Help with IoT device not connecting to internet

I’m rather new to Unifi and more advanced networking and trying to learn. I recently bought a USG, 16 POE Switch Lite, and 3 Nano-HDs. I setup an IoT VLAN using the instructions here https://robpickering.com/ubiquiti-configure-micro-segmentation-for-iot-devices/. It seems to work fine and my devices are blocked from my main LAN but can access the internet.

The problem I’m having is with one device called the PowerView Hub which controls automation for my blinds. This hub is having troubles connecting to the internet. I can control it fine if I’m on the same network, but it’s giving me an error saying it can’t connect to the internet. Without that, I can’t remotely control the blinds when I’m not at home. It was working fine for about a week but then suddenly it stopped working and I don’t know what happened. I haven’t upgraded anything or made any changes to my network in that time. If I disable the firewall rule for the IoT vlan, it still doesn’t work. The only way it works is if I hardwire it directly into my regular LAN, so it’s seems that something about that wireless VLAN is suddenly causing it to not be able to connect to the internet. It’s entirely possible it’s the device itself got messed up somehow, but I wanted to see if there’s any way for me to figure out why this one device is saying it can’t connect to the internet. Any help would be appreciated. Thanks.

Now that’s a first world problem :face_with_hand_over_mouth:

If I were in your shoes I would set things up differently, I wouldn’t enable any remote access to home devices over the internet, instead I would use OpenVPN and dial-in.

If you can control your blinds when you are home then something is being blocked by your firewall. I’d guess a port is being blocked. Look through your logs and see what is happening.

Though if your devices only work if they have internet access then I would guess they are sending data home, not sure I would want that.

Thanks for the reply! Yes, first world problems indeed :).

Thanks for the suggestion about VPN’ing in. I think the problem with that is that this device is also having a really weird issue where even if I’m on the same wireless network, I have to be on the exact same access point or else I can’t access it. If my phone is on one AP and the hub is on another, it won’t recognize it. So I wonder if using VPN would work given this. This might be another symptom of a configuration problem, but none of my other devices seem to have this problem.

What logs do I look at in order to possibly debug what’s going on and why it won’t connect to the internet?

Actually was curious at your device, it looks like you don’t have many options within the app to control the networking as such.

Looks like everything needs to be on the same LAN or vlan, perhaps on your AP you are somehow not on your IoT SSiD.

I meant the log for your IoT device but I doubt you can easily access this, looking at your router logs will probably not yield anything.

I’m assuming your AP has multiple SSIDs, just an idea, set your APs to only use the IOT SSID and see if this works.

My guess is that this device is basic, all the devices it connects to needs to be on the same subnet for it to work, if not then it won’t connect to the hub.

Yeah the hub device doesn’t have a lot of options for configuration or getting information from that I can tell.

I have 2 networks: 1 for the LAN (192.168.1.x) and 1 for the IoT (192.168.20.x) with VLAN set to 20. Then I have 2 wireless networks created. The IoT wireless network is set to VLAN 20 and has a separate SSID from the main wireless network. I specifically join my phone to the IoT network to be able to configure it so they should be both on the same subnet. I can see the IP address of my phone and the hub are on the IoT network (192.168.20.x) so that seems to be ok. I just figured out that if I’m also not on the exact same access point that it doesn’t think I’m on the same network, even though I am. Very weird.

My guess is that because they are hiding networking options or rather not displaying them, there are defaults it uses.

Perhaps just try setting your Iot devices to work only on 192.168.1.x and see how that operates for a while.

You/re network config is probably ok but I’m skeptical on these IoT devices when you can’t get at 'em, they are aimed at consumers with limited knowledge of networking.

Did some more testing and it does seem this is related to it being on the VLAN. If I put it back on my vanilla wireless network with 192.168.1.x it seems to work fine. Even removing all the firewall rules on my VLAN doesn’t work. Maybe it doesn’t like being on a different IP other than 192.168.1.x? Even hardwiring to a port that is setup for the VLAN doesn’t work, so it’s definitely something about the VLAN itself.

I might be just out of luck with this thing which sucks because it’s the only way to automate control of the blinds. The really weird thing is that it was all working fine a week ago and suddenly stopped working…

Is there maybe a way to put this on my regular network but somehow limit its access?

Depending on your will to live … you could try to set up a second LAN on 192.168.2.x subnet, set up your IoT devices on that and inspect the results.

My suspicion is that the hub has been created so that it “works” without user competence :slight_smile: So it will default to the 192.168.1.x. subnet.

I say this because I was looking at ways of controlling my radiators but the control hub was so limited. The control hub isn’t actually needed as it’s just management software that could run in a vm but for home users that’s not a solution.

I’m running pfsense, just some ideas, I would use 192.168.1.x as my Blinds LAN, make sure all equipment is on my management vlan, other vlans setup as required. Then setup rules to isolate 192.168.1.x. so it basically becomes your IoT LAN/vlan. Not the best way but …

Thanks a bunch for the replies. So I got it working for now by creating a wireless network and applied guest policies to it. That allows it to get a get an IP on 192.168.1.x while isolating it. It’s driving my OCD crazy though to have another wireless network for just this one device, but at least it’s working. I’ll see if I can flip the IP ranges of my regular LAN and VLAN, but that’ll take some time as I have some devices with static IPs and the such. Anyway, maybe this will be useful to someone in the future who uses this device.

yeah ok I guess it’s working, though I particularly do not like those “guest” settings in the AP as usually have little control over what’s happening. If you setup OpenVPN might be tricky to access it.

I’d perhaps fire off an email to the company support asking if their solution supports other network addresses except 192.168.1.x.