I don’t generally like the idea of IoT (i.e. Internet of Shit) but I do have some Philips Hue lights at home. Since I isolate IoT devices to a separate semi-locked down VLAN, turning on and off lights was a bit of hassle, until I decided to address it in a sane way. On very high level, it’s basically getting the Bonjour discovery protocol working across VLANs, and a bit of inter-VLAN routing then.
This is network engineering 101 course so I will not outline it here. But generally speaking, making IoT network fully connected with other network segments are not good ideas, therefore I have a set of inbound and outbound rules applied to make it work. For Hue Bridge, it requires inbound
tcp/8080 and outbound DNS, NTP, HTTPS and SSDP protocol ports.
On Aruba controller, go to
Configuration > System > Profiles, then enable
AirGroup feature by creating a new AirGroup profile, create a new
AirGroup Service, add the following Service IDs into the profile:
And finally, register this service to the new
Once finished this step, go to
Configuration > Services > AirGroup, turn on AirGroup service and select the corresponding profile. Select
Distributed mode if the WLC is deployed without MM, or otherwise, use
Centralized mode. Disable this service on certain VLAN (e.g. Guest) as desired, and then you are good to go.
Once finished AirGroup setup, verify Inter User Bridging is enabled in Global firewall settings, and user isolation is not enabled in Virtual AP/SSID profiles.
Tune your IGMP snooping as well if you encounter random performance issues.