Have for a while had the idea of making a new vlan that is only intended for my IoT devices.
Of course it is easy enough to set up a new vlan, but how do you do if you still want to keep the opportunity for e.g. to be able to use the cast feature from Google Chromecast, or if you like me has some smart bulbs from Wiz?
Well if you are thinking, why on earth would you make a seperate network only for your IoT devices.
The thing is that many IoT devices is easy to hack, as the security has not been prioritized from the manufacturer of these IoT devices.
This is the reason why you want to make a VLAN only for your IoT devices, if a hacker is able to hack one of your IoT devices then he/she is not able to reach your normal lan where you has som critical devices like NAS etc.
As always with my guides, some knowledge of network design and IT understanding is generally required as these things are not described or reviewed in my guides.
If we split the guide into pieces, it will consist of the following things I will go through.
1: Creating and assign a Zone for IoT.
2: Add a virtual interface, and assign a VLAN to it.
3: Create and assign a DHCP/DNS for the previous created VLAN.
4: Create/change access rules for IoT.
5: Enable IP Helper, for our IoT VLAN. (used for google chromecast)
6: Assign IP Helper polices. (used for google chromecast)
Creating and assign a Zone for IoT
First we need to create a Zone for our IoT devices, if you are not sure what a Zone means in Sonicwall terminology then this link will help. http://help.sonicwall.com/help/sw/eng/published/1316739248_5.8.1/Network_netZones.html
1: Login to your Sonicwall, and go to. “Manage” -> “Network” -> “Zones”
Click on “Add”
Give the zone a telling name etc IoT devices
Security Type: Select “Trusted”
Zone IoT devices 2 is now created, and should look like this.
Add a virtual interface, and assign a VLAN to it.
Go to. “Manage” -> “Network” -> “Interfaces”
Click on the drop down menu, select “Virtual Interface”
Select the previous created Zone (IoT devices2) from the drop down menu.
Assign a VLAN tag, in this example I have used vlan 40.
IP Address, choose what suits your network. in this example I have used 10.47.10.1, Subnet is default.
Parent Interface, in this example I have used X2 you can choose what suites your network.
Web management is disabled, and this is fine as, we don´t want to have our IoT devices should be able to reach the Sonicwall management interface.
Click just “OK”
Create and assign a DHCP/DNS for the previous created VLAN
Go to. “Manage” -> “Network” -> “DHCP Server”
Click on “Add Dynamic”
Check the box “Interface Pre-Populate” and choose X2:V40 and then it automatically fill all information needed.
In comment, give it a telling name like IoT devices 2.
Click on the tab “DNS” you can either inherit or specify a DNS server you want to use.
Click on “Ok” when done.
After our DHCP Server is configured, it should look like this below.
Create/change access rules for IoT
Go to. “Manage” -> “Rules” -> “Access Rules”
Select from IoT devices2 to All
Here you will change the rules, so our IoT devices 2 only can access WAN.
When all rules are changed, it looks like this.
Please note that your setup may be different from mine, so you will need to change your settings to suit your own network.
Enable IP Helper, for our IoT VLAN
Go to. “Manage” -> “Network” -> “IP Helper”
Check the box “mDNS (Bonjour)” so it is enabled.
Jump down to Policies.
We need to set up two policies, like this
Click on “Add”
Protocol: mDNS (Bonjour/Apple)
From: Interface X0
To: X2:V40 Subnet
Click on “Add”
Protocol: mDNS (Bonjour/Apple)
From: Interface X2:V40 Subnet
To: X0 Subnet
Let us see if our equipment can pull an IP from the DHCP Server on VLAN40
And yes it could.
That is all 🙂
With 15+ years of professional experience in the IT field, Martin has the know-how to think outside of the box and see solutions. Strong data technician professional with a Datatekniker education focused in Computer Science, skilled in Windows Server, Exchange, Hyper-V, Mailstore server, Microsoft Azure, Networking, Office365, PowerShell, Radius, SMSPASSCODE, Sonicwall, Unifi, Veeam, VMware, Webroot.