A smartphone with Google Home on vLAN20 can access the Google Mini and ChromeCast on vLAN40.
The same smartphone can connect via the Plex Android app to the Plex server on vLAN50 and list content, yet upon tapping play, the circle doesn’t stop turning whist the Plex eventually reports on screen (via the ChomeCast): “Sorry! Something went wrong”
Connecting the smartphone to vLAN40 and all is well, except that it circumvents the entire idea of segregating the IoT devices…
Herewith my current config:
The only aspect standing out here i.m.h.o is port 23 being marked “untagged” for vLAN50. This is specifically as to allow the Unifi AP’s management traffic to be tagged as the Unifi Controller is on vLAN50.
The following are all disabled:
- Auto-Denial-of-Service
- Green Ethernet
NTP is configured as to eliminate any form of timing issue.
On XCP the vLANs are created as understood from METHOD #1
The XCP intefaces (vLANs) is then assigned within PFsense. Interface HENETv6 is currently disabled as my ISP now supports IPv6 natively.
All services running on PFsense.
PFsense rules per vLAN.
Avahi setup as to allow Google Home on a smartphone (vLAN20) to reach the actual Google IoT devices on vLAN20
DHCPv4 is configured on each vLAN to provide that vLAN with it’s gateway and DNS, being the vLAN interface of PFsense.
DHCPv6 is not configured. RA (Router advertisement) is enabled, advising an IPv6 SLAAC interface of 2x IPv6 prefixes: i.e. fd10:: and a subnetwork of the ISP’s provided /56 prefix.
The Unifi Controller’s address is an IPv4 address within the Docker network of 172… I connect the AP to the controller via SSHing into the AP and executing the set-inform command.
NTP is configured on the Unifi Controller and the only other info configured being the association of vLANs 10, 20 and 40 each to a wLAN.
@kevdog, if you need any other information, please just say.