Please provide the MAIN KEYWORD (ABSOLUTE), Main category, and Subcategory.

[Hannah64]

I’ve been trying to get my home network segmentation right for months now, and I keep hitting a wall with my IoT devices. My main goal is to isolate all the smart plugs, lights, and that one questionable off-brand camera from my primary devices like laptops and phones, but I want them to still be controllable from my phone on the main network. I set up a separate VLAN for them on my UniFi Dream Machine, which was straightforward enough, but the real headache has been with mDNS and discovery. I can get the devices online, but my phone just can’t see them to control them unless I hop onto the IoT network itself, which defeats the whole purpose. I’ve read about needing proper mDNS reflection or using an Avahi repeater, and I’ve tinkered with firewall rules to allow the necessary traffic, but it either breaks entirely or feels like a security risk I’m not comfortable with. The trade-off between airtight security and actual usability is frustrating. Has anyone else here finally cracked the code on a truly functional IoT VLAN setup that doesn’t sacrifice convenience? I’m worried my approach to network segmentation is creating more problems than it solves.

[Aria_R]

Here's what finally helped me: enable mDNS reflection (MDNS Repeater) on the UniFi Dream Machine for the IoT VLAN and restrict it to just the main LAN. Then create a single, explicit firewall rule from LAN to IoT (UDP 5353, and the specific ports your devices need). Test with one device first, then add more. Keeps isolation without killing discovery.