This and the prior beginners guide you published are really important. Every person using home networks should watch and study both of these videos. I will be coming back to these two videos until my network is as protected as I can make it. Thanks again.

This was exactly what I was looking for. I don't want to give Sonos and other companies access to the same network as my computers and phones. Thank you!

I soon have an exam about network security and such; this was a great resource! Thank you!

It seems you talk about things but not really how to do these things.

Thanks for the very informative video, this is definitely my next step in securing my network.

Thanks for the video. I will implement VLANS soon.

0:00 Intro, unsecure devices 0:49 Basics to smart home security (see the other video in the desc) 1:03 Advanced smart home security: trusted and untrusted segments 1:30 Basic home network vs Trusted:Untrusted 3:20 Example of subnetting trusted and untrusted VLANs (using different IP range classes) 4:03 Create a new untrusted network 4:42 The Firewall (ask yourself these next questions) 5:29 Which devices need internet access? 6:32 Which devices need specific access to another device, or a device in a different VLAN? 7:00 Any (definitely) untrusted devices that do not need to talk to some trusted devices? 7:31 Firewall Rules 9:00 Isolating untrusted devices from other untrusted devices using multiple VLANs with varying levels of "trust" 10:04 Zigbee vs WIFI devices (see the other video tagged in the outro) This video was very helpful to me just going over the basics of VLANing, and I never even considered using a different subnet class between trusted (private C range) and untrusted (private A and B ranges). And I have been VERY overthinking the firewall that sits "between" these devices and VLANs, but it really is just a list of rule that you fine tune with ordering and other features, depending on the FW ofc.

Usually most routers have something called “Guest network”. You can enable this and use it as an IoT network. Not only does this segment the devices on the network from your main devices, but it also applies device isolation so that they can’t communicate between each other. I even use the guest network feature on my unifi router just for the device isolation feature that is included with this type of network.

I'm starting to set up my new unifi network, and this video has been a great help, thank you.

Thanks voor de info. erg leuk filmpje. Ik wil pas begonnen met het vervangen van mijn bewegingssensors voor Smart producten. Ik had wel al 2 slimme tv's en een wasmachine, maar die heb ik zo lang mogelijk dom gehouden om de kat uit de boom te kijken. En inderdaad Het klopt allemaal wat je zegt. Het is zeer onaangenaam idee als de buren mee zitten te kijken terwijl ik naakt uit de douche stapt of met een partner ligt te cohabiteren. Maar na het instellen van alles kwam ik er pas achter dat ik er zonder internet echt niets aan heb. Ik gebruik al een aantal jaar alleen mijn mobiele internet. Dus ik sta nu in het donker mijn telefoon aan mijn Mikrotik router te koppelen om de verlichting aan te krijgen hahaha. Maar internet is onderweg en aangezien jij het al hebt opgebouwd hoop ik stiekem dat jij vast ergens een lijst van protocollen en poortnummers hebt gangbare domotica producten zodat ik die aan de uitsmijter kan geven Oftewel Firewall. Dan kan ik met mijn ouwe draytek router hier een apart netwerkje voor opzetten.

Thanks for the info and very nice explanation!!!

I haven't yet started to build my smart home, but I plan to do so in the near future as I want to move into a new house. Your channel is immensely supportive, as it makes some things look less daunting, as I have 0 experience with the smart home environment, but I have some basic programming skills. I'm also concerned about security, and even though Home Assistant is the more difficult route, as I understand, it's better to start on the correct path, and build my knowledge from there. So from what I understand from your video, if I install my HA on a raspberry pi 4, and add a zigbee sky connector to it, I must set it on the untrusted network on the VLAN, right? If I do it this way, can I then access the HA from my phone (which is on my trusted network)?

Love love this video!!

Great Video thank you..

Great video. Pls create a video with actual example with devices

Thank you so much for your Videos! Is there any video about your firewall rules? If not, have you planned one? Would be great!

If you have a Raspberry PI with a Home Assistant, I'd like to put it into the trusted network. But, can Home Assistant find later any new devices (using Bonjour eg. for HomeKit platform) automatically in both networks?

Would appletv be under trusted since you may display iPad videos on tv?

Great video, thank you! Just a clarification, if the router does not have enough ports to accommodate all wired devices, wouldn't a switch that supports VLAN's also be required?

Good video

i want to set up my home network, I need some help from you: I have a sonicfirewall TZ500, unifi security gateway and switch, how to wire them?

I use a Deco router from TPLink that has an IoT network as well as a network. I segmented all my wireless IoT devices to that network but my Hue bridge is wired so is on my main. There are no separate VLANs however. Is this still secure?

Learning a lot from your videos! Might be a silly question but if your smart devices are blocked from accessing the internet, does that mean you can't control/monitor them when away from home and not directly on the network? E.g. look at security cameras when away on holiday?

Thanks for the info..very good video... I to use Unifi equipment....my question is, what VLAN should Homeassitant be on? The untrusted network along with all of the IOT devices? I am guessing that the cameras should be on the untrusted network as well (or a totally separate network)? Thanks in advance...

Dont you also have to configure ports also?

Is there a particular advantage to VLANs over actually physically separate networks? Best plan i can figure atm wiith what i have is run HASS on proxmox so i can use one network interface for IoT and a separate one for internet. Either that or a separate machine for a firewall.

Which cameras do you use?

hello, is there any chance that you would be so kind to assist me with setting my network up? I had a few other questions. I do have a dream machine,

I have over 80 connected devices in my 'smart home''. Your one device at a time reconfiguring shouldn't take much more than a week's time to finish--but in the end, EVERY device needs to get through to the internet for firmware updates, and possibly much more. And every device needs to connect to my 'trusted' smart phones (many of which are just used as convenient remote controls or for quick internet access, with at least one per room) and computers. As such, I can't see how your suggestions would accomplish much in terms of added security for my setup.

where does a chromecast sit... it has to be on same network as phone to work

My LIFX light bulbs don't have full functionality without internet access. I cannot "favorite" lights without it. It's frustrating and stupid, but that's what it is. Also, I don't think I can control the bulbs through their app without internet access or if they're on a vlan. I can control them via Home Assistant, but the functionality is stunted, and the UI on the app, despite how bad it is, is way better than the UI on Home Assistant.

I like Omada by TP Link cause they're cheaper, provide about the same functionality and have more products

Seems my GT AX11000 router doesnt support vlan, that's a bummer... ;(

looks like you're allowing some IOT devices full access to your LAN, poking holes and allowing a path to your critical devices.

Seeing that most IP Cameras in the market today are of Chinese origin, and the great concern about pervasive Chinese spying, can we use the Chinese Cameras and prevent them from communicating with Chinese Servers?

Its just kind of "be aware of" kind of videos then?

Openwrt will make many routers be able to use VLANS, etc. There is no need to spend the crazy amounts ubiquiti charges. To people out there who can't afford or justify spending thousands on networking equipment for your home but want similar functions, there's some cheap TP-link switches that do VLANs and openwrt for your router. On the firewall side, either a cheap second-hand laptop for pfsense or a raspberry pi. There's also heaps of second-hand cisco equipment on eBay... In case you didn't know, cisco is the top dog in the networking world. Creators need to stop pushing these super expensive solutions.

although funny at the time, tiktok probably can do this as well like those old farts were saying 😂

Nice work, however the connections between devices and the firewall in your diagrams are too abstract and imply hard wired connections. Since most untrusted devices are wireless you should have illustrated it that way so noobs understand how the firewall is used to separate trusted network from the wireless untrusted network. You made an assumption that noobs know the difference between a router and firewall or that they can be one in the same.