Smartthings Hub > Vlan > Dead

So I decided to separate my Smarthome network (I use Sonoff switches) from my regular LAN.
I have a Vlan setup with an Ip range of 10.0.3.x.
All the Soffs are now on the network, and I can get to them from my LAN 10.0.0.x.
However, my hub can no longer communicate with them.
Thinking it’s a VLAN issue, I tried to get the hub on a switch port (tested to work) which assigns an IP form 10.0.3.x.
I see the DHCP request come from the hub, and it is given an IP, but it keeps asking for one and never gets online acting like allergic to the network.
Any ideas?

What’s the netmask on those subnets? If those are really two different subnets, what routing have you got in place between those subnets?

I don’t know if the ST hub can communicate with other devices in private IP ranges that aren’t in the same subnet…

They are all setup on the same netmask.

    10.0.0.1	link#3	UHS	0	16384	lo0	
10.0.1.0/24	link#9	U	13755163	1500	nfe0_vlan100	
10.0.1.1	link#9	UHS	0	16384	lo0	
10.0.2.0/24	link#10	U	159	1500	nfe0_vlan200	
10.0.2.1	link#10	UHS	0	16384	lo0	
10.0.3.0/24	link#8	U	4305214	1500	nfe0_vlan300	
10.0.3.1	link#8	UHS	0	16384	lo0	
10.0.4.0/24	link#11	U	0	1500	nfe0_vlan400	
10.0.4.1	link#11	UHS	0	16384	lo0

If you put a PC / laptop on the 300 vlan / 10.0.3.0 network, have it request a dhcp address…can it get on the internet and talk to things on the 10.0.0.x? (think of a firewall permission for that network test, or dhcp gateway assignment maybe) (that may have been what you meant by tested-to-work, but I didn’t know for sure. :wink:

Indeed it does.
On the Cisco SG200, Port 3, setup as General 300TP.
when I plug in a PC, it gets the right IP, and can surf along just fine.
When the hub goes it, it never accepts the DHCP request.
Works fine on a regular port, however from there it can’t talk to the devices on the vlan (firewall wide open).

So that PC that can get on the Internet while on VLAN 3…it has no trouble pinging other devices on other Vlan’s right?
I’m curious, I have not needed to put a hub on a vlan yet, but now I want to experiment with it. :wink:

Correct. It can ping, web browse (to those with svcs like my cams) and everything else.

If you’ve got routing working between all subnets and dhcp responses come to other devices on all of them, and you have the default gateway’s set correctly in the DHCP scopes (sounds like you must) then I agree with @Benji, maybe the ST Hub doesn’t talk to more than it’s single configured RFC 1918 subnet, security thing perhaps.

But you say it’s getting a request just not working? That part confused me a bit. Did you do a wireshark on it? If the hub is receiving it’s assigned IP but not coming online to the cloud, then it could be something else entirely since you know the routing is working.

Try 192.160.x.0/24 subnets, maybe it doesn’t like 10. space?

10/8 space should be fine, mine is in a subnet there, I know there WAS originally a bug realated to the hub not liking 10 space or something but I thought it was fixed and I’m struggling to find the thread, I think @pstuart was discussing it.

Just to absolutely clarify because I’m not entirely sure from your responses, but can a device in the 10.0.0.0/24 subnet ping another device in the 10.0.3.0/24 subnet successfully and vice versa? (yes yes for you networking gurus, I know how ICMP works but Cisco uses inspection to dynamically allow the response back sometimes, thus it still may only work when initiated from one side).

Think the issue is multicast filtering and spanning across each subnet.

The issue with 10.x subs was one in how the DNI was converting to HEX, solved that years ago, and most DTHs have borrowed my fix, including smartthings on that. Plus DNI really should be MAC now anyway.

you will probably need to put in a multicast / ssdp relay on each sub for this config to work.

1 Like

I did the below on a Windows Machine plugged into Port 2 on the Switch, which is setup on thee wisthc as "GE2 General 300TP 300TP"
My primary Pfsense based router is 10.0.0.1.
10.0.3.80 is a Sonoff switch on the same Vlan.

C:\Users\tiny>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : home.local
IPv4 Address. . . . . . . . . . . : 10.0.3.220
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.3.1

C:\Users\tiny>ping 10.0.3.1

Pinging 10.0.3.1 with 32 bytes of data:
Reply from 10.0.3.1: bytes=32 time<1ms TTL=64
Reply from 10.0.3.1: bytes=32 time<1ms TTL=64

C:\Users\tiny>ping 10.0.0.1

Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time<1ms TTL=64

C:\Users\tiny>ping 10.0.3.80

Pinging 10.0.3.80 with 32 bytes of data:
Reply from 10.0.3.80: bytes=32 time=258ms TTL=128
Reply from 10.0.3.80: bytes=32 time=35ms TTL=128

I know this was an issue with SSDP which I believe is multicast, and I’m on 10. as well, but not routing subnets anymore for that exact reason.

But I don’t recall having issues with the hub functioning with the cloud or DHCP when I was routing.

Chromecast also has this issue with multicast which I discovered first, created an ACL to forward multicast between subnets and that worked but some devices still failed with SSDP to the hub. I just gave up and went back to a single subnet with acl’s to block certain devices from talking to anything but the hub.

@pstuart that could very well be however I am willing to openly admit I have no clue whatsoever how to do that. :slight_smile:

That just verified you can ping between subnets on the same VLAN right? Not two different VLANs.

And you’re just pinging the GW of the 10.0.0.0 subnet which doesn’t mean it’s routing to another vlan, or subnet necessarily.

If you don’t know how to do this, why are you even bothering with vlans?

Well would you look at that!
(.12 is alive)

C:\Users\tiny>ping 10.0.0.12

Pinging 10.0.0.12 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.0.0.12:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\tiny>ping 10.0.1.201

Pinging 10.0.1.201 with 32 bytes of data:
Reply from 10.0.1.201: bytes=32 time=8ms TTL=63
Reply from 10.0.1.201: bytes=32 time=12ms TTL=63

Ping statistics for 10.0.1.201:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 12ms, Average = 10ms
Control-C
^C
C:\Users\tiny>

@pstuart
Started with cheap Chinese cams and being concerned about their security. :slight_smile:
they don’t look at anything interesting, but I dont want them taking down the rest of the network.

Fair enough, what are you using to set up your vlans at a router level? You will need to enable IGMP relay and turn of multicast filtering or span filtering for sure.

I feel like a dumb@ss user now.
Does this help:
System pfSense
Version 2.3.2-RELEASE-p1 (i386)
built on Tue Sep 27 12:13:32 CDT 2016
FreeBSD 10.3-RELEASE-p9