

[RandomUser777]

Its not a question of Philips doing anything nefarious to my network... Its the fact that these IoT devices typically don't see firmware upgrades, so may be vulnerable to security exploits that then can be used by nefarious people as a gateway into the rest of your network.

Understood.

So, if you want to prevent that from happening, set up iptables rules that reject any connection from the Hue Controller to other devices on your LAN.