Controlling Openhab from a different network in the same house

So recently I decided that to try to separate my smart home devices from my normal home network I could place them on the secondary (guest) Wifi network with my echo devices etc. According to the router documentation the Guest Wifi cannot access the main one.

I would like however to be running the OpenHab application on my tablet to control the OH network but the tablet is on the normal Wifi, my assumption is that it will always use myOpenhab through the cloud as the OH server is not on the same network, do I need to reconfigure my OH server when I move it to the new network.

(With me so far)

My second thought is that the OH server is usually Wired to my router and I can’t separate it from the rest of my wired network. I’d rather have it running wired than Wifi in case in future I have smart devices that are wired. (my house has CAT 6 in every room).

I do however has a smart Dell switch that has VLAN functionality but I cant for the life of me understand how to get the VLAN side of things working - not a IT guy. If I got this working I guess I’d need to use a separate WiFi hub so that it connects to the Wired VLAN.

I know this is not all OH discussion but I am sure someone out there has a similar set-up and can give me some hints on how to do this.

My IoT setup is Zwave, Wifi Cameras (motion eye), wifi controlled lamps, Alexas, etc

Sounds to me like most of your questions are basically how to setup and route traffic over VLANs. Not really an openHAB question. However, I will verify that I do have a setup like this working at my home.

My network devices (router, switch, APs) are on an untagged management VLAN 1. I then have an IOT VLAN 20 which I have added my openHAB server to (along with any device that I want to have limited contact to the rest of my network). I then have a Home VLAN 25 which all my iPhones, iPads, etc go on, and then a guest network VLAN 30 which is sanctioned much like the IOT VLAN, but is primarily for (you guessed it) Guests.

I have firewall rules setup that allows my Home VLAN to communicate to my IOT VLAN, but traffic from IOT to Home is dropped (except for the openHAB server).

I don’t have a Dell switch, but you are going to need to read and understand tagged vs untagged vlans. You’ll need to make sure you have devices that support tagged frames if you will be using tags (this is typically reserved for Access Points or if you are adding secondary NICs for VMs, etc). Most other equipment will need to be assigned an untagged VLAN.

I hope that helps some? You asked a really broad question that is going to require a multitude of sources to read and understand in order to implement.

1 Like

Thanks for your feedback.

I looged at a lot of VLAN Youtube videos and none mention Tagged vs untagged but the Dell switch allows me to change each port in a VLAN to a ‘U’ default, a ‘T’, or a ‘F’ or blank. The documentation doesnt explain the differences. Can’t change any port settings on the default VLAN they are all U.

Of course all the second part of my question was about using Wired connections which currently only the OH server uses.

The first part of the question was OH specific. If I use the OH app and I’m on home WiFi network, but the OH server is on the IoT Wifi network, does the OH App actually use remote connections since it isn’t on the same network as the server. I was hoping for a solution that didnt go to the cloud and back again.

Assuming you set your firewall rules to route the VLANs, then it will use the local connection. VLANs (by default) are segregated, but adding firewall rules will allow routing.

Just guessing (as I don’t have your switch), but I would assume “U” corresponds to untagged, “T” corresponds to tagged, and “F” may be a Trunk.

Maybe the above screen helps some? This is the membership for my VLAN 20 (openHab server is Untagged on port 20). My APs and router ports are Tagged for VLAN (so they can pass the tags on to devices down the line that may/may not understand tags; those would be able to receive untagged VLAN frames)

Basically if you are hardwiring a “dumb” device, you’d just set the VLAN for Untagged on the port for whatever VLAN you wanted the device itself to be a member of.

I know it’s a confusing topic and my screenshot and explanation may only further add to your confusion. I fully recommend reading as much documentation on your switch as possible (and other dell switches) and then maybe looking for similar topics on stack exchange or something. I’m sure people have explained it much better than I have.

You need a Wifi ap capable of supporting vlans.

I use Unifi to do this. All of it can be meshed together like the previous poster stated.

You will not be able to use a generic guest network provided by a WiFi router if it does not support a vlan and firewall rules.

Newbie alert.
I have pfsense and unifi APs. I have a single network(no vlan) for everything now. After learning that I should put all the IOT devices in a separate vlan, I created the vlan in both pfsense and in the network and wireless network for unifi.

I need help on how to bring those IOT devices into the IOT vlan, but yet allow openhab to see and interact with all of them as I do now(without vlan). IOT devices are mostly Amazon Echos and Tuya devices.

Easiest is to put openhab in your iot network.

The longer answer is you will need to research firewall rules that allow for the traffic to flow as you desire. Check out crosstalk solutions on youtube and lawrences systems. They both have some videos on this topic.

Will I be able to access openhab via VPN (like I do now) if I move it to the IOT network?
How do I move my existing wired annd wireless devices to the IOT network?
just move them via pfsense?

I have seen some of the Lawrence System and Crosstalk videos and they helped a lot in setting up pfsense and unifi. But they dont say how you move existing setups in your LAN to the IOT vlan network

Another video this one has firewall rules…