Meraki

Community

What is the best practice for IOT device segmentation and isolation

EricWenger
Here to help
‎Aug 13 2019 10:03 AM
‎Aug 13 2019 10:03 AM

What is the best practice for IOT device segmentation and isolation

I have smart home devices that generally talk to a hub via protocols like zwave and zigbee. I have PCs and personal computing / storage devices that I don’t need to talk to the hub or the IOT devices.

 

So, should I put them into separate VLANs and write firewall rules that keep them segmented and isolated from each other?

 

My PCs don’t really need to talk to the IOT hub or the devices behind the hub.

 

But my iPhone (for example) does need to communicate both with the hub (to launch routines etc) and to a printer that is attached to the PC. 

 

What is the best practice?

0 Kudos
3 Replies 3
DillonofAnch17
Getting noticed
‎Aug 13 2019 12:18 PM
‎Aug 13 2019 12:18 PM

@EricWenger it truly depends on your uses cases you could segment your network to block off that traffic but I mean what are you solving for? If your use case is security-related i would ask the question of how are your devices connected? (Direct via Ethernet or WiFI) this will really help and decide how or if to segment your network. Personally, I have a separate network for my Sonos sound system and the controller that operates it but that is purely for ease of administration(use). 

 

I am always up for advanced tinkering and thoughts if you have any questions!

0 Kudos
In response to DillonofAnch17
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Aug 13 2019 3:52 PM
‎Aug 13 2019 3:52 PM

If its just your devices at home fo ease of use I would just have them on the same network, unless you are living with a bunch of hackers why make things more difficult. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
BrandonS
Kind of a big deal
‎Aug 13 2019 5:58 PM
‎Aug 13 2019 5:58 PM

It would be pretty hard do define overall best practices, but I have been thinking about doing this for my home network for security concerns.  With my ever growing collection of "smart" devices and speakers I am concerned with the attack vector that could allow access to my network through a compromised or backdoored smart switch/speaker/light/camera/lock/thermostat, etc.  The hard part is really figuring out what inter-VLAN access might be required or desired to operate.  Each device can have different requirement and might be difficult to work with when on a different VLAN than the one used for general internet access.  Good luck.

 

 

- Ex community all-star (⌐⊙_⊙)
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.