Posting this here in case it helps anyone.
This discusses how to diagnose a tricky failure mode when using your IOT / HomeKit devices on a separate WiFi VLAN for security.
I had the following setup:
- Balance One with two LANs: untagged and a guest VLAN
- Airport Extreme (configured to serve VLAN on 1003 using these instructions: Using Peplink Balance with Apple Airport Guest Network )
- Hue Bridge plugged into Balance One on VLAN via ethernet
- Apple TV 4K on the Guest WiFi
- Two WeMo smart plugs on the Guest WiFi
Recently, I retired the Airport Extreme and upgraded to three Peplink AC One Mini APs as discussed here: AP One AC Mini Channel Selection - #15 by soylentgreen
I really like the AP Ones, but after a couple of days, I noticed my HomeKit automation wasnât working properly. I have a simple automation which says "When motion detected in the kitchen, turn on the âHot Waterâ scene, and turn it off after 2 minutes. The âHot waterâ scene was simple: Turn ON WeMo outlet 1, set Hue light 1 to 50% red. This is for a circulating hot water pump, and the light turns on to confirm itâs working.
The pattern was bizarre: When programming scenes and automation via my iPad, I could test the scene and automation and it always worked fine. But when triggering the automation via the motion sensor, it would fail in two ways: First, the light would come on, but the outlet would not. Secondly, the light would sometimes kick to 100% white rather than 50% red.
After some serious diagnosis and testing, I finally figured out what happened.:
- Somewhere along the line, a Hue bridge firmware update reset my motion sensor, so it was directly controlling the light independently of homeKit automation. And it was only doing this when the ambient light level in the kitchen was low. This meant I could test it in the morning and it would fail, but in the afternoon it would work. Super confusing. The solution was to use the Hue app on my iPad, go to Settings/Accesssory Setup/Motion detector, scroll to the bottom and click âConfigure in Apple Home appâ. This turns off all Hue automation for the sensor and lets you program it solely through HomeKit. This fixed the mysterious âlight to 100% whiteâ behavior.
But HomeKit automation was still only partially working - it could turn on the Hue lights but not the WeMo outlet. I finally figured out what happened:
- When I upgraded to the AC One Minis, my guest WiFi network had Layer 2 Isolation ON. I didnât notice this because this setting is hidden! If you go to the Balance One / AP / Wireless SSID / (name of SSID). There is no checkbox for Layer 2 isolation. However if you click the â?â icon and âTo set SSID advanced settings, please check hereâ it will reveal Layer 2 isolation. Turning this Off fixed the problem.
How did this cause the failure?
- I was programming HomeKit using the Home app on my iPad, which was on the normal (non-guest) WiFi network, which has the ability to talk to the guest VLAN without restriction. So when I tested an automation, the command came from the iPad â untagged VLAN â guest VLAN â Hue bridge and WeMo and worked normally.
- However, under HomeKit, triggered automations are run from your HomeKit hub (in this case, my AppleTV.)
- But the AppleTV was on the Guest Wifi, and with Layer 2 isolation, it couldnât talk to the WeMo.
- Why could the AppleTV talk to the Hue bridge? Because the Hue was plugged in via ethernet, and the layer 2 isolation only applies to WiFi devices!
How did I diagnose this?
- I finally figured it out by using my laptop and switching between the two WiFi networks and Ethernet and pinging the various devices, which revelaed that on the Guest WiFi I couldnât ping any other devices on Guest Wifi.
I will follow up with another post giving some step-by-step setup instructions