Fine members of this sub, I shall ask for your input as I can't seem to find decent info elsewhere.
I have a home network comprised of Ubiquiti switches and APs but *no* USG. I use another Linux based router that handles all the routing including to the WAN. That one also handles the VLAN setup, of course in combination with the Unifi gear (i.e. trunk ports, VLANs assigned to the SSIDs, etc.). Works like a charm. Well, almost...
With all this I have a VLAN 30 that is the pool for my IoT devices that are assigned dedicated IPs per client to the 10.1.30.0/24 (V)LAN. So, for instance, one of my Echo Dots has the 10.1.30.120. As the Dots are connected via WiFi I have made sure that a) this SSID is not set up as a guest network (and gets passed the VLAN ID) and b) does indeed have internet access. A client on that VLAN can ping its gateway (10.1.30.250) which is also the DHCP-server (on the main LAN, 192.168.1.250) and passes DNS requests on to a pihole on the main LAN (192.168.1.50). All this works, since I also have firewall rules on the .250 router that ensures access of the VLAN to the .250 router as well as to the pihole.
Connecting e.g. a smartphone to that IoT-WLAN allows full internet access using domains as well as pinging 10.1.30.250 and 192.168.1.50 and 192.168.1.250. But no other devices on the 192.168.x net. And no other devices in 10.1.30.x. The latter I find a bit odd but it *should* not play a role here.
With the smartphone on said SSID a speedtest shows pretty much full speed.
The Dots on the main 192.168.1-LAN work totally fine (= they are properly set up and yes, the WAN is working just fine as is the overall network).
Yet, having them on the above VLAN makes them act up: they react to their wake word, showing the blue ring, awaiting input. But when I give a command they keep working the blue magic and eventually (after some 10-15 seconds or so) give up, saying that they lost internet connectivity.
As a matter of fact, my router's interface does more often than not show those Dots as being "offline". Yet they obviously are not as they do react. As we all know a Dot that is entirely offline will immediately show the red ring and happily inform half the town that it's offline... Mine start off with a blue dot. That != offline.
I am at a loss what the issue could be. Of course I have 2 things that could cause issues:
1) them being on a VLAN, and
2) the pihole
Again, when the dots are *not* in the VLAN but in the main LAN (which also goes via the pihole!) everything is just fine and works as expected. This tells me that the pihole and its blacklists is not the problem. And since a smartphone in the VLAN 30 can access the internet just fine, the VLAN itself is also not - per se - the problem.
In general, the firewall rules for my main LAN and the VLAN are pretty much the same. There is no additional blocking happening on the VLANs. Therefore I have no idea why this isn't working. Maybe some broadcast problem but: why and what?
Any pointers much appreciated!
No comments:
Post a Comment