I am setting up an IoT vlan (wired and wireless) for my IoT devices and am trying to just mentally think through how this works - I enjoy networking, but I am not good at it yet and these homelab type projects are part of the learning.
My current setup is I have a plex server running in subnet 192.168.1.x, I am setting up a secure vlan with 192.168.2.x. Seemingly the vlan is working, ubiquity AP is set up and when I use that wifi, I can’t ping from IoT to secure LAN subnets, and I can get out the WAN (theoretically pfsense is set up correctly!) but I am running into a mental hurdle… My plex box is a VM under ESXi, so I can add vlans to it and such as additional interfaces if I needed, and I have not gone and put all my IoT things on the new network yet, but the hurdle is would my nvidia Shield TV which will be on the IoT vlan be able to access content on the secure subnet. I assume no, so how do I go about this? I could add an interface in ESXi to my plex VM and put it on both the secure subnet and IoT subnet, but in my mind that defeats the purpose of this. Is there a way to only allow the port plex needs?
I guess I am just not sure how to proceed in a “smart and secure” way. I am not actually overly concerned about IoT devices, but I enjoy a project and this is the one I am currently tackling - and the learning along the way is a large part of it, thus why I want to do this “correctly”.
Thanks for the help!