So I definitely should have asked for advice BEFORE just plowing ahead but...

I'm wondering if anyone out there has some advice on setting up ISY (still running on it's own box) and Polisy when running a segmented network.  Here's my setup:

VLAN 1: Admin.  Has the ISY, all out devices (iphones laptops etc), and generally trusted devices.  It also has my Sonos devices.

VLAN 2: IOT.  This contains things like my MyQ garage doors, Kasa devices, etc.

My Polisy originally lived on VLAN 1. Recently, I was working with @Jimbo on getting my Kasa node server up and running--it was not able to discover devices on VLAN 2.  We confirmed this was due to the network segmenting issue by moving one of the KASA devices over to VLAN 1 and seeing get discovered.  Oddly, I have not had any issues using noderservers like MYQ where the MYQ openners sit on VLAN 2.

 

So, I decided to try moving the Polisy to VLAN2 and then adding a firewall rule allowing NEW / ESTABLISHED / RELATED connections specifically between the Polisy's IP and the ISYs IP.  The seemed to work--the devices can talk to each other.  Moreover, the KASA, node was able to add all the devices.  The nodes also appear in the ISY admin console.

The only problem is, nothing works lol.  When ever I attempt to execute a command on any noderserver in the ISY, I the below error.

A few quick other notes:  PGC nodes still work fine.  Also, My Sonos devices are on VLAN 1 because I read they are fickle and trying to put them on an IOT network is more trouble then it's worth.  Lastly, I did not move the ISY to VLAN 2 because I figured I stop and ask questions before potentially breaking more stuff... so maybe that's an answer. 

 

 

 

 

 

 

And I may have answered my own question.  I found in the noderserver configuration window that the old IP address of the Polisy is hardcoded there.  After updating to it's VLAN 2 IP, things are working!

 

I'd still love any advice on network segmenting with Polisy and ISY though.  

7 hours ago, bcdavis75 said:

Also, My Sonos devices are on VLAN 1 because I read they are fickle and trying to put them on an IOT network is more trouble then it's worth. 

I've dealt with this on a couple of WiFi mesh networks, and it's a PITA.  Two things can work to help solve this: 1) attach one Sonos speaker to your network with an ethernet cable, or if you can't do that, 2) buy a Sonos Boost.  Either solution has worked for me.

I just got my Polisy and notice that it has two additional ethernet ports. Would connecting one of those to an untagged VLAN IOT port on your switch let the ISY communicate on your IoT network without any fancy routing or Avahi/mDNS?

 

@brians, not automatically. We certainly had our not very positive experiences with Avahi and mDNS. Our goal is to use those ports as switched network ports so that you won't need extra switches.

With kind regards,
Michel