Selecting users for bulbs using firewall rules

Hi again -

So I went a little crazy and now have 24 bulbs happily running on the network. However, now the kids want their own bulbs (of course!)

I’m trying to figure out how to best set this up on the network since it doesn’t seem like I can do it within the app or anything. My thought was to add a SSID for the bulbs to my network and make a VLAN. Then I could use firewall rules to only allow adults access to all bulbs and then the kids to access their respective bulbs. Is it possible use dhcp relay/ip helper to get the discovery packet across to the normal LAN?

Thanks!

Okay so here is what I ended up doing:

All bulbs on their own ssid with vlan. Kids iPad are restricted to their own ranges of bulbs and parents can access the entire subnet. Vlan can talk to normal lan but all traffic besides the above is blocked to the vlan to provide access only to authorized users. The tough part was getting udp broadcast across the subnet but was able to do so with bcast-relay which I found on the ubnt forums.

well done. you did bring up a good point, the app needs to have controls in it to lock down the lights based upon an administrative setting, Log on as admin, set which lights are allowed to be controlled by this device and log off.

This would be a good idea. If the bulbs can call for the app’s logged in username even, then something like an ACL could be made.

Just a question – how did you go about setting up bcast-relay? And I assume it’s running on your router?

It is - yes. I am using a Ubnt Edgerouter Lite. There is a setup script for the bcast-relay here for ubnt. I believe bcast-relay is based on this UDP Broadcast Packet Relay project.

1 Like