Limiting internet connectivity to a single device.
Limiting internet connectivity to a single device.
Hello everyone, I'm facing a unique challenge with my new Phillip Hue bridge. I want it to control devices locally without using the internet, but it needs a Wi-Fi access point to function. I'm considering setting up a Layer 3 switch and placing both the AP and the bridge on a separate VLAN within the 192.168.xxx range. Since I can't use an ISP gateway or have a bypass router, I need an ACL to restrict communication between VLANs. My main concern is ensuring the devices I want to control can reach it while keeping everything secure. Any suggestions or insights would be invaluable. Thanks!
Thank you for your message. I appreciate you letting me know. I didn’t realize the hue bridge would need internet access at this point, and I was assuming it would work through a local network setup. I’m not sure how to verify that without adjusting the configuration first. I’m currently searching online but haven’t found a clear solution yet.
It seems Google Home relies heavily on the cloud for processing. For instance, connecting your LIFX bulbs requires linking to the LIFX cloud, yet scenes and bulb names don’t update automatically when you modify them in the app after connection. It appears you’d need to disconnect and reconnect to the service to get the latest names, which isn’t ideal.
If it works without linking to their Cloud APIs, I’d simply drop a pfSense box and block traffic from those devices trying to leave the LAN. You mentioned using the ISP’s router/gateway, but you can let your LAN devices rely on the pfSense as their main gateway, sending WAN traffic through it. This setup lets devices talk across LAN without extra VLANs and lets you manage who gets WAN access. You could also use ACLs, though I’m worried about communication between devices from a LAN side. You’d still handle LAN traffic with the ACL, just need to set it up so traffic only leaves the segmented VLAN when the destination is on your LAN.
Hi, thank you for your questions. When you mentioned "it will function," were you referring to Google Home Services or the Philips Hue? The Philips Hue will work, though I’m unsure if Google Home requires an internet connection to communicate with the bridge. Regarding the network setup, placing a Raspberry Pi with pfSense as a bridge between your home network and offline devices could help restrict access without forwarding the WAN, which might resolve the IPTV issue. As for the other question, I’m not sure if Google Home performed a handshake with the bridge or acted passively—whether it needs confirmation from the bridge isn’t clear to me.
I don’t understand the constraints of life, but the hue bridge functions without an internet connection. I’m not sure how it will work with Google Home. Maybe I can link my phone to the offline WiFi that the bridge is already using and try controlling it through Google Home on my device.
LIFX operates independently without needing the Internet via their own app, though accessing other devices requires connecting to a cloud API. I’m surprised Hue isn’t the same—I think LIFX adjusted this for security. Logitech Harmony did the same recently, aiming to stop unauthorized devices from taking over your IoT setup. Blocking devices from the Internet usually needs a router, which adds cost and limits how you can use it. This is the challenge with IoT: it relies on trusting online interactions. I’d prefer keeping my own devices under my own control rather than depending on the cloud.
You don’t have to set up your ISP gateway to link another router. A Wi-Fi device with DHCP control works well—like Asus routers. You’d get two networks: the main IPTV network (192.168.1.0/24) and a separate wireless one (192.168.0.0/24). Transfer all your wireless gadgets to the new 0.0/24 range. Set up DHCP on that router just for IoT devices without a gateway. No gateway means no internet.
The response points to the need for external connectivity through a service like Google. It highlights limitations when local access is restricted and emphasizes reliance on remote servers for functionality.