Homekit iot vlan reddit. I also have Nest cams, Nest guard, and Nest Protects.
Homekit iot vlan reddit Although I'd probably start with your mapping and if I have my Homekit devices set up on a VLAN. Mostly for the simplicity of streaming video/music from iPhones/iPads. I do know that a lot of IoT devices have trouble broadcasting across a DNS reflector, so you often can't set them up from within your main VLAN. My HA device is on my main LAN with my other devices (laptop, phone. HomeKit hubs on the main VLAN have no problem talking to the IoT VLAN as long as mDNS is being repeated across them. be/UGBobTInIBc. Example: Tp-link Kasa devices on IoT vlan using the Kasa andoid app on a phone not connected to that vlan (either cellular data or separate vlan). I would like to purchase something like the Unifi Dream Machine and utilize VLANs to separate my “main” network from my “IoT” network. Then this week I upgraded my network to Ubiquiti equipment (USG + US-8-60W + AP) and setup an IoT VLAN. I dared to "upgrade" my network and migrated over to the UDMP. Apparently it is good practice to move all the IoT to a separate VLAN and isolate that IoT VLAN using Access Control but I have a few questions: The vlan acts as a "template" meaning so long as the iot device is added to that vlan, you do not need to know if you have missed out on placing firewall rules for that new iot device you bought Being templated makes it easier to troubleshoot as you just found out that, for certain devices, it can cause mDNS issues that are hard to pin down I have my AppleTVs (homekit hub) on my home network, with devices on my IoT network. 1/24 - IoT 30 - 192. FWIW, I have several VLANs: One for trusted devices, one for guest devices, one for my server (with HA), and one for IoT-ish things. Left all the APs on existing firmware (4. It does, however, allow you to create a separate 2. Not sure if the latter made a difference in the pairing process, but I think it did. That IoT profile has all the firewall rules in place to prevent talking to other VLANs and all of that. Reply The IoT VLAN still has external internet access. https://youtu. Infrastructure doesn't have internet access, and can't initiate to primary. I recently setup my Home Network into 4 Interface VLAN (Main untagged 1, IOT, Cameras and Guest) and do not have any ACL rules yet. I have most of the HomeKit devices on my NoT Vlan, and the others on IoT (mainly home hubs and a Roborock vacuum which I’m trying to lock down). View community ranking In the Top 5% of largest communities on Reddit. I’m mainly HomeKit for IOT stuff. Installed Avahi in the unifi docker image. It’s currently all working well with automations/scenes within HomeKit. I have Avahi enabled between the two VLANs and the following firewall rules are in place: - allow main -> iot/internet (all ports / ip addresses) I've got three main VLANS - clients, services and IOT Home Assistant sits in the services network, my homepod sits in the clients network and my IOT lights are connected via wifi and sit in the IOT network By default, traffic between VLANS is blocked, but I have the following rules in place: Clients have access to the HASS VM The firewall rules u/AncientGeek00 mentioned are particularly tricky if you introduce other complexities in there such as Homebridge and which SSID/network your Homekit Hub (Apple TV 4K, iPad, Mac, etc) resides on. ly/HomeKitDiscord I managed to get it working, enable UPnP on both IOT VLAN and my main LAN. Verizon router sucks. Because of the way HomeKit "setup" process is all my Homekit is actually on my Main network, my Simplisafe Smart devices (camera's and hub) and Roku TVs are on the IoT for now I took a much simpler approach, i just put the AppleTV's on the same VLAN as my main users so it did not have to do a lot the steps below. I've set up the Primary Network (containing my computer and Phone, the Apple TV as Homekit base and multiple Homepod Minis), as well as a separate IOT Network (containing all I can only get my Amcrest cameras to work in HomeKit via Scrypted when on my main VLAN, even though the cameras themselves are on the IoT VLAN. E. r/Proxmox. . my Ecobee is one such device - however im still able to access it remotely via the eco bee app. I’m looking at securing my network a bit more. Get the Reddit app Scan this QR code to download the app now. The IoT VLAN is strictly to keep my personal devices (PCs, phones, servers, etc. Everything is on Here’s the TL;DR: I’m having challenges with my IoT subnetted devices working (being seen) by my Home Hubs (Apple TVs, Home Pods). 4) and used firewall rules to allow traffic between my devices and home hubs, but the IOT vlan/network is where all non-apple IOT devices are. Create an IOT wifi network associated with your VLAN-IOT Network. The “default” VLAN for a port is the VLAN tag added to untagged traffic on the port by the switch/router. etc). I deselected keep “Block LAN to WLAN Multicast and Broadcast Data” in the primary LAN and in the IoT LAN. Apple HomeKit, trouble with devices on IoT VLAN seeing Apple TV hub upvote But my Nest thermostat still doesn't work over matter, so that's just future proofing I guess, as everything else like Homekit, Cast devices etc. Create an IoT VLAN in Settings>Networks and create a firewall rule in Settings>Firewall & Security to block IoT access to your LAN. A reddit dedicated to the profession of Computer System Administration. VLAN 3 will be my IOT and VLAN 4 is for guests. 0/24 Then from your eero, create the different SSIDs corresponding to the firewalla vlans number. I have issue adding my Netatmo Presence (IoT VLAN) to Homekit (Secure VLAN). Setup: ISP modem in modem mode, 2 Eero Pro in mesh in bridge mode, Firewalla Gold in router mode and Pihole as DHCP server (but I am open for suggestion for another configuration) I have almost 70 IOT devices and using Homekit but will be switching slowly to Home assistant (on Unrelated because I know it’s an Amazon product, but the integration with my Blink cameras is great. I have a Avahi server running, which makes AirPlay work flawlessly. I have Apple TV IP in a firewall whitelist for the IoT VLAN. ADMIN MOD HomeKit/AppleTV on VLAN - iOS Remote . IOT vlan - allows connections into it (for remote control), and internet access by default. g. My home is running on a UDM pro and I have HomeKit for smart devices. You can even have your apple TV (or other home hub) in different vlan from homekit devices and as long as the firewall rules allow apple tv to reach the devices you are golden both locally and remote. I’d like to move this all into IoT or maybe it’s own VLAN (Nest VLAN) but don’t want to mess it up. Hello All, I recently was able to get a UDR and created 3 vlans. I use smartthings, and keep it on the isolated IoT VLAN. I can't speak for OP, but I do exactly this for security. I'm wondering what all devices I should put in this VLAN. homekit with Avahi reflection works really well for setup you describe. That wifi is 2. I generally trust Apple devices as Apple has a sane update and privacy policy. Then use Avahi to make things like chromecast work again. Im porting all my lot devices to a separate vlan. Try to keep the settings simple here because many IOT devices don't support some of these more advanced wifi features. 4ghz for my HomeKit stuff been working since. Theres a few different things going on, everything can be hacked, but it depends on who you use, if you're using homepods/ATV, Alexa, namebrand, its more likely that they patch holes/vulnerabilities than smaller companies/no name A lot of HomeKit hubs and accessories I would like to set up a Guest Vlan, a Main Lan with my Nas, Mac, TVs, iPads, iPhones, Apple TV and Homepods (These are the HomeKit Hubs) and an IOT HomeKit Vlan. All ubiquiti equipment. My Apple TV is in my main LAN. xxx) Wifi. Have a dedicated IoT SSID and VLan with band steering and Wifi AI on. The goal would be to allow the main VLAN the capabilities to reach the IoT VLAN but prevent the IoT from reaching the main. Generally when I buy a new IoT product, I just chuck my phone on the IoT VLAN/SSID for initial setup then hop back over. Second issue I had was a dumb mistake but I accidentally plugged an AP into a tagged port on switch so iot vlan wasn’t getting through. What OS should I choose for the router PC? comments. Has anyone found any settings that improves the speed of HomeKit when the Apple equipment and the IoT equipment are on different VLANs? I do have mDNS enabled as best as I can see how but every request for basics like on a light are “one sec”, “working on that” and often with secure requests like opening a lock “sorry, that was taking too long”. Homebridge and Hubitat on Home network as well. 179K subscribers in the HomeKit community. But I am planning to create following rules: Allow Home to IOT DENY all inter VLAN communication I have IOT devices (most of them Homekit compatible), homepod mini and Home Assistant on IOT network. The only time I put a tablet or cell phone in the "trusted" VLAN is if they need to print and I Guest vlan that allows no LAN access except pihole, and client isolation. I have a Synology router, with the ability to create dedicated VLAN's, about 2 dozen IoT devices, an Apple TV and 3 Home Pods. I ask because this is my current setup and ever since iOS16 many of my devices, sadly a lot of Meross devices won't stay connected in HomeKit for more than a day. This way the device kan auto-update and what not but can never go to my LAN. However, now I am dealing with a separate issue specific to my HomePods. A separate VLAN the best unless you have multiple physically separated networks at home (if that's how your home is set up, more props to you). Originally I had my home hubs on my IoT network. Have been running multiple VLANs since day 1 with a USG3, US-16 switch, and 3 APs (Pro, LR, and Lite). Unfortunately I can’t make apple HomeKit work now. was already working even across VLANs before I added the device to the WiFi IoT VLAN My primary goal is to upgrade to a system that will allow for 2-3 access points for greater coverage throughout my home and VLAN support so I can separate my IoT devices out. Primary can do whatever. my settings are: MDNS reflector: on upnp: off snmp: off In pfSense I have all my IOT devices on a separate IOT-VLAN and then block all access to my LAN. Any idea how to get Homebridge devices to work in HomeKit Biggest issue I ever faced with homekit was making sure 5ghz is OFF on my iot SSID. to reach out from main network to IoT was "After Predefined" so that fixed my issue of getting to my Roku TVs on the IoT. 0/24 and may be GUEST vlan 30 network 172. ly/HomeKitDiscord Members Online • yensid87. Up until now, I haven’t had an issue with Airplay because I trusted my Apple devices on my LAN since they receive regular updates. My Caseta Home Bridge is wired into a port on my switch I tagged with my IoT VLAN profile. My home network has a few VLANs already but currently the IoT are still on the main VLAN with the general network devices. The IoT VLAN is set as a Guest type. This is known as a stateful firewall, where it’s aware of the connection state and allows/denies appropriately. Hello, I thought I would ask here but are there any recommendations AGAINST using VLAN's and separating the 2. Since most IoT devices use an external server, all communication goes through the internet connection anyway and doesn't need a direct connection. This is a place to discuss all things Ubiquiti, especially UniFi. Sorry if it seems redundant because I have posted not even a day ago, but now I want specifics. Some of those devices I do not trust, like my Chinese amazon smart switches, Eufy cams which were already found to publish unsecured video streams, printer, etc. Truely dumb IoT devices i leave on my IoT VLAN. Good thing about HomeKit is that HomeKit devices do need to work locally without internet and that they can be reached through HomeKit hubs (Apple TV/HomePods) from outside your house. For me, nearly anything that auto updates goes in IOT, while cell phones and tablets don't necessarily auto update, they go in the IOT VLAN as well. HomeKit devices not responding across VLANs. 3. I'll be making a few more posts The Homebridge is running on a Raspberry Pi 4B connected by ethernet to the UDMP and the port on the UDMP is configured for the IOT VLAN. I'll add to it be more concise/clear hopefully, but you can also google it yourself, Homekit Iot VLAN segmentation. IoT VLAN Firewall Rules r/Proxmox. I first tried a VLAN setup with two SSIDs for main/IoT (2. HomeKit VLAN . Get the Reddit app Scan this QR code to download the app now to get mDNS to work successful on the UDM Pro simply by editing a firewall rule to allow ESTABLISHED and RELATED from the IoT VLAN to the main network. I recently got a Ubiquiti UDM Pro SE and I reconfigured my home network so that my IOT network is on a different vlan/subnet to my main home network. This subreddit has gone Restricted and reference-only as part of a mass protest against Reddit's recent API changes, which break third-party I also have a IoT VLAN with isolation for everything else. After watching TheHookUp and CrossTalkSolutions, I have a pretty decent ruleset. 1 home vlan, 1 server vlan, and 1 IoT vlan. You can also determine the other VLANs allowed on the port. There is no restriction I also have a IoT VLAN with isolation for everything else. 12 level for the network management. Any idea how to get Homebridge devices to work in HomeKit View community ranking In the Top 10% of largest communities on Reddit. Make sure to find mDNS option Hi everyone, I need some help configuring my UniFi network to allow AirPlay and HomeKit to work seamlessly between devices on two separate VLANs. 20 - 192. so although it looked like I was controlling the HomeKit devices on my IoT VLAN I've got a Firewalla Gold, Homekit devices, and Asus mesh access points. When I join my IoT network on my phone and access the home app, the devices respond. However, I am having issues with HomeKit devices. Question/Help Hello all! I’ve got all my IoT stuff segmented onto a separate VLAN, and that’s all working fine, however, my main device is on a different/regular Posted by u/ionet - 1 vote and 5 comments View community ranking In the Top 1% of largest communities on Reddit. 4 GHz to put all my light switches and other HomeKit toys on. The initial Matter setup of a device seems to only need IPv4 so the Home Assistant bridge isn't used, as far as I can tell. However, I recently bought a Sony X900h TV. I want to upgrade the light switches, get some LED lamps, and eventually I do want a HomeKit enabled security system. Hi all, I would like to set up a separate IoT VLaN for my Unifi setup. I added my Lutron hub and August Smart lock to the IoT SSID/Vlan but when I try to unlock or turn on the lights via the HomeKit app, it either takes forever to get connectivity or I get “no response” in the app. The Homebridge is running on a Raspberry Pi 4B connected by ethernet to the UDMP and the port on the UDMP is configured for the IOT VLAN. Thanks so much for all the help and support. Continuing on my OPNsense journey, I’ve completed setting up my VLANs in OPNsense and Omada and can successfully join wifi networks with tagged VLANs. All home hubs on the trusted VLAN, IoT devices on the IoT VLAN. ) safe from a potential security breach caused by my IoT devices by preventing traffic from going between the two networks. primary LAN is a Corporate type. NIOT and IOT can't initiate comms to other networks. I have a separate VLAN for IoT devices. The Pi has static IP, GW and DNS in the IOT VLAN The Pi can ping all devices so it can clearly communicate. Setup HomePod on the IOT SSID and then move my iPhone back to main SSID and keep the settings for the IOT SSID but turn off auto connect on the iPhone. What are the settings and the firewall rules that I have to set up : to have all working seamlessly together. I use Sonos and read about issues with connecting to them over the IoT VLAN from the main LAN. With that said each VLAN has a separate SSID and subnet. Background I’ve created a VLAN (wireless) that is limited to 2. It can even ping the iPhone IP on the LAN. What I'm finding is that many of my IOT devices will intermittently go "no response" in Homekit and then occasionally show up again. It runs Android TV, but also has HomeKit and Airplay. I have a HomePod and iPhone on my main VLAN and my IOT (homekit controlled) devices on my iot VLAN. Avahi/mdns is configure to broadcast across subnets. I also have a Specifically you can't really put a printer on that IoT vlan unless you then use a web-based print service (hp cloud, etc). etc, live, so that the HomeKit integration works. Firewall blocks all IoT vlan traffic from hitting the WAN, and allows all traffic to my AppleTV, Hubitat, and Homebridge static ip addresses. I want to be able to place all my IOT devices including the HomeKIT Apple TV hub in the IOT interface VLAN and be able to run the Home App on my devices in the main VLAN 1. Oddly, I have a handful of Homebridge devices (same subnet - IoT) that do work. After I was finally able to get mDNS working properly on my UDM Pro, I am able to control all the clients on my IoT VLAN through my Home VLAN. I’m using the Starling Home Hub to pull it all into HomeKit. I’m running OPNsense in a VM on ESXi and Homebridge in a Docker container in a VM on ESXi. 168. 20. None of my devices would work without it. I enabled IGMP v3 Snooping in both. - guest is VLAN 20, guest wifi - IoT is VLAN 30, IoT wifi - NoT is VLAN 40, NoT wifi - kids is VLAN 50, kids wifi (This is all provisional, open to suggestions if people have them. I have an IoT, guest and internal vlans, in the event IoT devices are vulnerable, they won’t affect my PCs. Deny IoT network all access to the primary network. The usual Homekit devices should work no issue if you follow the basic instructions (e. I have a working home network that has a mixture of laptops, IOT, Eero wireless (bridge mode), and a working Opnsense firewall. Then back in UniFi turn on Mac filtering on the main SSID to block the MAC address for the HomePod. My first guess is to put all IoT devices into a dedicated VLAN. Other IoT stuff I had then became very sluggish to respond. Since most IoT devices use an external server, all communication goes through the internet connection anyway and doesn't need a How to set up Apple HomeKit and Hue Bridge with various IOT devices on an isolated Guest VLAN / Guest WiFi. I also have Nest cams, Nest guard, and Nest Protects. ly/HomeKitDiscord. I don't seem to be able to do this right now. Homekit can't access the devices from main vlan. Get the Reddit app Scan this QR code to download the app now The IOT vlan on the other hand does not allow any new connections outside of the IOT vlan. 11 G. Optionally Deny IoT network all access to the internet Depending on what devices you have in the IoT network and whether they’re HomeKit compatible or not, the third firewall rule may not be ideal in which case you can fine tune your rules per your needs. I did have to punch a hole with the VLAN/firewall rules to allow other devies on other VLANs can talk to my HomePods for Airplay without switching WiFi networks. an IOT vlan that does not allow any of the devices to talk You can pass all those VLANs on the wire connecting to your WAPs. 1. . I also used the Hue app itself to pair the bridge, via the "HomeKit & Siri" option in the settings, as opposed to adding it via the HomeKit app. Join us on discord: bit. VLANs themselves don’t really do too much to protect anything, it’s the firewall rules behind them. 4 only and helped a ton. Trusted computers Allow: traffic to IoT vlan Assuming you have rules similar, it should be working. A lot of HomeKit IOT devices are not necessarily secure nor frequently updated. I don't seem to be able to do this right Private in protest to Reddit’s handling of API rules. I have a UDM-SE with multiple APs and cameras. Apple TVs function as home hubs on my client VLAN (shared with iPhones) and the HomeKit devices are on the IOT VLAN. Can't speak to other things though. enable mDNS etc. 8. I’ve grouped IOT devices in a group that has Hi. Ofcourse, this is where my problem began and I have to assume this is where my problem lies within. 13), but the UDM-P is up at the 6. Huge L on my part. I just set up my first Circle View Cam on the IOT subnet, and although it works mostly: I get notifications, can configure the camera, and sometimes I'm tearing my hair out at this one. my trusted VLAN can access everything. Ensure mDNS repeating across VLANs is enabled and firewall rules set to allow HomeKit traffic between IoT and trusted VLANs. I'm finding this limiting though; i have some TPLink Kasa devices that I can't manage off this VLAN and I don't know why. mDNS repeater working fine on the USG. I plan to put all my direct to internet services (amazon/google stuff, TV streaming on VLAN 1. My current set up is a simple one SSID with everything connected to it one way or another (wifi & 8-port unmanaged switch). I was unable to find HomeKit enabled cameras that met my criteria and just gave up and got the Blink cameras. FWIW I have Apple devices in my same VLAN and non-Apple IoT on a different VLAN. 4Ghz and 5Ghz networks separate for HomeKit?. I've got my Firewalla set up with the default settings at the moment, and am looking to get my network more secure. Although Apple HomeKit has high standards for security, My question is this- I am attempting to create a smart house using HomeKit (Apple TV is my hub). "Private" vlan which will eventually be used for PCs. I was able to get the VLAN working, and the devices on that network are pulling a DHCP address specific to the VLAN. Ended up making a separate ssid and limited it to the 2. Move all the smart devices to IOT vlan. You'll especially notice this helps when you need your iPhone to setup a device, put it on the legacy network, join your HomeKit device, then forget the network on your iPhone. A majority of my IoT devices are HomeKit and the ones that aren't are running through Homebridge on a server I have. Also be aware that if your Hub is indeed connected via WiFi, Apple's iCloud services love to move the hub off the IoT SSID and onto whatever your Get the Reddit app Scan this QR code to download the app now. You’ll really just need the mDNS responder to forward mDNS multicasts between the two subnets and you can use an app like this (below) to look at those mDNS multicasts to see what ports the HomeKit services advertise and build Looking for advice on the best way to restrict HomePods to a specific VLAN. I am having issues with connecting to HomeKit devices on a different VLAN. I used UniFi dream machine pro with poe switches and APs. 0/24 and HOME vlan 20 network 192. Next what you want to do is, create multiple vlans network such as IOT vlan 10 network 192. My firewall rules for my IoT VLAN are in the following order: Allow established and related traffic I have a mostly-homekit IOT setup, with multiple vlan/subnets. 30. I would like to set up a Guest Vlan, a Main Lan with my Nas, Mac, TVs, iPads, iPhones, Apple TV and Homepods (These are the HomeKit Hubs) and an IOT HomeKit Vlan. But I still see all the devices on the VLAN so client isolation is not working. ) I am a HomeKit user, I have a HomePod mini as the main controller, some wifi smart thermostats, and a I recently setup my Home Network into 4 Interface VLANs (Main untagged 1, IoT, Cameras and Guest) and do not have any ACL rules yet. This subreddit has gone Restricted and reference-only as part of a mass protest against Reddit's recent API changes, which break third-party apps and moderation tools. Edit: Figured it out! Two things: I needed to allow the Bonjour/mDNS port, 5353 UDP, in my IOT_LOCAL firewall rule. Or check it out in the app stores (5353) open to the IoT VLAN Turned on Data Rates and Beacon Controls (these have seemed to cause some issues with other IoT devices - not entirely sure yet if it helps or hurts) IoT devices across VLANs with HomeKit I’m considering creating a VLAN for my smart IoT devices for extra security, but although I’m tech savvy I’m a networking rookie so have a few questions. All works as expected. Or check it out in the app stores ESPHome, homekit, etc. I'm currently working on a UniFi IoT VLAN setup guide, and previously made this post showing my current UniFi firewall rules. Instead of managing VLANs, you can also use a HomeKit compatible router like Eero or So I recently worked through this, after reading a bunch of docs, and thought I'd share my approach to VLANS and firewall rules for IOT devices. ) this thread should answer a lot of q's This. I added a few Apple TVs and a few HomePods to my IoT VLAN. I am going to put all my computers (desktop/laptop/ipads) on VLAN 2 going through a VPN and pihole using a NUC 7i5 or 8i5) and "router on a stick" (vlan 2 in, vlan 2 out). Traffic from my LAN to IOT-VLAN is permitted. I added this TV to my IoT VLAN by assigning it to the IoT switch port profile on my switch. however I managed to add some Nuki door lock (also from IoT VLAN). 9. r/Ubiquiti. For now I have control through Homebridge. From a security perspective, keep in mind that a VLAN is just an ID added to the Ethernet frame. I currently use HomeKit with HomeBridge (to integrate non HomeKit gear) running on a Synology that mostly worked fine before but sporadically would have issues. Members Online. Lawrence systems on YouTube has a great video about pfSense and iot . I tried disabling Multicast-to-Unicast Conversion on my SSIDs, as a comment on another post suggested, but no dice. 4ghz network which some IoT devices are pretty picky aboutI have some 5ghz devices (cameras/doorbell) though. My Basic IoT VLAN Setup | My current IoT VLAN Firewall Rules | Chromecast-Specific Settings | Sonos-Specific Settings | Apple TV / AirPlay-Specific Settings | Roku-Specific Settings | HP Printer-Specific Settings. I know that ideally, I would segment the IOT devices in their own VLAN, but my Asus APs do not support VLAN and I'm not looking to upgrade them at the moment. Homebridge + IoT VLAN. NO ACL rules are created yet. They also won't show up when not on WiFi. But I like to have Homekit have direct control. Unfortunately, I don't understand why you want to separate your active HomeKit hub via VLan from your smart devices by placing them on a different network. 1/24 - Guest I have setup their corresponding wireless network as well. I'm setting up a Synology router that allows me to create multiple VLANs and SSIDs. Things like shitty printers, anything by Wemo, anything that's slow or 802. My guest VLAN can go out to the internet and that’s it. I don't use homekit, so don't know how it exactly plays with other devices. I have 2 HomePod Mini’s that are my HomeKit hubs. ) for the destination any idea of what I'm missing ? (Gateway Dream Machine SE) Private in protest to Reddit’s handling of API rules. I have unifi gear with two vlans (one for main network and one IoT) which was working fine, and then I updated all of my homepod minis last night, and now devices on my IoT network are not responding in Homekit. Today, I separated my IOT devices on a separate wireless network and VLAN. Is there an up to date guide I can read to properly set this up? I found this from 3 years ago. Yes* *you need to configure a separate VLAN for that SSID with appropriate firewall rules to isolate it from your main network, you need to configure an mDNS reflector to bridge the IoT VLAN and your main network, and you'll need to connect your iDevices to the IoT network to get full control over the system. VLANs. Now, if I do this, then You can have your AppleTV/Homepods on the main VLAN and all your smart home devices on the IoT VLAN as long as you enable mDNS and allow traffic on the IoT Keep all the Apple devices (Mac, iPhone, Homepods, Apple TV) on Admin/Secured vlan. Assuming management VLAN To sum up the settings I've implemented: The only thing that's made it work consistently is removing the firewall rule "Deny New Traffic From IoT to Private LAN". Set phone to the IoT WiFi SSID (assuming there is an SSID matching the IoT VLAN) I've been with the Apple HomeKit ecosystem for at least 3 years now with zero issues at all. For the VLAN-Protect, set Option 43 host address to your UNVR or Protect Host IP (which should be on your management VLAN at 192. I have mDNS enable, and I allow homekit port ( 51826, 51827, 5353) to all IP (and afterward I limited to the secure VLAN. As part of the multi-part guide I'm working on to help novice users set up a separate IoT VLAN on their UniFi network, I've created a "Basic" setup that does the following: From what I understand it’s not a true separate vlan network, which would isolate potential attacks to that network only. Private in protest to Reddit’s handling of API rules. 0/24 and a PIHOLE vlan 40 network 10. For immediate help and I have a dedicated IoT VLAN but I do not limit it's internet access. I'm looking for any advice, or instructions a HomeKit pro could give in this effort. Having Apple TV in IoT VLAN talk to Sonos speakers in main LAN I haven’t had problems with HomeKit devices on IoT VLAN talking to HomeKit hubs on Home VLAN. rbeg tvg qxezugmh vihr axji aqflwd zitu tirwo hrnwm yyux